Archive for the ‘Virus’ Category

« Older Entries

Re-Enable Portable Regedit Saver After Virus Infection

Friday, September 4th, 2009

Most of the viruses, malware, spyware or trojan that infects Windows systems, sometimes disable regedit, task manager, system restore and command prompt. As a result we can not delete those files easily.

For some people who have enough computing skills and knowledge, they still can access regedit, task manager, system restore and command prompt. But for who with limited knowledge, it will be different.

If we do not know how to do it, here’s a free application called Re-Enable Portable 1.0.0.0, which can still access registry editing, after the computer was infected by spywares.

More than that, this program will also do re-enable Cmd / Taskmgr / System restore Config / config folder options and the Run command.

As quoted from Softpedia, Friday (4/9/2009) this 36.7 MB software can run on OS Windows XP, Vista, or 7. If you are interested to try this freeware please download the following link.

Tags: , , , , ,
Posted in Applications, Security, Tips And Tricks, Virus | No Comments »

Steps To Remove Conficker.dv Manually

Tuesday, September 1st, 2009

This is another series of virus removal tips:

Also Known As:
TA08-297A (other)
CVE-2008-4250 (other)
VU827267 (other)
Win32/Conficker.A (CA)
Mal/Conficker-A (Sophos)
Trojan.Win32.Agent.bccs (Kaspersky)
W32.Downadup.B (Symantec)
Trojan-Downloader.Win32.Agent.aqfw (Kaspersky)
W32/Conficker.worm (McAfee)
Trojan:Win32/Conficker!corrupt (Microsoft)
W32.Downadup (Symantec)
WORM_DOWNAD (Trend Micro)
Confickr (other)

This virus can be removed using 7 simple step only. Anyway this virus make some people mad because it’s attacking network (they might have more trouble when try to clean it) and of course your protection , If we look more deeply this virus using mostly lame virus technique included all in one packet. but in advanced the virus maker understand and really know how really weak windows protection is.

Detection of conficker: There are many signs like, Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com, www.symantec.com, www.norman.com, www.clamav.com, www.grisoft.com, www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.

This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will start downloading some image files and create temporary files then build himself LAME.

Once virus build completed it will start disabling some windows services, Virus will blocking any string he found on each active application, here is the list:
Ccert – sans. – bit9. – windowsupdate – wilderssecurity – threatexpert – castlecops – spamhaus – cpsecure – arcabit – emsisoft – sunbelt – securecomputing – rising – prevx – pctools – norman – k7computing – ikarus – hauri – hacksoft – gdata – fortinet – ewido – clamav – comodo – quickheal – avira – avast – esafe – ahnlab – centralcommand – drweb – grisoft – nod32 – f’prot – jotti – kaspersky – f’secure – computerassociates – networkassociates – etrust – panda – sophos – trendmicro – mcafee – norton – symantec – microsoft – defender – rootkit – malware – spyware – virus

Lame technique (again) virus will try download and executed some images files from some website, Virus will make firewall rule that can make your computer attacked from outside and totally control your computer (scary…. some people know this as botnet).

Virus Spreading:
Brute force default share administrator account.
Lame autorun.inf and hidden file on recycler folder (mostly on each drive with hidden attributes)
SVCHOST.exe exploited (that’s why there is microsoft update).

Alright enough, here are the 7 simple steps to remove conficker:

  1. Unplug every computers from network.
  2. Deactivated system restore service (XP/Vista)
  3. Kill active virus in background service, you can use Norman Malware Cleaner (Click To Download). (Since this virus using UPX compression, the easiest way to detect it is by using Ansav Utility and killed any UPX packet in background)
  4. Delete fake SVSHOST.exe in registry.
  5. Delete “Schedule Task” that virus created (%systemrot%\WINDOWS\Tasks)
  6. Repair your registry using code below or download repair.inf[Version]
    Signature=”$Chicago$”
    Provider=Nobody

    [DefaultInstall]
    AddReg=UnhookRegKey
    DelReg=del

    [UnhookRegKey]
    HKCU, Software\Microsoft\Windows\CurrentVersion\
    Explorer\Advanced, Hidden, 0×00000001,1

    HKCU, Software\Microsoft\Windows\CurrentVersion\
    Explorer\Advanced, SuperHidden, 0×00000001,1

    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
    \Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00000001,1

    HKLM, SYSTEM\CurrentControlSet\Services\BITS, Start, 0×00000002,2
    HKLM, SYSTEM\CurrentControlSet\Services\ERSvc, Start, 0×00000002,2
    HKLM, SYSTEM\CurrentControlSet\Services\wscsvc, Start, 0×00000002,2
    HKLM, SYSTEM\CurrentControlSet\Services\wuauserv, Start, 0×00000002,2

    [del]
    HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, dl
    HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, ds
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, dl
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, ds
    HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, TcpNumConnections

    *NOTE: For files active on startup you can disabled it from msconfig or using hijackthis or deleted it manually in registry “HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

    7. Scan with your best and updated antivirus to stop virus coming back in the future, and update your computer with this patch http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Tags: , , ,
Posted in Security, Tips And Tricks, Virus | No Comments »

Steps To Remove Unwise.exe Virus

Monday, August 31st, 2009

Note: This manual virus removal tips process may be difficult and you run the risk of destroying your computer. We recommend that you use the SpyHunter’s spyware detection tool to check for unwise.exe.

Step 1: Remove unwise.exe Processes using Windows Task Manager

  • To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
  • Click on the “Image Name” button to search for ” unwise.exe” process by name.
  • Select the ” unwise.exe” process and click on the “End Process” button to kill it.

Step 2: Find unwise.exe Path using Windows File Search Tool

  • Go to Start > Search > All Files or Folders.
  • In the “All or part of the the file name” section, type in ” unwise.exe” file name(s).
  • To get better results, select “Look in: Local Hard Drives” or “Look in: My Computer” and then click “Search” button.
  • When Windows finishes your search, hover over the “In Folder” of ” unwise.exe”, highlight the file and copy/paste the path into the address bar. Save the file’s path on your clipboard because you’ll need the file path to delete unwise.exe in the following manual removal steps.

Step 3: Registry Clearing

Take START then Command Prompt–>Type regedit then Click OK.After one window open .Click on Ctrl+F and type umwise_.exe.Click Search Button and all (unwise_.exe)entries deleted.

Step 4: Detect and Delete Other unwise.exe Files

  • To open the Windows Command Prompt, go to Start > Run > cmd and then press the “OK” button.
  • Type in “dir /A name_of_the_folder” (for example, C:\Spyware-folder), which will display the folder’s content even the hidden files.
  • To change directory, type in “cd name_of_the_folder”.
  • Once you have the file you’re looking for type in del “name_of_the_file”.
  • To delete a file in folder, type in “del name_of_the_file”.
  • To delete the entire folder, type in “rmdir /S name_of_the_folder”.
  • Select the ” unwise.exe” process and click on the “End Process” button to kill it.

Tags: , ,
Posted in Security, Virus | No Comments »

BitDefender Antivirus 2010 For Maximum Security and Maximum Speed

Saturday, August 29th, 2009

For detail and purchase, please follow this link.

BitDefender Antivirus 2010 provides advanced proactive protection against viruses, spyware, phishing attacks and identity theft, without slowing down your PC.

Minimal system requirements

* Windows XP SP2, Vista, Windows 7
* 800MHz processor
* RAM:
o 512 MB (Windows XP)
o 1 GB (Windows Vista and Windows 7)
* 450 MB available hard disk space
* Internet Explorer 6

BitDefender Antivirus 2010 provides affordable, industry leading protection against viruses, spyware, and identity theft…. without slowing down your PC. It features: IM Encryption, for confidential chatting; Gamer Mode, for secure gaming at top speed; Laptop Mode, for prolonged battery life; automatic hourly updates; and more!

For 2010, We’ve Made:

* The industry’s strongest security, even stronger!
* Blazing fast performance, even faster!
* Ease of use, even easier

Securely download music, movies, and files from the Web, friends, and family!

* Scans and removes viruses and spyware
* NEW! Advanced protection that continually monitors your system to catch threats that lay dormant, before they attack
* Scans all Web, e-mail and instant messaging traffic in real-time
* Proactively protects against new virus outbreaks using advanced heuristics

Protect your identity: shop, bank, listen, and watch… privately and securely!

* Stops attempted identity theft (phishing)
* Prevents personal information from leaking via e-mail, Web or Instant Messaging
* Blocks concealed programs that track your online activities

Security that won’t slow your PC down!

* NEW! Scans 60% faster than even last year’s lightning-fast edition!
* Uses minimal system resources
* Laptop Mode prolongs battery life

Guard your conversations with top-of-the-line encryption!

* Instant Messaging Encryption (Yahoo! and MSN Messenger)

Gamer Mode!

* Reduces the system load and postpones scans/ updates, allowing for secure gaming at top speed

Be in control, stay in control!

* Manages the security of your entire home network from one PC
* Use the dashboard to fix security issues with just one click
* Automatically decides best security actions to take

Designed for ease of use!

* NEW! User Profiles (Standard, Parent, Gamer, Custom) – set up your security to best match your computing activities
* NEW! See only what you need! Select from Novice, Intermediate, and Advanced views

Tags: , , , ,
Posted in Applications, Security, Virus | No Comments »

Getting Familiar With Online Phishing and Fraud

Thursday, August 27th, 2009

Online theft is one criminal action in a virtual world that uses email, websites, chat rooms or message in your account page.

There are several types of this crime such as phishing and pharming scams, using email or websites to trick the recipient of a message to provide personal data such as credit card data, social security numbers, and their important account password.

However, although the movement is growing, it is not that hard to avoid it. Learn basic tips to deal with it so we do not fall to this cyber world of fraud that quoted from Symantec:

What to Do:

  • Consider to disable file sharing on your computer.
  • Be careful when opening file attachments, especially from unknown senders.
  • Familiarize yourself to understand privacy policy on the internet, especially if you are asked to provide sensitive or personal data.
  • Control the existing provisions in the bank and credit cards regularly.
  • Install and regularly update your software firewall, antivirus, and anti-spyware.
  • Maintain the habit of updating the Windows operating system and other applications with the latest patches.
  • Strengthen and secure passwords carefully, or consider using password protection software.
  • Lock your mailbox.
  • Mash or shredded recap or information obtained from the use of credit card or bank before discharge.
  • Check your bank account and your credit card every month.
  • Take advantage of free reports on your credit card transactions.
  • If you feel you’ve become victims of identity theft or other cyber crimes, report to the authorities immediately.

What to Avoid:

  • Do not provide personal data to anyone via phone or directly (including for purposes of seeking employment, applying for loans, etc.) unless you’re absolutely sure that the person or institution can be trusted.
  • Do not easily believe it and then reply to incoming email by providing your personal data, including the site obtained from the links, or pop-up ads that suddenly appear on the screen. Better, open a new browser page and type in URLs directly addressed in the address bar to make sure that the site is legitimate.
  • Do not store financial data on a laptop unless absolutely necessary. Because portable computers more easily and frequently stolen than a desktop computer.

Tags: , , ,
Posted in Ethics, Security, Tips And Tricks, Virus | No Comments »

Steps To Kill Full House Viruses

Wednesday, August 19th, 2009

Another virus that threatens the computer users is FullHouse virus. Characteristic of this virus is to create one additional drive with the name FullHouse Drive.

The virus is made using Visual Basic programming language. In the conduct action, it will make the drive in the Desktop, My computer and Control Panel that will show the image “Han Ji Eun” artist in the beautiful series Full House while it’s being opened.

To clean the virus, see the following steps:

Scan virus that is located in the directory C: RECYCLER with antivirus that can detect this virus with both. Vaksincom use Norman Security Suite.

After the scan is completed, there are files with virus deleted files status (defered) means the file will be removed when the windows restart

-Click the Close button Clean ago at the time of the Norman Security Suite also will ask the computer to restart

To renormalize registry that has been created by the virus, open Notepad then copy the script below:

[Version]

Signature=”$Chicago$”
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCR, batfileshellopencommand,,,”"”%1″” %*”
HKCR, comfileshellopencommand,,,”"”%1″” %*”
HKCR, exefileshellopencommand,,,”"”%1″” %*”
HKCR, piffileshellopencommand,,,”"”%1″” %*”
HKCR, lnkfileshellopencommand,,,”"”%1″” %*”
HKCR, scrfileshellopencommand,,,”"”%1″” %*”
HKCU, SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced,
HKLM, SOFTWAREClassesexefileDefaultIcon,,,”"%1″”
HKLM, SOFTWAREClassesexefile,,,”Application”
HKLM, SoftwareCLASSESexefileshellopencommand,,,”"”%1″” %*”
HKLM, SoftwareCLASSESregfileshellopencommand,,,”regedit.exe “%1″”

[del]

HKLM, SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun, Task
Manager
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun, Manager Task
HKCR, exefile, NeverShowExt
HKCR, CLSID{10020D75-0000-0000-C000-000000000000}
HKLM, SOFTWAREClassesCLSID{10020D75-0000-0000-C000-000000000000}

Save-as “repair.inf” select Save As Type choose All Files

Run-repair.inf with a right click and select install

-Delete the file created by the virus with the following characteristics:
File type “application”
Extension “exe”
Size 168 kb

-To facilitate the process of searching the files of virus use “Search Windows”
with the filter *. exe files that have a size of 168 KB and the date modified
pertanggal 7/8/2008

Next-delete “FullHouse Drive” on the Desktop, My Computer and Control
Panel

Recovery-Folder on the Flash Disk that has been in the Hidden

To re-display the hidden folder on the flash. Use
command “attrib” in the command prompt.
Click “Start”
Click “Run”
Type “CMD”, then press the “Enter”

-Move the directory to position Flash Disk drive, eg the type E
the E: and press “enter”

-Then type the command attrib-s-h-r / s / d and press the
“enter

Tags: , ,
Posted in Applications, Security, Tips And Tricks, Virus | No Comments »

Taking Care Of Malware For Twitter Users

Saturday, July 4th, 2009

Following the occurrence of phishing attacks (online data theft) to the Twitter users through the distribution of spam messages in bulk, Symantec Security Response has detected a false invitation Twitter bring worm email bulk dangerous.

Described Ronnie Ng, Manager of Systems Engineering & Singapore Indonesia Symantec, the name is dangerous insert Invitation Card.zip and identified as W32.Ackantta.B @ mm, which was first found in viruses attack e-card in February.

W32.Ackantta.B @ mm is a mass email worm collects email addresses from computers that are infected and spread with a copy to yourself flash disk / external hard drives and folders that can be accessed by many people.

“Messages are displayed as if sent from Twitter account. However, different from the original Twitter message, there is no URL appears in the body of the invitation email. In fact the user will see the insertion that appears as a. Zip which contains the card, such as invitations, “he said in the caption to detikINET, Tuesday (30/6/2009).

This insertion of a malicious worm that collects bulk email addresses of computers that are infected and spread with a copy to yourself flash disk / external disks and folders that can be accessed by many people.

In May 2009, Symantec observed that spam levels increased to levels approaching 90% of all email, consistent with the level observed in May 2008.

“As Twitter continues to achieve popularity among users of social networks, people routinely receive email updates and invitations from other users. Symantec estimates spammers will continue to use Twitter and social networks as a popular bait in their attacks,” he said.

Tags: , , ,
Posted in Applications, Cyber News, Security, Virus | No Comments »

Are Firewall and Antivirus Enough?

Tuesday, May 12th, 2009

Various types of attacks that occurred in the network, make the business use layered protection for their network. Antivirus and firewall is mandatory to use, but whether it is all enough? 

According to the Tipping Point, provider of network security devices, the two things that are not enough. A hardware also recommended to increase the security level of a network. 

For example Instrusion Prevention System (IPS), a hardware created by Tipping Point. IPS is claimed can increase network security, both from the worm or attack the virtual malware. 

“If the firewall can filter out data packets that are allowed through, the Tipping Point IPS detects more in the package,” said Hans Tanit, Country Sales Manager Indonesia Tipping Point, to the press at the Ritz Carlton Hotel, Jakarta , on Tuesday (12/5/2009). 

With the price offered, up to US$200,000 range for their high-end product TP5000. Obviously Tipping Point zero in the business is a very important level of network security. 

Tipping Point integrated with IPS is already enough work to depute a firewall and antivirus? “Of course not, the user is still advisable to use anti virus to protect their computers,” said Sugiarto Kho, Regional Director, ASEAN Region, Tipping Point.

Tags: ,
Posted in Cyber News, Security, Virus | 1 Comment »

Six Steps To Kill Virus On Yahoo Messenger

Sunday, February 22nd, 2009

Coutsonif.A, the virus that attacks the Yahoo Messenger and Skype’s users should be. This virus spreads by sending itself to all contacts in the address of the application from the infected computer.

Message at a glance like a message in general. Remember to not click the sent by your friend. The message was not sent by your colleagues, but by viruses that have been successfully infected your friend’s computer.

Well, if already infected, then it will automatically create a random file name with the extension .tmp and. exe that will be stored in the directory C:Documents and SettingsusernameLocal SettingsTemp with the different name different.

(more…)

Tags: , , ,
Posted in Security, Virus | 3 Comments »

20 Most Popular Crash Maker Software

Saturday, February 7th, 2009

Security Kaspersky Network (KSN) displays a list of two of the top 20 malicious programs for the period from January 2009. The first list contains the details of evil, and the ad program “brake” on the computer. While the second list shows the data in general programs, which attacks the evil object in the user’s computer.

(more…)

Tags: , ,
Posted in Security, Virus | No Comments »

« Older Entries