In a recent blog entry, we have posted warning about Lenovo’s download website being infected with malicious codes. According to Lenovo, its download website was infected with malicious codes during the time between late Friday, June 18 and Monday, June 21. After Bkis’ warning, Lenovo has removed malicious code from its website and officially informed users of this issue on its blog.
However, obviously, many users could have accessed these sites during the period from June 18 (when the download site was injected with malicious codes) to June 21 (when this issue was officially handled by Lenovo). Thus, there are many possibilities that such users’ computers have been infected with virus. So, if you visited the download site during this period of time, how could you know your computer has been virus-infected or not? Simply, you can use Window’s msconfig to check your system. If there is a “Startup Item” named “monskc32” in Startup tab, your computer has been infected:
Figure 1: Sign to determine whether your system is infected with Bredolab or not
If your computer is infected with Bredolab, update the latest version of your antivirus software to remove the malicious code.
Le Minh Hung
Senior Security Researcher