|
A new virus is noticed which downloads/requests other files from Internet. Modifies some system settings that may have negative impact on overall system security state. Creates a startup registry entry.C ontains characteristics of an identified security risk called Sohanad Worm which "spreads via Yahoo Messenger and infects Windows. It sends a message to all Yahoo Messenger contacts of an infected user. The message contains a link enticing users to download the worm. The worm also disable certain Windows functionalities abd hijacks Internet Explorer homepage. It also downloads other maware and it will also attempt to propagate via the means of creating copies of itself onto removable devices such as USB flash and hard drives."
The visible indication of this infection is that, it changes your browser's default homepage , and search page to "http://h1.ripway.com/poojasharma/index.html"
So you should be aware of the infection if you find that your homepage directs you this link.
The trickiest part is that the chrome.exe is the name of the legitimate file of Google Chrome,which normally resides in the %AppData% folder. In the windows Taskmanager you won't be able to differntiate between the real Chrome.exe and the fake one. For that i suggest a freeware called Anvir Taskmanager which helps you to identify the location of the process on the hard disk. Here are the changes that are found on an infected machine
- Task Manager and Registry editor, Folder Options are disabled
Creates a file under %Windir%
Chrome.exe Creates these files in %System%
Chrome.exe, autorun.ini
processes in the task manager
Chrome.exe
You can see the ThreatExpert Report on this link.
(Reprinted with permission from ThreatExpert)
|
