SGGPO
Not only is this virus difficult to remove, it also has a mechanism to spread via USB by hiding data in the USB, replacing it with shortcuts that fake the data.
On September 19, Bkav announced that a type of virus that takes advantage of the standard svchost.exe process on computers to penetrate deeply into the system and “regenerate” is showing signs of increasing in Vietnam. Bkav’s malware monitoring and warning system recorded nearly 96,000 computers infected with this virus in August alone.
According to Bkav, even if users detect and delete malicious files manually, this virus can still "regenerate" by taking advantage of the svchost.exe process in the system. Not only taking advantage of svchost.exe, this virus also searches for default software that comes with Windows versions such as OneDrive or Notepad, to perform similar actions. This makes it difficult to handle or completely remove them.
 |
This virus can still "regenerate" by exploiting the svchost.exe process in the system. |
More dangerously, not only is it difficult to remove, this virus also has a mechanism to spread via USB by hiding the data in the USB, replacing it with fake data shortcuts. These shortcuts contain commands to call the virus hidden in the USB. If the user opens these fake shortcuts, the virus will be executed. Finally, after penetrating and existing on the victim's computer, the virus disables the built-in protection measures of Windows and waits for the opportunity to download other malicious files, in order to steal the user's information and send the data to the attacker's server.
To avoid being attacked by this malware, Bkav experts recommend being more vigilant when using peripheral devices to copy data between computers. Businesses and organizations can set up a policy of not using USB in their businesses and organizations, if necessary. Always enable hidden file display mode and check shortcuts in USB before clicking.
The USB shortcut impersonation is also used by many other viruses. At the same time, use and regularly update copyrighted network security solutions and software to protect your computer and system from threats that are difficult to detect or require complex processing to completely remove the virus.
Source
Comment (0)