Hi frnds...
sometimes v come across a weird situation where wen v go on install antivirus in our pc...it says pc is badly infected...unable to install antiviruses...
so in dis situation v hav a hell lotta problems...dis occurs in cases wen viruses like I Worm-Sohanad virus(autoplay virus...)...hav badly penetrated in d pc..so in dis condition wat i do is
1.First make an emergency cd of Quick Heal Antivirus...u can make dis 4m any pc in wich quick heal is install..i vl prefer to make emergency cd 4m pc wich hav latest updates..dis emergency cd is made bootable automatically...
2.make a batch file....remove.bat...in wich rite dis...
Or use this command in dos
del c:\autorun.inf /A:S
del d:\autorun.inf /A:S
del e:\autorun.inf /A:S
del f:\autorun.inf /A:S
del g:\autorun.inf /A:S
...till d no. of drives iin ur pc...
3.run remove.bat...d file wich v made in 2nd step..
4.restart ur pc and insert d emergency cd wich v made in 1st step..
5.ur pc vl b automatically boot to quick heal emergency cd...nd all d viruses in ur pc vl b gone..
so njoy dis solutions...nd yup..i used quick heal coz in terms of virus removal it is best in my point of view...though it is memory hog...but a good antivirus either...
do comment
Sunday, June 22, 2008
Friday, June 20, 2008
Famous Computer Viruses You Should Know About!!
BOBBIT VIRUS
Removes a vital part of your hard disk then re-attaches it. (But that part will never work again.)
OPRAH WINFREY VIRUS
Your 200MB hard drive suddenly shrinks to 80MB, and then slowly expands back to 200MB.
AT&T VIRUS
Every three minutes it tells you what great service you are getting.
MCI VIRUS
Every three minutes it reminds you that you're paying too much for the AT&T virus.
PAUL REVERE VIRUS This revolutionary virus does not horse around. It warns you of impending hard disk attack -- once if by LAN, twice if by C/:
POLITICALLY CORRECT VIRUS Never calls itself a "virus," but instead refers to itself as an "electronic microorganism."
RIGHT TO LIFE VIRUS
Won't allow you to delete a file, regardless of how old it is. If you attempt to erase a file, it requires you to first see a counselor about possible alternatives.
ROSS PEROT VIRUS
Activates every component in your system, just before the whole damn thing quits.
MARIO CUOMO VIRUS
It would be a great virus, but it refuses to run.
TED TURNER VIRUS
Colorizes your monochrome monitor.
ARNOLD SCHWARZENEGGER VIRUS
Terminates and stays resident. It'll be back.
DAN QUAYLE VIRUS #1
Prevents your system from spawning any child process without joining into a binary network.
DAN QUAYLE VIRUS #2
Their is sumthing rong wit your komputer, ewe jsut cant figyour out watt!
GOVERNMENT ECONOMIST VIRUS
Nothing works, but all your diagnostic software says everything is fine.
NEW WORLD ORDER VIRUS
Probably harmless, but it makes a lot of people really mad just thinking about it.
FEDERAL BUREAUCRAT VIRUS
Divides your hard disk into hundreds of little units, each of which does practically nothing, but all of which claim to be the most important part of your computer.
GALLUP VIRUS
Sixty percent of the PCs infected will lose 38 percent of their data 14 percent of the time (plus or minus a 3.5 percent margin or error).
TEXAS VIRUS
Makes sure that it's bigger than any other file.
ADAM AND EVE VIRUS
Takes a couple of bytes out of your Apple computer.
CONGRESSIONAL VIRUS #1
The computer locks up, screen splits erratically with a message appearing on each half blaming the other side for the problem.
CONGRESSIONAL VIRUS #2
Runs every program on the hard drive simultaneously but doesn't allow the user to accomplish anything.
AIRLINE VIRUS
You're in Dallas, but your data is in Singapore.
FREUDIAN VIRUS
Your computer becomes obsessed with marrying its own motherboard.
PBS VIRUS
Your computer stops every few minutes to ask for money.
ELVIS VIRUS
Your computer gets fat, slow and lazy, then self-destructs -- only to resurface at shopping malls and service stations across rural America.
OLLIE NORTH VIRUS
Causes your printer to become a paper shredder.
SEARS VIRUS
Your data won't appear unless you buy new cables, power supply and a set of shocks.
JIMMY HOFFA VIRUS
Your programs can never be found again.
KEVORKIAN VIRUS
Helps your computer shut down as an act of mercy.
IMELDA MARCOS VIRUS
Sings you a song (slightly off key) on boot-up, then subtracts money from your Quicken account and spends it all on expensive shoes it purchases through Prodigy.
STAR TREK VIRUS
Invades your system in places where no virus has gone before.
HEALTH CARE VIRUS
Tests your system for a day, finds nothing wrong and sends you a bill for $4,500.
GEORGE BUSH VIRUS
It starts by boldly stating, "Read my docs ... no new files!" on the screen. It proceeds to fill up all the free space on your hard drive with new files, then blames it on the Congressional Virus.
NEW YORK JETS VIRUS
Makes your 486/50 machine perform like a 286/AT.
Hitesh
LAPD VIRUS
It claims it feels threatened by the other files on your PC and erases them in "self-defense."
CHICAGO CUBS VIRUS
Your PC makes frequent mistakes and comes in last in the reviews, but you still love it.
ORAL ROBERTS VIRUS
Claims that if you don't send it a million dollars, its programmer will take it back.
O.J. VIRUS
It claims that it did not, could not and would not delete two of your files and vows to find the virus that did it.
Removes a vital part of your hard disk then re-attaches it. (But that part will never work again.)
OPRAH WINFREY VIRUS
Your 200MB hard drive suddenly shrinks to 80MB, and then slowly expands back to 200MB.
AT&T VIRUS
Every three minutes it tells you what great service you are getting.
MCI VIRUS
Every three minutes it reminds you that you're paying too much for the AT&T virus.
PAUL REVERE VIRUS This revolutionary virus does not horse around. It warns you of impending hard disk attack -- once if by LAN, twice if by C/:
POLITICALLY CORRECT VIRUS Never calls itself a "virus," but instead refers to itself as an "electronic microorganism."
RIGHT TO LIFE VIRUS
Won't allow you to delete a file, regardless of how old it is. If you attempt to erase a file, it requires you to first see a counselor about possible alternatives.
ROSS PEROT VIRUS
Activates every component in your system, just before the whole damn thing quits.
MARIO CUOMO VIRUS
It would be a great virus, but it refuses to run.
TED TURNER VIRUS
Colorizes your monochrome monitor.
ARNOLD SCHWARZENEGGER VIRUS
Terminates and stays resident. It'll be back.
DAN QUAYLE VIRUS #1
Prevents your system from spawning any child process without joining into a binary network.
DAN QUAYLE VIRUS #2
Their is sumthing rong wit your komputer, ewe jsut cant figyour out watt!
GOVERNMENT ECONOMIST VIRUS
Nothing works, but all your diagnostic software says everything is fine.
NEW WORLD ORDER VIRUS
Probably harmless, but it makes a lot of people really mad just thinking about it.
FEDERAL BUREAUCRAT VIRUS
Divides your hard disk into hundreds of little units, each of which does practically nothing, but all of which claim to be the most important part of your computer.
GALLUP VIRUS
Sixty percent of the PCs infected will lose 38 percent of their data 14 percent of the time (plus or minus a 3.5 percent margin or error).
TEXAS VIRUS
Makes sure that it's bigger than any other file.
ADAM AND EVE VIRUS
Takes a couple of bytes out of your Apple computer.
CONGRESSIONAL VIRUS #1
The computer locks up, screen splits erratically with a message appearing on each half blaming the other side for the problem.
CONGRESSIONAL VIRUS #2
Runs every program on the hard drive simultaneously but doesn't allow the user to accomplish anything.
AIRLINE VIRUS
You're in Dallas, but your data is in Singapore.
FREUDIAN VIRUS
Your computer becomes obsessed with marrying its own motherboard.
PBS VIRUS
Your computer stops every few minutes to ask for money.
ELVIS VIRUS
Your computer gets fat, slow and lazy, then self-destructs -- only to resurface at shopping malls and service stations across rural America.
OLLIE NORTH VIRUS
Causes your printer to become a paper shredder.
SEARS VIRUS
Your data won't appear unless you buy new cables, power supply and a set of shocks.
JIMMY HOFFA VIRUS
Your programs can never be found again.
KEVORKIAN VIRUS
Helps your computer shut down as an act of mercy.
IMELDA MARCOS VIRUS
Sings you a song (slightly off key) on boot-up, then subtracts money from your Quicken account and spends it all on expensive shoes it purchases through Prodigy.
STAR TREK VIRUS
Invades your system in places where no virus has gone before.
HEALTH CARE VIRUS
Tests your system for a day, finds nothing wrong and sends you a bill for $4,500.
GEORGE BUSH VIRUS
It starts by boldly stating, "Read my docs ... no new files!" on the screen. It proceeds to fill up all the free space on your hard drive with new files, then blames it on the Congressional Virus.
NEW YORK JETS VIRUS
Makes your 486/50 machine perform like a 286/AT.
Hitesh
LAPD VIRUS
It claims it feels threatened by the other files on your PC and erases them in "self-defense."
CHICAGO CUBS VIRUS
Your PC makes frequent mistakes and comes in last in the reviews, but you still love it.
ORAL ROBERTS VIRUS
Claims that if you don't send it a million dollars, its programmer will take it back.
O.J. VIRUS
It claims that it did not, could not and would not delete two of your files and vows to find the virus that did it.
Sunday, April 20, 2008
Duplicate Folder Removal Tool..Newfolder.exe...etc
What does this tool do?
This tool removes the so called : duplicated folders virus which is a very common symptom of being infected by virus IM-Worm.Win32.Sohanad.ao and friends. It removes the duplicated folders from all your hard drive partitions including floppy disks and USB flash disks (those must be write enabled during the scan process)
How to use it?
Start your computer in Safe mode and run this tool. if you have infected floppy/flash disks you can insert them and click start. you can repeat this for every disk you have.
download it from here
http://download.sergiwa.com/security/DRT.exe
Njoy..!
This tool removes the so called : duplicated folders virus which is a very common symptom of being infected by virus IM-Worm.Win32.Sohanad.ao and friends. It removes the duplicated folders from all your hard drive partitions including floppy disks and USB flash disks (those must be write enabled during the scan process)
How to use it?
Start your computer in Safe mode and run this tool. if you have infected floppy/flash disks you can insert them and click start. you can repeat this for every disk you have.
download it from here
http://download.sergiwa.com/security/DRT.exe
Njoy..!
Thursday, April 17, 2008
Tuesday, April 1, 2008
How to Remove Ntdetec1.exe virus
If you press ctrl+alt+del to open task manager but it opens up and disappears quickly or doesn't open up. Then your system has been infected with W32.Ceted.
Followings are the common symptoms for this virus:-
* Task Manager doesn’t open or it is blocked.
* Command Prompt (cmd.exe) doesn't open.
* A folder named "Ntdetec1" (c:\ntdetec1) is automatically created in "c:\".
* Regedit or registry editing has been disabled.
* Folder Options are not visible under Tools menu.
The followings are the processes of this virus:-
\ntdetec1\ntdetec1.exe
\ntdetec1\cmrss.exe
\ntdetec1\run.exe
\ntdetec1\shell32.exe
If a system is infected, it creates a folder called ntdetec1 in your System Drive which is NOT visible via Explorer or Command prompt.
Related files:
%SystemDrive%\ntdetec1\ntdetec1.exe
%SystemDrive%\ntdetec1\cmrss.exe
%SystemDrive%\ntdetec1\run.exe
%SystemDrive%\ntdetec1\shell32.exe
%SystemDrive%\ntdetec1\drivelist.txt
%SystemDrive%\ntdetec1\child\autorun.inf
%SystemDrive%\ntdetec1\child\ntdetec1.exe
Actually this worm copies itself to all shared and removable drives and spreads when the user double clicks on it to open it. It uses autorun.inf. So I recommend to disable autorun on all drives.
Related topic is in older posts in dis blog only...go for autorun.inf virus
I also recommend not to double click on any removable drive to open it.
To open any removable drive always launch Windows Explorer and click on the removable drive to open it.
Removal Process
Open Command Prompt. If it is not being opened, then the processes can also be killed with a task manager like utility "TaskPatrol".
You may download it here.
http://www.asmdev.net/products/taskpatrol/
Now in command prompt kill the precesses related with this virus.
taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe
After killing the processes remove the read only, hidden and system attributes from the files of this virus. To do this make sure you are in the root directory of "c:" or your system drive. Now check the "C:\" for the files of this virus. For this
dir ntdetec1 /ad
If the directory is being listed then it exist, otherwise the "ntdetec1" may be located in other drive. Locate the drive and then issue this command.
attrib -h -r -s ntdetec1 /s /d
Now locate the Ntdetec1 folder with windows explorer or my computer and delete it and all the contents inside this folder permanently.
Now open the registry editor and delete the following entry:-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"
I hope this should solve the problem.
Followings are the common symptoms for this virus:-
* Task Manager doesn’t open or it is blocked.
* Command Prompt (cmd.exe) doesn't open.
* A folder named "Ntdetec1" (c:\ntdetec1) is automatically created in "c:\".
* Regedit or registry editing has been disabled.
* Folder Options are not visible under Tools menu.
The followings are the processes of this virus:-
\ntdetec1\ntdetec1.exe
\ntdetec1\cmrss.exe
\ntdetec1\run.exe
\ntdetec1\shell32.exe
If a system is infected, it creates a folder called ntdetec1 in your System Drive which is NOT visible via Explorer or Command prompt.
Related files:
%SystemDrive%\ntdetec1\ntdetec1.exe
%SystemDrive%\ntdetec1\cmrss.exe
%SystemDrive%\ntdetec1\run.exe
%SystemDrive%\ntdetec1\shell32.exe
%SystemDrive%\ntdetec1\drivelist.txt
%SystemDrive%\ntdetec1\child\autorun.inf
%SystemDrive%\ntdetec1\child\ntdetec1.exe
Actually this worm copies itself to all shared and removable drives and spreads when the user double clicks on it to open it. It uses autorun.inf. So I recommend to disable autorun on all drives.
Related topic is in older posts in dis blog only...go for autorun.inf virus
I also recommend not to double click on any removable drive to open it.
To open any removable drive always launch Windows Explorer and click on the removable drive to open it.
Removal Process
Open Command Prompt. If it is not being opened, then the processes can also be killed with a task manager like utility "TaskPatrol".
You may download it here.
http://www.asmdev.net/products/taskpatrol/
Now in command prompt kill the precesses related with this virus.
taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe
After killing the processes remove the read only, hidden and system attributes from the files of this virus. To do this make sure you are in the root directory of "c:" or your system drive. Now check the "C:\" for the files of this virus. For this
dir ntdetec1 /ad
If the directory is being listed then it exist, otherwise the "ntdetec1" may be located in other drive. Locate the drive and then issue this command.
attrib -h -r -s ntdetec1 /s /d
Now locate the Ntdetec1 folder with windows explorer or my computer and delete it and all the contents inside this folder permanently.
Now open the registry editor and delete the following entry:-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"
I hope this should solve the problem.
Funny UST Scandal Virus
I was really pissed off today because of this Funny UST scandal AVI virus that keeps pestering me everytime I send messages via yahoo messenger. I was really shocked when I saw the cursor automatically buzzing my YM buddies and sending messages that say “tropen dis ganda nakakatawa”. Worse, my current status message even displayed this: “sino gusto funny ust scandal pm nio ko”.
I tried to delete all funny ust scandal icons in my PC. I even tried to uninstall my yahoo messenger and reinstalled it again but the Funny UST Scandal AVI Virus keeps coming back. Thankfully, I was able to download the Funny UST Scandal Avi.Exe Remover, a Funny UST Scandal Virus Removal Tool I have learned from techpinoy.blogspot.com.
If you want to remove that %$##@@@@!!!! Funny UST scandal virus in your PC, just
1. download the Funny UST Scandal Avi.Exe Remover zip from
http://www.geocities.com/six519/Remover.zip
2. Double click remover.exe and
3. click on the “patayin ang tangahing virus button”.
This will automatically eliminate the Funny UST scandal AVI virus from your PC.
You can also check out these similar posts on removing the funny UST scandal virus:
Autoit.BD worm removal - Funny UST Scandal.avi.exe
Removing Funny ust scandal (virus) manually
How To Remove Funny UST Scandal.avi.exe Virus
I tried to delete all funny ust scandal icons in my PC. I even tried to uninstall my yahoo messenger and reinstalled it again but the Funny UST Scandal AVI Virus keeps coming back. Thankfully, I was able to download the Funny UST Scandal Avi.Exe Remover, a Funny UST Scandal Virus Removal Tool I have learned from techpinoy.blogspot.com.
If you want to remove that %$##@@@@!!!! Funny UST scandal virus in your PC, just
1. download the Funny UST Scandal Avi.Exe Remover zip from
http://www.geocities.com/six519/Remover.zip
2. Double click remover.exe and
3. click on the “patayin ang tangahing virus button”.
This will automatically eliminate the Funny UST scandal AVI virus from your PC.
You can also check out these similar posts on removing the funny UST scandal virus:
Autoit.BD worm removal - Funny UST Scandal.avi.exe
Removing Funny ust scandal (virus) manually
How To Remove Funny UST Scandal.avi.exe Virus
Sunday, March 23, 2008
New Yahoo! Messenger Virus Attack nsl-school.org Solution
This Yahoo messenger virus attack is one of the most powerful Trojan/virus.. If your computer is infected with this virus; It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.
To solve this problem, Just go through the below steps carefully.
What are those links ?
Nsl-school.org or other (Do not open this url in your browser).
If you are infected with it what is going to happen ?
1: It sets your default IE page to nsl-school.org, you can't even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.
2: It will disables the Task manager / reg edit. So you can't kill the Trojan process anymore.
3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe. (You can find these files in windows/ & temp/ directories.)
4: It will sends the secured & protected information to attacker
How to remove this manually from your computer ?
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: Enable your Regedit (Click Start -> Run and type this command exactly as given below: (better - Copy and paste)
Code:
REG add HKCUSoftwareMic*ftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f 3:
To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code:
REG add HKCUSoftwareMic*ftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f 4:
Now we need to change the default page of IE though regedit.
Go to Start -> Run -> Regedit
From the below locations in Regedit chage your default home page to hackgyan.net or other
Code:
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain
HKEY_ LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain
HKEY_USERSDefaultSoftwareMicrosoftInternet ExplorerMain
Just replace the attacker site with hackgyan.net or set it to blank page.
5: Now we need to kill the process from back end. Press Ctrl + Alt + Del
Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get
8: Restart the computer. That's it now you are virus free
To solve this problem, Just go through the below steps carefully.
What are those links ?
Nsl-school.org or other (Do not open this url in your browser).
If you are infected with it what is going to happen ?
1: It sets your default IE page to nsl-school.org, you can't even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.
2: It will disables the Task manager / reg edit. So you can't kill the Trojan process anymore.
3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe. (You can find these files in windows/ & temp/ directories.)
4: It will sends the secured & protected information to attacker
How to remove this manually from your computer ?
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: Enable your Regedit (Click Start -> Run and type this command exactly as given below: (better - Copy and paste)
Code:
REG add HKCUSoftwareMic*ftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f 3:
To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code:
REG add HKCUSoftwareMic*ftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f 4:
Now we need to change the default page of IE though regedit.
Go to Start -> Run -> Regedit
From the below locations in Regedit chage your default home page to hackgyan.net or other
Code:
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain
HKEY_ LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain
HKEY_USERSDefaultSoftwareMicrosoftInternet ExplorerMain
Just replace the attacker site with hackgyan.net or set it to blank page.
5: Now we need to kill the process from back end. Press Ctrl + Alt + Del
Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get
8: Restart the computer. That's it now you are virus free
Taskmanager disabled,regedit banned,folder options banned,gepdit.msc banned,cmd banned....Try dis..!!
hi frnds this is an restriction removal tool
download dis and run....all restriction wil be removed 4m ur pc....njoy!!
1.restriction removal tool
link: http://www.softpedia.com/get/Security/Security-Related/RRT-Remove-Ristrictions-Tool.shtml
------------------------------------------------------------------------------------------
if d above given software doesnt work den go for softwares given below....but i thbk above software vl work for u...
----------------------------------------------------------------
2.unhackme
http://www.greatis.com/unhackme/download.htm
3.hijackthis
http://filehippo.com/download_hijackthis/
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
4.process explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
If your pc is affected with some virus the most common of all is your folder otion will be disabled,you may not be able to open task manager, etc etc..
now 1st step is to identify the virus process
process explorer will help u and u may see the path of the installed file on ur system
now use restriction removal tool to remove the task bar ..folder option restrictions...etc...
now our aim is to remove the running virus process..
use hijackthis and select the virus process. it will remove the process from startup registry also..
finally try unhacme.. to remove the rootkits
download dis and run....all restriction wil be removed 4m ur pc....njoy!!
1.restriction removal tool
link: http://www.softpedia.com/get/Security/Security-Related/RRT-Remove-Ristrictions-Tool.shtml
------------------------------------------------------------------------------------------
if d above given software doesnt work den go for softwares given below....but i thbk above software vl work for u...
----------------------------------------------------------------
2.unhackme
http://www.greatis.com/unhackme/download.htm
3.hijackthis
http://filehippo.com/download_hijackthis/
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
4.process explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
If your pc is affected with some virus the most common of all is your folder otion will be disabled,you may not be able to open task manager, etc etc..
now 1st step is to identify the virus process
process explorer will help u and u may see the path of the installed file on ur system
now use restriction removal tool to remove the task bar ..folder option restrictions...etc...
now our aim is to remove the running virus process..
use hijackthis and select the virus process. it will remove the process from startup registry also..
finally try unhacme.. to remove the rootkits
HAPPY BIRTHDAY VIRUS REMOVAL INSTRUCTIONS
below steps are the removal instruction of happy birthday virus.
don’t forget to change the downloaded files extension to .zip and
change exc file extension to exe!!!
Download below links file (Security Task Manager and NOD32 Registry Fix)
http://cid-a8c37fe357e06ebd.skydrive.live.com/self.aspx/System%20Tools/STM.compress
http://cid-a8c37fe357e06ebd.skydrive.live.com/self.aspx/System%20Tools/NOD32%20Registry%20Recovery.compress
1. install security task manager with patch from my attachment and run the program
2.
kill the process of explorcr.exe and delete manually from
%systemroot%\system32 (its hidden). you won't see happy birthday
caption again, as soon as you kill the process
3. delete manually also autorun.inf from the %systemroot% (its hidden)
remark:
if you cant find that files, use other file browser software such as
captain nemo!! cause of virus disabled most of useful system command
such as cmd, regedit, msconfig and much more.
4. insert windows xp cd-rom for copy ntldr from i386\ntldr to %systemdrive%
5. run nod32 registry fix to recover system command
6. restart your computer
dont
forget to check all usb storage and delete manually all of autorun.inf,
explorcr.exe and foldername.exe. explorcr.exe delete ntldr fron the
systemdrive. use windows xp recovery console to recopy the ntldr, if
the computer is already deleted by explorcr.exe
wish all of you to be happy after clean
don’t forget to change the downloaded files extension to .zip and
change exc file extension to exe!!!
Download below links file (Security Task Manager and NOD32 Registry Fix)
http://cid-a8c37fe357e06ebd.skydrive.live.com/self.aspx/System%20Tools/STM.compress
http://cid-a8c37fe357e06ebd.skydrive.live.com/self.aspx/System%20Tools/NOD32%20Registry%20Recovery.compress
1. install security task manager with patch from my attachment and run the program
2.
kill the process of explorcr.exe and delete manually from
%systemroot%\system32 (its hidden). you won't see happy birthday
caption again, as soon as you kill the process
3. delete manually also autorun.inf from the %systemroot% (its hidden)
remark:
if you cant find that files, use other file browser software such as
captain nemo!! cause of virus disabled most of useful system command
such as cmd, regedit, msconfig and much more.
4. insert windows xp cd-rom for copy ntldr from i386\ntldr to %systemdrive%
5. run nod32 registry fix to recover system command
6. restart your computer
dont
forget to check all usb storage and delete manually all of autorun.inf,
explorcr.exe and foldername.exe. explorcr.exe delete ntldr fron the
systemdrive. use windows xp recovery console to recopy the ntldr, if
the computer is already deleted by explorcr.exe
wish all of you to be happy after clean
Thursday, March 13, 2008
Disabled Netwrk drive etc in tools Menu - System.exe Virus
Symptoms
It creates a file hidden system.exe in the Windows directory. McAfee can detect it, but cannot remove because it could not stop it from running, so permission denied.
Folder options are disabled, the tools menu in the explorer is simply filled with stuff like "disable networkd drive" etc.. but no folder options so one cannot view the hidden files...
if you try to run the folder options from Help and suport center, you get the message "The current settings of windows forbid this application..." blah blah...
Task manager is disabled. If you press ctr+alt+del, you get "task manager is disabled..." etc. nothign happens when you run TASKMAN from windows folder....
RUN has been deleted from start menu.
Command prompt (cmd.exe) has been disabled...
Solution
firstly use hijack this to remove all suspesious viruses/worms frm ur system also do a scan wid bitdefender or kaspersky.
---------------
for enabling folder options:
Fire up Group Policy Editor. (Start->Run->"gpedit.msc")
On the left, go to User Configuration.
Then, go to Administrative Templates.
Then, go to Windows Components.
Then, go to Windows Explorer.
Finally, on the right desable the option of "Remove the Folder Options menu item from the Tools Menu".
------------------------
to enable cmd
Open Registry Editor (Regedit.exe) and navigate to:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
In the right-pane, double-click DisableCMD and set it's data to 0
------------------------
To enable task manager
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
-------------------------
To enable Regedit
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
----------------
preferably do all the above thing in safe mode.
now remove system.exe
Use Windows Task Manager to Remove system.exe Processes
To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the "Image Name" button to search for " system.exe" process by name.
Select the " system.exe" process and click on the "End Process" button to kill it.
------------------------------
Use Windows File Search Tool to Find system.exe Path
Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in " system.exe" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of " system.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete system.exe in the following manual removal steps.
----------------------------
Detect and Delete Other system.exe Files
To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in del "name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the " system.exe" process and click on the "End Process" button to kill it.
It creates a file hidden system.exe in the Windows directory. McAfee can detect it, but cannot remove because it could not stop it from running, so permission denied.
Folder options are disabled, the tools menu in the explorer is simply filled with stuff like "disable networkd drive" etc.. but no folder options so one cannot view the hidden files...
if you try to run the folder options from Help and suport center, you get the message "The current settings of windows forbid this application..." blah blah...
Task manager is disabled. If you press ctr+alt+del, you get "task manager is disabled..." etc. nothign happens when you run TASKMAN from windows folder....
RUN has been deleted from start menu.
Command prompt (cmd.exe) has been disabled...
Solution
firstly use hijack this to remove all suspesious viruses/worms frm ur system also do a scan wid bitdefender or kaspersky.
---------------
for enabling folder options:
Fire up Group Policy Editor. (Start->Run->"gpedit.msc")
On the left, go to User Configuration.
Then, go to Administrative Templates.
Then, go to Windows Components.
Then, go to Windows Explorer.
Finally, on the right desable the option of "Remove the Folder Options menu item from the Tools Menu".
------------------------
to enable cmd
Open Registry Editor (Regedit.exe) and navigate to:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
In the right-pane, double-click DisableCMD and set it's data to 0
------------------------
To enable task manager
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
-------------------------
To enable Regedit
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
----------------
preferably do all the above thing in safe mode.
now remove system.exe
Use Windows Task Manager to Remove system.exe Processes
To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the "Image Name" button to search for " system.exe" process by name.
Select the " system.exe" process and click on the "End Process" button to kill it.
------------------------------
Use Windows File Search Tool to Find system.exe Path
Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in " system.exe" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of " system.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete system.exe in the following manual removal steps.
----------------------------
Detect and Delete Other system.exe Files
To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in del "name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the " system.exe" process and click on the "End Process" button to kill it.
Saturday, March 8, 2008
newfolder.exe,autoplay virus,sscviihost.exe Virus
if u r infected with this virus then the following problems will occur in ur pc:
1. u'll find New Folder.exe file in the root path of every storage media you have?
2. u'll find a new folder inside every folder you have?
3. When you doubleclick on one of your hard drive partitions, it shows you some unexpected results?
4. When you rightclick on one of your hard drive partitions, you see a new item called "Autoplay" on top of other items with bold face?
5. When you right click on one of your hard drive partitions, you see some new items with garbage text?
6. When your Antivirus detects and deletes the malware that causes all of that and restart your system, you see an error message similar to: "Windows cannot find SSCVIIHOST.exe..."?
If your answer was ‘Yes’ to any of the above questions then the chances are that you may be infected with the Sohanad virus (otherwise known as New Folder.exe) or one of its variants:
IM-Worm.Win32.Sohanad.as
IM-Worm.Win32.Sohanad.ao
IM-Worm.Win32.Sohanad.am
The problem is that this virus is particulary cumbersome to remove, even by reputable anti-virus programs. But their is a solution and it is called SRT (or Sohanad Removal Tool)!
What does this tool do?
It detects and reoves all traces of the Sohanad virus from your system, including floppy disks and USB flash disks (the latter ones must be write enabled during the scan process).
It also removes the leftovers of this virus by removing the 'autorun.inf' files and cleaning up you system registry, so you won’t see the 'autoplay' item anymore.
How to use it?
Start your computer in Safe mode and run this tool. If you have infected floppy/flash disks you can insert them and click start. You can repeat this process for every disk you have.
Click Here to Download the Tool
Manually remove it (new folder.exe Fix)
Delete File named svichossst.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“@”=[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Yahoo Messengger”=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Shell”=”Explorer.exe “
1. u'll find New Folder.exe file in the root path of every storage media you have?
2. u'll find a new folder inside every folder you have?
3. When you doubleclick on one of your hard drive partitions, it shows you some unexpected results?
4. When you rightclick on one of your hard drive partitions, you see a new item called "Autoplay" on top of other items with bold face?
5. When you right click on one of your hard drive partitions, you see some new items with garbage text?
6. When your Antivirus detects and deletes the malware that causes all of that and restart your system, you see an error message similar to: "Windows cannot find SSCVIIHOST.exe..."?
If your answer was ‘Yes’ to any of the above questions then the chances are that you may be infected with the Sohanad virus (otherwise known as New Folder.exe) or one of its variants:
IM-Worm.Win32.Sohanad.as
IM-Worm.Win32.Sohanad.ao
IM-Worm.Win32.Sohanad.am
The problem is that this virus is particulary cumbersome to remove, even by reputable anti-virus programs. But their is a solution and it is called SRT (or Sohanad Removal Tool)!
What does this tool do?
It detects and reoves all traces of the Sohanad virus from your system, including floppy disks and USB flash disks (the latter ones must be write enabled during the scan process).
It also removes the leftovers of this virus by removing the 'autorun.inf' files and cleaning up you system registry, so you won’t see the 'autoplay' item anymore.
How to use it?
Start your computer in Safe mode and run this tool. If you have infected floppy/flash disks you can insert them and click start. You can repeat this process for every disk you have.
Click Here to Download the Tool
Manually remove it (new folder.exe Fix)
Delete File named svichossst.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“@”=[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Yahoo Messengger”=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Shell”=”Explorer.exe “
Show Hidden Files Not Working
A few days back, my friend told me that he was having trouble with his Windows XP. The show hidden files and folders was not working at all. If he selected the radio button “Show hidden files and folders”, and then press Ok .. the changes would just disappear upon opening the dialog again. It was probably some virus attack after which the Windows registry was not being updated properly. So here is what I did to restore it back.
Go to registry editor by running regedit in the run box.
Go to this key:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced
In the right hand area, double click hidden and change the value to 1.
Now you’re all set to go. Check it in your tools menu if the changes have taken effect. Mine have already been fixed :-).
Go to registry editor by running regedit in the run box.
Go to this key:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced
In the right hand area, double click hidden and change the value to 1.
Now you’re all set to go. Check it in your tools menu if the changes have taken effect. Mine have already been fixed :-).
Registry Editing Disabled By Admin..??!!
Today a friend of mine asked that his registry editor had been disabled accidently and now how should he enable it back again. Here are two ways to enable the registry editing in Windows.
1- From Group Policy Editor
Go to Run –> gpedit.msc
In the left hand menu, go to User Config –> Administrative Templated –> System.
Now In the right hand pane, select “Prevent access to registry editing tools”. It will probably be not configured or enabled. If it’s enabled, disable it and if it’s not configured, first enable it, apply settings and then disable it. Most probably the settings have been applied instantly. If not, then run gpupdate in command prompt to apply the group policies.
2- From the Run Menu
I got this tweak while surfing the internet. Go to Start –> Run, copy and paste the follow in the Run box and press OK.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
The effects are usually instant. If not then you should see the results after restarting your computer.
Please tell me your experiences on this tweak.
1- From Group Policy Editor
Go to Run –> gpedit.msc
In the left hand menu, go to User Config –> Administrative Templated –> System.
Now In the right hand pane, select “Prevent access to registry editing tools”. It will probably be not configured or enabled. If it’s enabled, disable it and if it’s not configured, first enable it, apply settings and then disable it. Most probably the settings have been applied instantly. If not, then run gpupdate in command prompt to apply the group policies.
2- From the Run Menu
I got this tweak while surfing the internet. Go to Start –> Run, copy and paste the follow in the Run box and press OK.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
The effects are usually instant. If not then you should see the results after restarting your computer.
Please tell me your experiences on this tweak.
Task Manager Has Been Disabled By Ur Administrator..!!
My friend asks that whenever he tries to open the task manager, he is encountered by the following error:
“Task Manager has been disabled by your administrator”
Here is solution about enabling the task manager:
Enabling Task Manager from Group Policy Editor
1. Go to “Start” -> “Run” -> Write “Gpedit.msc” and press on “Enter” button.
2. Navigate to “User Configuration” -> “Administrative Templates” -> “System” -> “Ctrl+Alt+Del Options”
3. In the right side of the screen verity that “Remove Task Manager”" option set to “Disable” or “Not Configured”.
4. Close “Gpedit.msc” MMC.
5. Go to “Start” -> “Run” -> Write “gpupdate /force” and press on “Enter” button.
Enabling Task Manager from Registry Editor
1. Go to “Start” -> “Run” -> Write “regedit” and press on “Enter” button.
Warning: Modifying your registry can cause serious problems that may require you to reinstall your operating system.
Always backup your files before doing this registry hack.
2. Navigate to the following registry keys and verity that following settings set to default:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableTaskMgr”=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableTaskMgr”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
“DisableTaskMgr”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“DisableCAD”=dword:00000000
3. Reboot the computer.
For your convenience, I have created a registry file. Just download, double click it and add the info to your registry. The task manager will be enabled. Post your experiences please.
Enabling Task Manager from the Run Menu
Go to Start –> Run and copy and paste the following and press OK.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /fOlympic Torch Invitation Virus Hoax
Do not open any message with an attached filed called"Invitation" regardless of who sent it, It is a virus that opens an Olympic Torch which "burns" the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact
list, that is why you should send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.If you receive a mail called "invitation", though sent by a friend, do not open it and shut down your computer immediately.
This is the worst virus announced by CNN, it has been Classified by Microsoft as the most destructive virus ever.This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus.This virus simply destroys the Zero Sector of the Hard Disc,where the vital information is kept.
list, that is why you should send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.If you receive a mail called "invitation", though sent by a friend, do not open it and shut down your computer immediately.
This is the worst virus announced by CNN, it has been Classified by Microsoft as the most destructive virus ever.This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus.This virus simply destroys the Zero Sector of the Hard Disc,where the vital information is kept.
amvo.exe Virus Manual Removal Steps
This is a nasty virus, dont know who dropped it on me. It spreads via USB Memory Sticks. It cannot be seen in the process list, hides itself and hides all files. And my antivirus doesn't seem to find a problem! :(
symptoms
How to get rid off?
Step 1
The usual way is to Format the system, but it is not a permanent solution. To get rid run regedit, find all keys related to amvo.exe or the name of the virus.
Run msconfig in the Start Up Tab you can find the amvo.exe or its variants.
Remove all occurrence of the name from regedit.
Reboot the System.
Step 2
Reboot and do the following changes to the Registry using regedit
-- OR --
Reboot into a different OS and do the following
Step 3
From all the drives delete the autorun.inf using command line (if on windows) or from a linux OS. Do not open the drive from the explorer as it would spread the virus again to this OS. If you have linux installed and can access all partitions on the disk, go delete the files and clear the trash on all drives.
Step 4
Reboot the system.
Do necessary changes as in Step 2, if you have not done those.
I hope that will do it
Install a good antivirus update it.
Prevent Autorun from USBs.
To disable Autoplay of all drives
Start > Run > gpedit.msc
symptoms
- Cannot show hidden files
- Slows down USB devices
- Adds infections to plugged in USB devices
- Drives open in new windows from My Computer
How to get rid off?
Step 1
The usual way is to Format the system, but it is not a permanent solution. To get rid run regedit, find all keys related to amvo.exe or the name of the virus.
Run msconfig in the Start Up Tab you can find the amvo.exe or its variants.
Remove all occurrence of the name from regedit.
Reboot the System.
Step 2
Reboot and do the following changes to the Registry using regedit
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer searchidden en 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer searchsystemdirs en 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced hidden en 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced showsuperhiden en 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced superhiden en 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN CheckedValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN DefaultValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL CheckedValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL DefaultValue 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun 0x00000091 (145)
-- OR --
Reboot into a different OS and do the following
Step 3
From all the drives delete the autorun.inf using command line (if on windows) or from a linux OS. Do not open the drive from the explorer as it would spread the virus again to this OS. If you have linux installed and can access all partitions on the disk, go delete the files and clear the trash on all drives.
Step 4
Reboot the system.
Do necessary changes as in Step 2, if you have not done those.
I hope that will do it
Install a good antivirus update it.
Prevent Autorun from USBs.
To disable Autoplay of all drives
Start > Run > gpedit.msc
Virus In Yahoo Msngr, Automatically Sending links - gaigoitanbing.xlphp.net
EDIT - Running Windows is Safe Mode is pretty easy. First of all, restart your computer. When it's booting (black screen with / without writings before the Windows XP logo comes up), press F8 button on your desktop. Your computer will stop booting and give you some options like -
Start in Safe Mode
Start in Safe Mode with Networking
Start Windows XP normally etc.
Choose "Start in Safe Mode". Your computer will start with a black background and with a very hazy display. Open McAfee now and scan your computer. Restart again (without pressing F8) when you are done to start Windows in Normal Mode.
Is your McAfee fully updated? If no, then update it first of all and then run a full system scan. If it still finds nothing, then do an online Panda ActiveScan (it will scan your computer and remove most infections without you having to download anything):
http://www.pandasecurity.com/homeusers/s...
I am sure that McAfee or Panda will get rid of the virus.
Good luck!
:)
Start in Safe Mode
Start in Safe Mode with Networking
Start Windows XP normally etc.
Choose "Start in Safe Mode". Your computer will start with a black background and with a very hazy display. Open McAfee now and scan your computer. Restart again (without pressing F8) when you are done to start Windows in Normal Mode.
Is your McAfee fully updated? If no, then update it first of all and then run a full system scan. If it still finds nothing, then do an online Panda ActiveScan (it will scan your computer and remove most infections without you having to download anything):
http://www.pandasecurity.com/homeusers/s...
I am sure that McAfee or Panda will get rid of the virus.
Good luck!
:)
Clean D Virus xn1inx.com
This is a spyware where creates files of the name like h.cmd, xn1i9x.com, ylr.exe, awda2.exe etc and creates an associated autorun.inf file which executes these files. Simply deleting these files along with autorun.inf wont work as they are recreated after some time. This happens because it has created an entry in the startup folder. You need to remove it and once that is done just delete all the malicious files present on each of your drive. They wont be recreated after that.
The startup entry can be present in the various possible location.
click here to get detailed description of these places
The startup entry can be present in the various possible location.
click here to get detailed description of these places
MonaRonaDona: A revolution In Social Engineering
Recently, infections of the malware "MonaRonaDona" have been increasingly prevelent.
Once "MonaRonaDona" is installed on a user's system, it displays the following message:
"Hi, My name is MonaRonaDona. I am a virus
& I am here to Wreck your PC. If you
observe strange behaviour with your PC, like
program windows disappearing e.t.c, it's me
who is doing all this. I was created as a protest
against the Human Rights Violation
being observed throughout the world & the
very purpose of my existence is to remind
& stress the world to respect humainty."
Once active, "MonaRonaDona" attempts to terminate the following services:
Immidiatly after infection however, this activity will not be present as the malware registers itself to run as 'Windows' boots. As a result of this, how "MonaRonaDona" actually infects computers is still unknown as users often cannot remember their actions prior to the infection.
However, this is where it gets interesting as due such actions as displaying a warning message once infected, actively terminating common 'Windows' processes and displaying messages in application's title bars, we are forced to ask ourselvs the simple question:
"Why does the malware author want "MonaRonaDona" to be noticed by the user to such an extent?"
The awnswer lies in a simple search for "MonaRonaDona" in one of today's popular search engines. This query will direct the user to a page similar to this one:
"Unigray antivirus".
The article displayed in the image claims that "MonaRonaDona" can be fixed with the following legitimate applications:
'Kapersky'
'AVG'
and 'McAfee'
When in reality, only 'Kaspersky' has included "MonaRonaDona" in it's 'DATs' (as 'Trojan.Win32.Monagrey.a').
The article also claims that the best application that a user can use to fix the malware is called 'Unigray antivirus'.
'Unigray antivirus' is an application published on the web at the same time detections of "MonaRonaDona" began appearing.
Furthermore, when examined by 'Kaspersky Labs', the application was found to only detect (to a minimal standard) 19 different threats (including "MonaRonaDona") yet only removes one.. "MonaRonaDota".
When comparing the code of "MonaRonaDona" to that of 'Unigray', it is also noteable that there are many simularities.
Therefore, it extremely probable that the individual(s) behind "MonaRonaDona" are the same individual(s) that created "MonaRonaDona".
It seems social engineering techniques are getting increasingly devious and manipulative and that fraudware/malware authors are gaining more insight into the psycology of their victims and can thusly be expected to be seen employing social engineering techniques as a venue for infection more regularly.
Once "MonaRonaDona" is installed on a user's system, it displays the following message:
"Hi, My name is MonaRonaDona. I am a virus
& I am here to Wreck your PC. If you
observe strange behaviour with your PC, like
program windows disappearing e.t.c, it's me
who is doing all this. I was created as a protest
against the Human Rights Violation
being observed throughout the world & the
very purpose of my existence is to remind
& stress the world to respect humainty."
Once active, "MonaRonaDona" attempts to terminate the following services:
Date And TimeThe 'Internet Explorer' title bar is also modified to contain text regarding "MonaRonaDona".
Windows Task Manager
Registry Editor
Irfanview
Google Talk
Macromedia
Adobe
Microsoft Visual
Windows Media Player
Winamp
Microsoft Office
Microsoft Excel
Microsoft Word
Messenger
Immidiatly after infection however, this activity will not be present as the malware registers itself to run as 'Windows' boots. As a result of this, how "MonaRonaDona" actually infects computers is still unknown as users often cannot remember their actions prior to the infection.
However, this is where it gets interesting as due such actions as displaying a warning message once infected, actively terminating common 'Windows' processes and displaying messages in application's title bars, we are forced to ask ourselvs the simple question:
"Why does the malware author want "MonaRonaDona" to be noticed by the user to such an extent?"
The awnswer lies in a simple search for "MonaRonaDona" in one of today's popular search engines. This query will direct the user to a page similar to this one:
"Unigray antivirus".
The article displayed in the image claims that "MonaRonaDona" can be fixed with the following legitimate applications:
'Kapersky'
'AVG'
and 'McAfee'
When in reality, only 'Kaspersky' has included "MonaRonaDona" in it's 'DATs' (as 'Trojan.Win32.Monagrey.a').
The article also claims that the best application that a user can use to fix the malware is called 'Unigray antivirus'.
'Unigray antivirus' is an application published on the web at the same time detections of "MonaRonaDona" began appearing.
Furthermore, when examined by 'Kaspersky Labs', the application was found to only detect (to a minimal standard) 19 different threats (including "MonaRonaDona") yet only removes one.. "MonaRonaDota".
When comparing the code of "MonaRonaDona" to that of 'Unigray', it is also noteable that there are many simularities.
Therefore, it extremely probable that the individual(s) behind "MonaRonaDona" are the same individual(s) that created "MonaRonaDona".
It seems social engineering techniques are getting increasingly devious and manipulative and that fraudware/malware authors are gaining more insight into the psycology of their victims and can thusly be expected to be seen employing social engineering techniques as a venue for infection more regularly.
Subscribe to:
Posts (Atom)