Bkav’s malware monitoring and warning system recorded that in August alone, nearly 96,000 computers were infected with this virus.
According to Bkav experts, even if the user detects and deletes the malicious file manually, this virus can still “regenerate” by taking advantage of the svchost.exe process in the system. Not only does this virus take advantage of svchost.exe, it also searches for default software that comes with Windows versions such as OneDrive or Notepad, to perform similar actions. This makes it difficult to treat or completely remove them.
More dangerous, not only is it difficult to remove, this virus also has a mechanism to spread via USB by hiding the data contained in the USB, replacing it with shortcuts that fake the data. These shortcuts contain calls to viruses hidden in USB. If users open these fake shortcuts, the virus will be executed. Finally, after penetrating and existing on the victim’s computer, the virus disables Windows’ existing protection measures and waits for the opportunity to download another malicious file, in order to steal the user’s information. use and send data to the attacker’s server.
To avoid being attacked by this malicious code, Bkav experts recommend that users need to:
– Increase vigilance when using peripheral devices to copy data between computers. Businesses and organizations can set a policy of not using USB in their businesses and organizations, if necessary.
– Always turn on hidden file display mode and check the USB shortcut before clicking on it. Fake shortcuts in USB are also used by many other virus strains.
-Use and regularly update copyrighted network security solutions and software to protect computers and systems from threats that are difficult to detect or require complex processing to completely remove viruses. .
