The virus can regenerate itself using the standard svchost.exe process in the system |
According to Bkav, even after being detected and deleted manually by computer users, the virus can still regenerate thanks to taking advantage of the standard svchost.exe process in the system. It can also seek preinstalled apps such as OneDrive or Notepad in different Windows versions for a similar regeneration, creating a huge challenge to virus eliminators.
More seriously, the virus is able to spread via USB equipment. It first hides current data in that USB drive and creates shortcuts leading to activating itself. When entering a computer, the virus then disables Windows’ existing protection measures in order to download other harmful files from the Internet to steal personal data of the victim and send to the attacker’s server.
Dangerous as it is, Bkav advises more caution when using peripheral devices to copy data between computers. Businesses and organizations can even forbid the use of a USB drive if necessary. They should always enable the display of hidden files, while shortcuts on a USB device should be carefully checked before clicking.
Meanwhile, new versions of anti-virus software should be regularly updated for better protection against the latest viruses or other hazardous issues.
Source: SGGP