Careful, smart Trojan Infeksi File in Windows
Careful, smart Trojan Infeksi File in Windows
According to perception from security company McAfee Labs has found malware that can meng-copy it-self in a file help in Windows to make infection of victim computer. Trojan are referred [as] named Muster.e by provider antivirus McAfee, where Trojan are referred [as] can infect a file Windows that called imepaden.hlp that become one of file help for Microsoft IME. File imepaden.hlp undertakes as [the] malware main component depositor in form terenkripsi. Nevertheless, file help that has been infected referred [as] admit of seen with browser WinHelp, the same as with file help that genuiness, and user quite difficult find infection that already happened from see file is referred [as]. When malware that terinstal vanished, then secret payload in it or so-called sys file will didekripsi into a file executable called upgraderUI.exe with registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVe rsion\Run AutoPatch, and will run installation file that automatically run a service Windows.
Muster is family from backdoor that has used file help to hide out it. File help or .hlp is data file that designed to be able to seen with Microsoft browser WinHelp to provide aid online for application that used [by] user. File .hlp is referred [as] didekripsi with Microsoft CryptAPI by difficult key and executed by file loader. “All actions its happen in hided. File help Windows tesebut quite clever to deceive user. Usually this Trojan will be easier work in client computer.” express Craig Schmugar, threat observer McAfee Labs.
One of scenario from technique malware this is the victim not realizes existence of UpgraderUI.exe bizzare file and registry-nya, and later, user will vanish file and registry is referred [as]. They will think have vanished backdoor are referred [as] successfully. Even, when file file will and registry in common will return next and next at any given reboot computer, then user remain not to can know compromising file other. User will never knows that sys file has been infected, following also file imepaden.hlp.
Meanwhile on one's part McAfee, has conducted update with McAfee VirusScan DATs 5861 or newer, that can detect and clean file infection help and file this backdoor.
