New Malware Targets Financial Institutions

More than 55 percent of all new malware identified in the third quarter of this year is Trojan, according to reports PandaLabs security agency .

Panda Security said most of the banking trojan designed to trick web users to navigate a fake financial sites, so cyber criminals can steal login details and passwords.

The use of email in the spread of malware, once the most preferred method, it actually decreased. Vice versa cybercriminals that resulted in infection in social networking, including Clickjacing like Facebook is that now most often used.

Launched by PC World, on Monday (4/10/2010), Panda also says 95 percent of all emails received during the third quarter of this is spam, and 50 percent of spam was sent from only 10 countries, including India, Brazil and Russia.

The security firm also said that during the last three months has a number of attacks on Google's Android phones, which can be the beginning of a wave of threats smartphones targeting .

"We are also starting to see a legitimate Android application compressed self-extracting files, which are designed to infect when the application was extracted. In other words, Android applications that are used as bait to infect the computer with self-extracting files," said PandaLabs.

8:42 AM | 0 comments | Read More

New virus threatens Symbian OS

NetQin a security company warned about the dangers of a new virus that attacks smart phones based Symbian OS. According to NetQin, that virus is difficult to detect because it disguised in mobile game. Some of the Symbian platform that became the target are S60 3rd Edition and S60 5th edition or the Symbian OS 9.4.

Quoted by SF Gate, Friday (7/9/2010), this virus was detected and named ShadowSrv.A, FC.Downsis.A, BIT.N and MapPlug.A, this virus are fused in a game in Symbian mobile phones. When the game is executed, the virus directly take over the mobile phone and tucked Malware.
Once infected, the virus will send a message to all contacts directly, and send messages to random phone numbers to connect to the server, "wrote NetQin.

"The message contains a URL that contains content such as video called the World Cup or the popular television show, which actually is a site full of viruses. After that, the virus will delete the messages sent from the outbox SMS, including logs," he added.

In late 2009, NetQin also found a botnet named iKee attacking iPhone.

9:30 AM | 0 comments | Read More

Is Mac OS More Secure Than Windows?

Some desktop users believe that PC Mac is more secure than Windows OS from virus attacks. that is True?

According to cybersecurity analysts Hemanshu Nigam, PC Mac with OS X it will not necessarily be safe forever, at least for now. He claims that OS X also has a vulnerability, although not as much as Windows.

"Apple is claiming the Mac OS will be safe from viruses, that's what makes the hackers will be motivated to launch an attack" told Nigam on CNN, which was launched on Friday (18/06/2010.

"hackers Community focus on companies which have a considerable market share. Getting a considerable market share has attracted the attention of hackers," he added.

However, Nigam emphasized that Apple must maintain the ability to "take over" the situation.

"If not, it risked Apple's reputation for long-term," he said.

Meanwhile, according to Kevin Haley, director of Symantec Security Response, said the same sentiment.

"Market share is a good indicator for hackers, because hackers are motivated by money., So they want to get access to the most amount of people," said Haley.

2:33 AM | 0 comments | Read More

Koobface Infect Facebook And Twitter

Kaspersky found there are a Koobface wave, a very productive worm infects social networking sites, like Facebook and Twitter. Malicious programs are also using a compromised legitimate websites as a representative for the main command and control servers.

"Over the past two weeks, the research team Kaspersky Lab has studied the Koobface live C & C servers turned off or cleaned an average of three times per day. The numbers continue to decline, from 107 on February 25, to a level 71 on March 8. Then, just within 48 hours that number grew from 71 to 142, raising the total amount exactly two times, where all the infected computers Koobface get orders and updates from a distance, "said the Kaspersky Labs, through its official statements, on Sunday (14/3/2010 ).

According to Kaspersky, the command and control infrastructure Koobface can be observed when he saw the evolution of the geographical location of IP addresses used to communicate with the infected computer. The use of C & C server is increased, especially in the U.S., from 48 percent to 52 percent. Currently, more than half the server Koobface C & C has hosted in the U.S., far more than other countries.

Based on this, he continued, Kaspersky can conclude that cyberspace criminals continually monitor the status of their infrastructure. They do not want the amount of C & C server is down too much because it means losing control of the botnet. When the amount of C & C server is active down to a critical level, they seemed ready to implement dozens of C & C server is new.

"It seems when the server 100 C & C online, Koobface will feel more relaxed. They also prefer to distribute the server their C & C around the world with a different ISP, to make a take-down process is more difficult. However, most servers Koobface C & C are in the U.S. , "said Tanase.

Tanase claims, Kaspersky Lab users use one of the anti-malware Kaspersky's products totally protected from all variants of Koobface.

12:47 AM | 0 comments | Read More

How to Clean Virut Virus

Virut virus is most dangerous virus than Conficker. Although spreading not fast as Conficker, but the virus is included in the level of very dangerous, even today there are no tools that can detect and eradicate the virus completely.

The following are virut virus characteristics, according Virut Vaksin.com:

1. Disable Windows File Protection
2. Spread through the web pages -based HTML , ASP and PHP
3. Infection host Windows file, and remote control to the IRC server, if the computer connected to the Internet
4. Making computers a source of virus updates and spam to spread a particular address
5. Making computers into spam servers by using the public IP

How to clean the virus:

1. Disable System Restore (XP / ME)

2. Download Norman Malware Cleaner at (http://normanasa.vo.llnwd.net/o29/public/Norman_Malwar e_Cleaner.exe)
to remove the virus from a clean computer, then save the file with the extension. com or cmd, or compress into the zip, then run.

3. After the cleaning process complete, restart your computer.

4. Remove string registry that was created by virus. To make it easier, use the following registry script.

[Version]
Signature=”$Chicago$”
Provider=Artikel tentang Komputer | ErhaesCom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Adva nced\Folder\Hidden\SHOWALL, CheckedValue, 0×00010001, 1
HKLM, SYSTEM\CurrentControlSet\Services\SharedAccess\Paramete rs\FirewallPolicy\StandardProfile, EnableFirewall, 0×00010001, 1

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, reader_s
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, servises
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Expl orer\Run
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Windows, load
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Windows, run
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, reader_s
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, servises
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 22951
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Regedit32
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Expl orer\Run
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Adva nced\Folder\Hidden\NOHIDORSYS
HKLM, SYSTEM\CurrentControlSet\Services\SharedAccess\Paramete rs\FirewallPolicy\StandarProfile\AuthorizedApplications \List, \??\C:\WINDOWS\system32\winlogon.exe
HKLM, SOFTWARE\Policies\Microsoft\WindowsFirewall

5. Use the notepad, then save with the name "repair.inf" (use option Save As Type to All Files for avoid mistakes).

6. To anticipate if network drive is not connected, replace network drive file "ndis.sys" (size 179 kb) and "TCPIP.SYS" (size 351 kb) from uninfected computer. Usually the file is located in C:\WINDOWS\system32\driver and C:\WINDOWS\system32\dllcache

7. Return the hosts file which already infected with replace the file "hosts" (size 1 kb) from uninfected computer. Usually located at C:\WINDOWS\system32\driver\etc.

8. Use antivirus which was updated and can detect and eradicate this virus very well.

6:13 AM | 0 comments | Read More

Improving File .Exe damaged by Virus

Follow This Steps:
A. Check Settings File Types list:

1. Open Windows Explorer ---> [Tool Option]

2. Select Tab [File Types] ---> New

3. In the File box fill exstention [EXE]

4. Click tab [Advance]

5. Select [Application], and click [OK]

B. Update registry [download]
This way done if the first way does not work, at this step will be reform that the registry changes by virus.
or you can simply create your own File, copy the following files into the notepad then Save as the file name [fix.reg] adjust to your windows.

Windows XP

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

or Download Here

Windows Vista

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids]
"exefile"=hex(0):

or Download Here

Note:
copy scrift into notepad and then save with name as u like, change the file extension become ".bat" and select save as type "all files"

5:33 AM | 0 comments | Read More

Known Spyware

Spyware is a program created with the purpose to spy (spy). Spyware is not a common threat, but can be very dangerous, spyware threats privacy and can reduce the performance of network system.

Spyware has existed since 1994. At that time, famous SPYWARE is Gator. Spyware is still exist till today. at the beginning spyware is aimed to the advertising business. But now everything has changed, spyrware used for destructive purposes.

Spyware Categories

1. Trojan / backdoor
2. Adware
3. Keylogger
4. DDoS agent (zombie)
5. Sniffers, password crackers
6. Browser Helper Object
7. Eg Kazaa P2P.
8. RAT - Remote Access Tool / Trojan.

If we see there is overlapping with anti-virus solution that is in the trojan. Anti-virus solutions are generally able to detect the presence of Trojan in our system. But for other categories such as adware, P2P, hacker tools, anti-virus generally does not include this category in their detection.

Then why tools such as sniffer classified into spyware? There's a reason behind it. As we know that the sniffer tools can have two sides that is a good side or useful for administrators.

Sniffer can be used by administrators to do 'tracing' or analysis packages on their networks. Network Load utility to determine the bandwidth is also using sniffer technology. Tool IDS - Intrusion Detection System based network is also using sniffer technology to detect an intrusion on one network.

But on the other hand sniffer can be used for bad purposes, as example for sniffing user-id and password used on a network. in addition there is a category of spyware happy to install that is P2P - Point to Point software, such as for example is Kazaa - P2P for file sharing is very popular. In the Kazaa there is a lot of adware - ads software - because that's where they make a profit. This category is included in the 'user awareness installation' means a user who does trigger the installation itself, not via embedd.

4:58 AM | 0 comments | Read More

How to Analyzing a Virus

To do an analysis of a virus usually requires tools that can analyze a virus in detail and quick. Here are some tools you can use to analyze a virus:

1. Analysis Malcode Pack
(http://labs.idefense.com/software/download/?downloadID=8)
This tool consists of a variety of applications that can help you analyze a malcode.
Examples like ShellExt, socketTool, fakeDNS, Sheilcode2Exe and so on.

2. Autorun for Windows
(http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)
This application is used to determine the location of auto-starting of the startup screen in the windows.
This application will show you programs that run during system bootup or login to do.

3. RegMon for Windows
(http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx)
This tool can display any application that is doing the registry access in your system.
All will be displayed in real-time

4. Filemon for Windows
(http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx)
This tool will display the system activity from a file in the operating system in real-time.

5. Multipot (http://labs.idefense.com/software/download/?downloadID=9)
This application is designed to collect a lot of malicious code found on the Internet.

6. Process Explorer for Windows
(http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
This tool to know information about DLLs dal handles currently open process.
This application will show list of processes that were active at that time.

7. Resource Hacker (http://www.angusj.com/resourcehacker/)
Tool that can be used to change the resource on win32 executables and other resource files.

8. Rootkit Unhooker (http://www.antirootkit.com/software/RootKit-Unhooker.htm)
Applications for mendateksi rootkits.
Some of the features offered include Ultimate Drivers Detection, Hidden Files Detection and so on.

9. SysAnalyzer (http://labs.idefense.com/software/download/?downloadID=15)
This tool can analyze malcode automatically run time to monitor what is being done by the system and running processes.

10. PE Identifier (http://www.peid.info/)
This application is used to detect the Packers, cryptors.
This tool can mendeteks more than 600 different signatures of the PE file.

11. VB Decompiler Lite (http://www.vb-decompiler.org/download.htm)
A program to program Decompiler berextensi EXE, DLL and OCX.

12. EXE MiTec Explorer (http://www.mitec.cz/exe.html)
This tool was created as an executable reader.
This application is able to read and displays executable file properties and structure of a file being analyzed.

6:41 AM | 0 comments | Read More

How To Clean Yahoo Messenger Virus

if already infected, then it will automatically create a random file name with the extension. tmp and. exe that will be stored in the directory [C: \ Documents and Settings \% user% \ Local Settings \ Temp] with a different name.

Follow this Way :
1. Disable 'System Restore' during the cleaning process.
2. Disable autorun Windows, so viruses can not be automatically activated when access to the drive / flash disk.

* Click the 'start'
* Click 'run'
* Type 'gpedit.msc' without the quotes. then enter, This will bring up the screen 'Group Policy'
* On the menu 'Computer Configuration and User Configuration', click 'Administrative templates'
* Click the 'System'
* Right click on 'Turn On Autoplay', select 'Properties'. This will bring up the screen 'Tun on propeties Autoplay'
* In the tabulation 'Settings', select 'Enabled'
* In the column 'Tun off Autoplay on "select" All drives "
* Click 'Ok'

3. Turn off the virus, use the tools 'security task manager' and then delete the file [sysmgr.exe, vshost.exe, winservices.exe, *. tmp]

Just a note,. Tmp files that have showed TMP extension [example: 5755.tmp]. Right-click on the file and select 'Remove', then select the option 'Move files to Quarantine'.

4. Repair registry that has been changed by the virus. To speed up the process of removal / how to remove the virus, please copy this script in notepad and save it with the name repair.inf. Execute the following manner: right click at repair.inf and select install.

[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee

[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del

[UnhookRegKey]

HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ batfile \ shell \ open \ command ,,,"""% 1 "% *"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ comfile \ shell \ open \ command ,,,"""% 1 "% *"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,"""% 1 "% *"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ piffile \ shell \ open \ command ,,,"""% 1 "% *"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ regfile \ shell \ open \ command,,, "reg edit.exe"% 1? "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ scrfile \ shell \ open \ command ,,,"""% 1 "% *"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKCU, SessionInformation, ProgramCount, 0 × 00010001.3
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ BlockedPopup \. Curr ent,,, "C: \ WINDOWS \ media \ Windows XP Pop-ups Blocked.wav"
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ EmptyRecycleBin \. C urrent,,, "C: \ Windows \ Media \ Windows XP Recycle.wav"
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ Navigating \. Curren t,,, "C: \ Windows \ Media \ Windows XP Start.wav"
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ SecurityBand \. Curr ent,,, "C: \ WINDOWS \ media \ Windows XP Information Bar.wav"

[del]

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Microsoft (R) System Manager
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, help bMaxUserPortWindows Service
HKLM, SYSTEM \ CurrentControlSet \ Services \ TCPIP \ Parameters, MaxUserPort

5. Delete the following viruses:
C: \ vshost.exe [all drives]

C: \ autorun.inf [all drives]

C: \ RECYCLER \ S-1-5-21-9949614401-9544371273-983011715-7040 \ winservices.exe

C: \ Documents and Settings \% user% \ Local Settings \ Temp

A415.tmp [random]

034.exe [random]

Lady_Eats_Her_Shit-www.youtube.com

C: \ WINDOWS \ system32 \ sysmgr.exe

C: \ WINDOWS \ TEMP \ 5755.tmp

C: \ windows \ system32 \ crypts.dll

C: \ windows \ system32 \ msvcrt2.dll

6. For optimal cleaning and prevent reinfection please use the antivirus which can detect and eliminate this virus up to date.

7:20 AM | 0 comments | Read More

Kaspersky 2010 'The Best' In Romania

Kaspersky Internet Security 2010 has been chosen as 'The Best' by the readers of CHIP and XtremPC, a leading IT magazine in Romania. This survey initiated by the magazine in order to identify software and hardware products the best in the year 2009.

Kaspersky Internet Security 2010 was selected as 'Security Software Product of the Year 2009' in the software category. Kaspersky received the highest score compared with rival developers, such as Norton Security 2009 and 2010, and ESET Smart Security 4.

"In this two-year Kaspersky Internet Security was selected as 'Product of the Year' by the readers of CHIP and XtremPC," said Teodor Cimpoesu, Managing Director of Kaspersky Lab Romania and Bulgaria.

Kaspersky Internet Security 2010 combines Safe mode Run a technology based on innovative new Sanbox, a unique feature of the Internet Security Suites. Run Safe allows users to run software in isolated virtual environment and protect the operating system of all types of malicious damage.

Statistically, Kaspersky Internet Security 2010 has shown that the vulnerability of the operating system and applications are often trusted to be used by hackers to attack the applications that use the Internet.

5:14 AM | 0 comments | Read More

10 Countries Producer Dangerous Trojan

Anti-virus vendor Kaspersky released a 10-producing countries dangerous trojan that can steal passwords. List of countries expressed at the conference about the threat of cyber crime in the future, which took place in Moscow

China ranked as a top maker of Trojans with 63 percent followed over Russia (12%). While Germany, India and Turkey ranked next with 4 percent position. As for Egypt, the United States, Ukraine, Mexico, and France occupied the position to produce 3 percent of the outstanding trojan.

Aleks Gostev, director of the Global Research and Analysis Team Kasperski said other countries somewhat surprising is the presence of Egypt in the list of 10 countries Trojan creators. And the country known to the state is not typical trojan makers.

ITP.net reported on Saturday (30/1/2010), the data are based on research on tens of millions of computers around the world. "Egypt is the worst victim of cyber crime cases in 2008, but in 2009 the number of attacks decreased to Egypt," said Gostev.

"Apart from Egypt, which surprisingly is Turkey, a lot of malware that are now made in Turkey," he said.

List of producing countries trojan
1.China
2.Russia
3.Jerman
4.India
5.Turki
6.Mesir
7.Amerika States
8.Ukraina
9.Meksiko
10. France

11:47 PM | 0 comments | Read More

Avoiding Spam

Here are some tricks that can be done to ward off spam invasion recommended by Symantec's.

Who should to do:

- Unsubscribe from legitimate mailing-list if you do not want to receive messages again. When registering to receive email, check out additional items whatever you want at the same time. Do not select the items you want.
- Selective in terms of sites where you register your email address.
- Avoid displaying your email address on the Internet. Consider alternative options-for example, use a separate address when registering at a particular mailing list, have several email addresses for many different purposes, or look for a disposable email service.
- By using the instructions provided by the administrator, report spam if you have the option to do so.
- Delete all spam
- Avoid clicking on suspicious links in emails or IM messages, because it could be connected to a fake site. We recommend to type a website address directly in the browser rather than trust the link in the message.
- Ensure that the operating system up to date, and use security software packages are comprehensive.
- Consider the anti-spam solution that has a good reputation for handling filtering throughout your organization.

Who should not to do:

- Opening an email attachment from an unknown. This appendix can infect your computer.
- Replying to spam. Usually forged email address, and reply to email spam will result - Fill out the form in a message requesting personal or financial information or passwords (passwords). Leading companies can not ask for your personal information via email. If you hesitate to contact the company through a trusted independent mechanism, such as by verifying the phone number or Internet address is known that you type into a new browser window (do not click on or cut and paste the link in the message).
- Buying products or services from spam messages.
- Open the spam message.
- Forward any virus warnings you receive by email. It could be a lie massages

8:42 AM | 0 comments | Read More

Cleaning Facebook Virus

A computer virus is utilizing the popularity of Facebook to attack the victim. Consider the ways to clean facebook Virus W32/Obfuscated.D2! Genr and Antispyware Security Tools - antispyware fake - that accompany the article Vaksincom following:

1.Disable system restore during the cleaning process
2.Disconect computer from the network / internet
3.Best use in "safe mode"
4.Install software "Unlocker" (download at FileHippo)
5.kill active virus process in memory, use the tools "Security Task Manager", please download these tools in Neuber.com

Turn off the virus with "security task manager"

6.Fix registry, to accelerate the process of repair registry please copy this script in notepad and save it with the name [repair.inf]. Execute the following manner:

a.right click [repair.inf]
b.click [install]

[Version]
Signature = "$ Chicago $"
Provider = Vaksincom

[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del

[UnhookRegKey]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKCU, Software \ Microsoft \ Internet Explorer \ Main, tart Page, 0, 'about: blank "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, userinit, 0, "userinit.exe"

[del]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, reader_s
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, 47543326
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, PromoReg
HKCU, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, reader_s
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, EnableProfileQuota
HKEY_LOCAL_MACHINE \ SOFTWARE \ AGProtect
HKEY_LOCAL_MACHINE \ SOFTWARE \ 47543326
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Network, UID
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion, Rlist
HKU,. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ (43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6)
HKU,. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ (8FFA689D-2C2B-2B2E-D865-74C04CA4EF06)

7. Remove files created by the virus by first showing tersebunyi files. Then delete the following files::

C: \ Documents and Settings \ All Users \ Application Data \ 47543326
C: \ Documents and Settings \ Elvina \ Start Menu \ Programs \ Security Tools.lnk
C: \ Documents and Settings \ Elvina \ Desktop \ Security Tools.lnk
C: \ Documents and Settings \ Elvina \ Application Data \ wiaservg.log
C: \ Documents and Settings \ Elvina \ Local Settings \ Temp \ *. tmp
C: \ WINDOWS \ Temp \ wpv311256600826.exe
C: \ WINDOWS \ Temp \ wpv411256806849.exe
C: \ Documents and Settings \% user% \ reader_s.exe
C: \ Documents and Settings \% user% \ Start Menu \ Programs \ Startup \ isqsys32.exe
C: \ WINDOWS \ system32 \ reader_s.exe
C: \ Windows \ system32 \ wbem \ proquota.exe
C: \ windows \ system32 \ sdra64.exe
C: \ Windows \ system32 \ lowsec
local.ds
user.ds
user.ds.lll

Note:
To remove the folder [C: \ Windows \ system32 \ lowsec] and [C: \ windows \ system32 \ sdra64.exe], use the tools "Unlocker" to separate the process system process windows (explorer.exe and svchost.exe), because the file will inject file [explorer.exe and svchost.exe] how:

* Right click on the file [C: \ windows \ system32 \ sdra64.exe] or the [C: \ Windows \ system32 \ lowsec]
* Then click menu "Unlocker"
* On Unlocker screen, select the option [delete]
* Then click the [OK]
* If the error message, in disregard it (click ok)


8.delete temporary files and temporary interet files, use the tools ATF-Cleaner.

9.for optimal cleaning and prevent re-infection, anti-virus scan with up-to-date. You can also use tools to clean with Norman Malware Cleaner or Malwarebytes Anti-Malware.

Consider also the earlier analysis by the virus Vaksincom Facebook:

* Virus Facebook: It's Fall, and Bitten Affected Dogs Appliances
* Identify Characteristics Facebook Email Virus Carrier


The author, Adang Jauhar Taufik, the analyst of Vaksincom antivirus.

8:32 AM | 0 comments | Read More

12 tips to avoid viruses

Some of the effects the virus is very diverse. There was the usual level category, meaning that only affect the performance of your computer system. At a higher level viruses can also delete important data you. Highly fatal, even viruses can damage your computer system. Computer connected to the network, could be a virus can turn your computer as a zombie computer (a computer-controlled by someone else).

This 12 tips for u :

1. E-mail is one way viruses spread most easily and most dangerous. Make sure you open the e-mail from sources that you make sure kebenaranya. If the e-mail that you get comes from sources that you do not know or did not come from the contact list you have, immediately delete the e-mail. Make sure the incoming SPAM list immediately evacuated. Do not even time to open it.
2. USB Flash Disk is the method most widely spread of the virus after an e-mail. So make sure you update anti-virus well before USB Flash Disk into your computer connected. Scan it before opening. How to open it also do the double click, but with the right click and select Open. This way is safer to avoid the viruses that enter through the autoruns included in USB Flash Disk.

3. Be careful to use e-mail program such as Microsoft Outlook client. Make sure the program is properly updated. If the operating system you use is pirated, I suggest you use e-mail client that its free and can be updated automatically, such as Mozilla Thunderbird or Pegasus.

4. Everyone must know the Internet is the largest source of spread of the virus in the world. Nearly 80% of viruses spread through the line. The following safety tips when you are done surfing the realm of the internet: - Do not click on pop-up window is displayed. For example a notification that you are the winner of a lottery or click several times to eat you'll win a lottery. Actually it is a malicious program that automatically send a trojan or spyware to your computer. - You can use the feature or program to atomatis block pop-ups that will be displayed. This feature is usually already included in the web browser you use.

5. Search engines like Google sometimes can not filter out sites that are considered as dangerous. For that you can install a program that can automatically detect sites that are not worth a visit or dangerous. Free program you can use the AVG Link Scanner. AVG Free program made it able to detect the sites google search results. If the site contains malicious viruses, it will display a warning or the site will be automatically blocked can not be opened.

6. Install anti-virus you can trust. No anti-virus should be paid, for home users / person you can use free anti-virus that is not less popular with paid anti-virus, such as Avira, AVG, Clamav, and others. Make sure you regularly update anti-virus to ensure that you install a virus able to withstand the increasingly developed kemampuanya.

7. Install anti-Spyware is also to prevent malware and spyware. Both these malicious programs can create other than a slow computer, can also mengahantarkan your computer as a zombie computer that can control the people out there. Some anti-spyware programs are quite popular free is Spyware Doctor, Spyware Terminator, etc.

8. Do not ever open an attachment that is included in the e-mail from unknown sources well. Although file attachments that are included are a rare file formats such as carrying the virus. Txt,. Jpeg,. Gif,. Bmp,. Tif,. Mp3,. Htm,. Html, and. Avi, but make sure you first scan.

9. Use a disk (CD / DVD) for mengimpan / backup of important data that are not easily infected with the virus. CD / DVD its only read only (only readable), but make sure before you moved into the disk, the data has been free of the virus. Karen if the virus data, it is useless to be stored on the disk.

10. Set the operating system you use to always perform regularly updated. This can reduce the risk of virus attacks from outside because the gap viral entry have been closed by updates that you do. But the update can only succeed if the operating system you are using is genuine. If not I suggest using a free operating system such as linux.

11. When you download programs from warez sites, make sure your anti-virus installed and updated properly. The files that come from these sites sometimes deliberately infiltrated by dangerous viruses.

12. Finally I suggest, do not visit sites that contain malicious viruses and malicious programs that can endanger your own computer, such as warez sites, crack, serial, porn, and others.

12 tips so you can do to secure your computer from virus attacks. One thing you need to understand "keep / care is better than cure". Good try.

8:15 AM | 0 comments | Read More

1 year, 7 Million Computers Infected Conficker

computer network security researchers found, the virus Conficker has successfully infected approximately 7 million computers worldwide in just over one year.

Quoted by Computer World, Saturday (31/10/2009), researchers from the Shadow Server Foundation says it has managed to track down millions of computers around the world IP infected Conficker.

Tracking is successfully done by first tracking algorithm used by the virus and then they buried 'sinkhole' servers into the Internet domain name that visited the program. Conficker deemed to have been sent instructions to the various ways that the creators still can control the PCs there. But thanks to the help of 'sinkhole', the researchers could track down the infected machine.

"Although most computer users already know the virus Conficker but along with it also the virus continues to infect. Seven million computers in one year is quite rapid infection of this century," said co-founder Andre Shadowserver Foundation DiMino.

Conficker was first discovered in 2008 and immediately got the attention of Internet users, network security experts, and even the mass media. This worm has spread everywhere, especially to China and Brazil. Even software developers have created a dedicated agency to deal with this virus, with the name Conficker Working Group (CWG).

CWG found, Conficker more often use computers with Microsoft Windows systems as a vehicle. Once infected, users will not be able to download the Microsoft Malicious Software Removal Tool, the software is expected to treat the infection Conficker.

2:35 AM | 0 comments | Read More

How to Clean Conficker Virus

Virus Conficker is estimated that tens of thousands of computers already infected in Indonesia, and millions in the world. Conficker Symptoms The most common is the emergence of the message Generic Host Process Error every time a user connects his computer to the Internet. In addition, Conficker also known to cause the logged in username Active Directory locked because he bruteforce action.

If your computer is already infected with the virus now Conficker scourge of computer users around the world, not to worry. You are not alone because there are estimated to have 12 million infected computers around the world today. If the antivirus is still failing to overcome, there is a way membasminya even need a bit of hard work.

Consider the 7 steps eradicate the virus from Vaksincom Conficker following:

1. Decide who will clean your computer from the network / Internet. Turn off WiFi access when there and pull the ethernet cable from the LAN network.

2. Turn off system restore (Windows XP / Vista).

How select Start>> All Programs>> Accesories>> System Tools>> System Restore and then select the settings menu off for all partitions.

3. Turn off the active virus process in services. Use the removal tool from Norman to clean the virus is active. The program is available free of charge and can be downloaded at http://norman.com/support/support_tools/58732/en-us

4. Delete service svchost.exe implanted fake virus in the registry. You can search the registry manually.

5. Delete Task Schedule made by the virus. (C:-WINDOWS-Tasks)

6. Remove string registry created by the virus. To make it easier to use the registry script below. Copy this script and then install.

9:07 AM | 0 comments | Read More

Cleaning W32/Moonlight Virus

"Moonlight", so the worm type malware is named herself. Local worm actually been around since W32/Brontok or W32/Rontokbro era, but still exist until now. This is because variants that continue to emerge. In fact, there are many reports of AVI that computer users infected by this worm. Therefore, we were interested to discuss the issue of Moonlight at this time.

Characteristic
Made using the compiler W32/Moonlight mainstay vxer (term for malicious programmers) ie local VB6 (Visual Basic 6) and compressed using FSG packer PE programs. Original size of 324 KB, and after compressed to 144 KB. Its own identity using Windows XP folder icon standard.

Action (Payload)
When first run, W32/Moonlight.L will create the file "systear.dll" in a system directory, for example: "C:-WINDOWS-system32-systear.dll". This file is an initialization file so that the worm can identify himself and to mark the position where the worm has spread. After that, create a file of supporting Moonlight shaped dynamic link library (DLL) "moonlight.dll" in the Windows directory (example: "C:-WINDOWS-moonlight.dll") and extract the MIDI-formatted music files "onceinabluemoon.mid" to the Windows directory . After that, the worm makes a directory with a random name in Windows and System subdirectory in the format 'C:-WINDOWS-[random] ". Mean "[random]" here contains random names such as:

"C:-WINDOWS-FLR1S4G"
"C:-WINDOWS-system32-LDF6I7R"

Use a random name is probably intended to complicate the process of investigation and cleanup.
Then the worm will reproduce itself in the following places:
* C:-WINDOWS-[random]-service.exe
* C:-WINDOWS-[random]-smss.exe
* C:-WINDOWS-[random]-system.exe
* C:-WINDOWS-[random]-winlogon.exe
* C:-WINDOWS-lsass.exe
* C:-WINDOWS-system32-[random] - [random]. Cmd
* C:-WINDOWS-[random]. Exe
* C:-WINDOWS-system32-[random]. Exe
* C:-WINDOWS-[random] - [random]. Com

W32/Moonlight.L deliberately duplicate themselves with names similar to the Windows services such as innate "smss.exe", "service.exe" with the intention that the process is not easy to stop using the Windows Task Manager built. Keep in mind, the Task Manager will refuse to stop the process with the name include: "service.exe", "smss.exe", "system.exe", "winlogon.exe", and "lsass.exe".

Because the worm is made using VB6, and because each application requires VB6 runtime named "msvbvm60.dll", the worm is smart strategy to make the runtime file is not deleted or deleted (which makes the worm can not run). Way, by making backups of the runtime files to "C:-WINDOWS-system-msvbvm60.dll".
Another thing done is to make Moontime file named "MooNlight.txt" in the Windows directory (example: "C:-Windows-MooNlight.txt"). This file contains a message from the creators who called himself the nick "Lunalight" aka "Moonlight":

Endemic
W32/Moonlight.L dissemination is very similar to the worm aka W32/Brontok legendary W32/Rontokbro, by doubling itself to every directory with a name similar to the parent directory.

Cleaning and prevention
Fairly easy to clean, you need to do is run the AVI (Antivirus Info Computer) that has been bundled into one DVD inherent in this magazine. Run, and do checks to each location and storage media connected to your computer. Keep in mind, do not do any activity during the review process. For prevention we recommend you to install the AVI as a guard to prevent your computer infected by this worm again.

AVI 2.0.4.9 Changelog:
* Improved buffer overflow bug that caused crashes when AVI to update online.
* Improved compatibility bug with Windows Vista / 7.
* Improved access violation bug that caused crashes AVI while scanning.
* Improvement of detection of some Windows system files 7.

8:57 AM | 0 comments | Read More

Tips : Cleaning Onlinegames Virus

For those of you who do not want important data lost or stolen should not be infected with the virus OnlineGames, Avoid the execution and installation of software programs and the unknown.

Also to remember, be careful on the online forum on the Internet that provides links to suspicious or not you believe in its validity.

Especially for companies with computers in a network that many, Vaksincom recommend that you do IP-IP filter suspicious.The results of filtering using Vaksincom NNP conducted on ISP traffic in Indonesia confirms that W32/OnlineGames is a real threat to watch out for the moment.

However, if you are already infected with this trojan, you inevitably have a little struggle to clean viruses OnlineGames, before the critical data you stolen by this Trojan. Here are the steps to clean that:

1. Disable System Restore (XP / ME) (when used)
2. Turn off the virus, Use the Windows Task Manager to kill the virus process.
3. Perform End Process on the current virus files (liser.exe)
4. Remove string registry that was created by the virus, To make it easier to use the registry script below.

[Version] [Version]

Signature="$Chicago$" Signature = "$ Chicago $"

Provider=Vaksincom Oeyy Provider = Vaksincom Oeyy

[DefaultInstall] [DefaultInstall]

AddReg=UnhookRegKey AddReg = UnhookRegKey

DelReg=del DelReg = del



[UnhookRegKey] [UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "

HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "

HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "

HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "

HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1""" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ regfile \ shell \ open \ command,,, "regedit.exe" "% 1" ""

HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, 0 HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows, AppInit_DLLs, 0



[del] [del]

HKCU, Software\Microsoft\Windows\CurrentVersion\Run, Kell HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, Kell

Use the notepad, then save with the name "repair.inf" (use the Save As Type option to All Files to avoid mistakes).

5. Delete virus files (liser.exe & liser.dll) manually, which is in the folder "C: \ Program Files \ Manson" or can use tools Norman Malware Cleaner. You can download the following link http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe

8:52 AM | 0 comments | Read More