digital signature with thunder malicious plug-in "INPEnhSvc.exe", without the user directory system allows implantation of Windows, startup, and cloud according to the instructions, modify the browser home page on the user’s computer, add in the favorites. At the same time, the file will be downloaded in the background to install Android mobile phone driver, once the user’s mobile phone connected to the computer, it will install a variety of applications. Sneak into your computer intrusion, your mobile phone, make it become a fat chicken, and then quietly profit.
since June 19th, tens of millions of users because of the installation of thunder software is bundled with a malicious plug-in, the amount of computer infection has reached tens of millions.
August 21st, thunder company held a press conference in Shenzhen, said the investigation found that a subsidiary of Thunder KanKan group, a department manager, to avoid the use of subsidiary company processes, manufacturing resources with malicious plug-in program. Modify browser to install mobile application
in August this year, well-known technology blog Lei Feng net exposure of a number of letter of thunder internal mail, to identify the "dig thunder lightning, a senior by taking advantage of his position, the user is forced to insert a virus. Subsequently, some IT people use technical analysis will be completely exposed to this incident. The evening of August 21st, the thunder held a press conference to respond to rumors.
thunder senior vice president Huang Peng said, the investigation found that the company, a subsidiary of Thunder KanKan group thunder "video division" of the media department, through the company to avoid the normal process, indicating the use of technical personnel secretly subsidiary resources and fraudulent use of thunder signature, made with malicious program plug-in. The company is mainly responsible for the fire incident, at the same time, the responsible person to give warning, demerit, fines and other penalties for superior.
it is reported that since the end of June there are many user feedback in the forum, micro-blog computer anomaly, the researchers found that in user computer technology, is located in the C:WindowsSystem32 directory, found a file named "INPEnhSvc.exe", and the digital signature with thunder. Technical analysis of the 7 versions of the document, was confirmed by its built-in backdoor, and the use of similar cloud command technology to force interference and modify the user’s computer, currently infected with more than tens of millions of computers.
it is understood that the INPEnhSvc.exe file is a separate thunder from the start of the backdoor program, it can not allow the user to implant the Windows system directory, boot automatically start. And according to the cloud instructions, modify the browser home page on the user’s computer, add in the favorites.
at the same time, the file will be downloaded in the background to install Android mobile phone driver, once the user’s mobile phone connected to the computer, it will be silent to install a variety of