Jump to content
gila_game25

Virus Yg Amat Pelik!

By gila_game25, in Windows

Recommended Posts

gila_game25    0

gila_game25
Posted

aq skrang ni ade masalah pasal virus yg ckup pelik. die hanye berlaku pade time connect USB Mass Storage(example: pendrive, mp4). virus die cam bile kite create new folder, pastu kite delete smula folder tu(contohnya nama "Hantu"), virus tu akan timbul dengan nama yg sama("Hantu") . aq pnah scan skali ngan antivirus 2006, nama virus tu ade tpi x ingat. seingat aq ade tulis, Silly dc gitu :unsure:

kesan die bile tkan folder tu, task manager, regedit dll sume dioffkan. ade sape dpt prob yg sama ke? :wacko:

Share this post

Link to post
Share on other sites

gila_game25    0

gila_game25
Posted

thx ma frend! skrang virus tu dah xde. antivirus yg amat berkesan yg aq gune ialah Panda Antivirus 2008. mmg effektif. virus tu dtg drpd cd windows xp sendiri. patutla aq pomet 2 hardisk aq, ade gak virus ni. abis ler HL2 original aq. nk update game tu dah la satu hari setengah :mellow:

Share this post

Link to post
Share on other sites

razirazo    24

razirazo
Posted

thx ma frend! skrang virus tu dah xde. antivirus yg amat berkesan yg aq gune ialah Panda Antivirus 2008. mmg effektif. virus tu dtg drpd cd windows xp sendiri. patutla aq pomet 2 hardisk aq, ade gak virus ni. abis ler HL2 original aq. nk update game tu dah la satu hari setengah :mellow:

sume av yang wujud skang ni pun dah berkesan aku rasa....

Share this post

Link to post
Share on other sites

are-zyme    0

are-zyme
Posted

hahahaha.... dulu aku pun pernah kene masalah yang same time pakai norton... pastu aku tukar anti-virus..... ok dah skang komp stabil dan mantop....

Share this post

Link to post
Share on other sites

arbanji    1

arbanji
Posted

Aku pakai KIS langgan 2 tahun, ok...

tapi kalau tukar slot networking (mobo aku ada 2 slot untuk cucuk networking) baru ada masalah.. keluar masej memberitahu masalah pada IP adrress, bila cucuk kembali ke tempat asal, ok..

bila aku beralih ke vista dan reinstall semula KIS dengan version yg serasi Vista, activate semula, ok.. beres..

Aku dah pernah pakai beberapa jenis anti virus @ internet security.

Norton, AVG, McAffe, dan lain-lain lagi, kemudian setelah mencuba Kapersky. wow!, ringan dan cepat!.. daily update..

Share this post

Link to post
Share on other sites

razirazo    24

razirazo
Posted

ye ke? Norton AV x berkesan pon.

ko tak update kan?

Share this post

Link to post
Share on other sites

huito    0

huito
Posted

salam..

tak silap aku virus ni newfolder.exe.

tak tau la..tp aku pnah kene dan aku delete guna manual.

registry kene block tp kene pki 3rd party nye software..aku recommend tune up utilities.

btw...dia kene ubah2 registry...

HOW TO REMOVE “NEW FOLDER.EXE†AND ENABLE “TASK MANAGER + FOLDER OPTIONâ€

Using :

1) regedit

2) TuneUp Utilities  TuneUp RegistryEditor

(recommended using TuneUp Registry Editor)

Details:

Arrival Details

This worm may be downloaded from remote sites by other malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites.

Installation

This worm drops the following file:

%Windows%\tasks\AT1.JOB

(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

The said routine creates a task using Microsoft Job Scheduler to execute itself on a scheduled basis. It is able to do the said action by creating a task named AT1.JOB in the Tasks folder, which can be found inside the Windows folder.

Autostart Techniques

This worm modifies the following registry entries to enable its automatic execution at every system startup:

HKEY_CURRENT_USER\Software\Microsoft\

Windows\CurrentVersion\Run

Yahoo Messengger = "%System%\RVHOST.EXE"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

Windows NT\CurrentVersion\Winlogon

Shell = "Explorer.exe RVHOST.exe"

(Note: The default value data for the said entry is "Explorer.exe".

Delete the “RVHOST.exe†word and leave it just “explorer.exeâ€

It uses Windows Task Scheduler to create a scheduled task that executes the dropped copy.

Other System Modifications

This worm creates the following registry entries to disable Task Manager and registry tools:

HKEY_CURRENT_USER\Software\Microsoft\

Windows\CurrentVersion\Policies\System

DisableRegistryTools = "1"

HKEY_CURRENT_USER\Software\Microsoft\

Windows\CurrentVersion\Policies\System

DisableTaskMgr = "1"

Change to default value from “1† “0â€

Moreover, it creates the following registry entry to allow this worm to be shown as NEW FOLDER.EXE under My Network Places:

HKEY_CURRENT_USER\Software\Microsoft\

Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares

shared = "\New Folder.exe"

Delete the “\new folder.exe†and leave it blank.

It also adds the following registry entry to hide the Folder Options option in Windows Explorer:

HKEY_CURRENT_USER\Software\Microsoft\

Windows\CurrentVersion\Policies\Explorer

NofolderOptions = "1"

Change to default value from “1† “0â€

Furthermore, it modifies the following registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

Services\Schedule

NextAtJobId = "{Original value}+1"

(Note: {Original value}+1 becomes the {Current value}.)

Change the {Original value}+1 to {Original value}.

Propagation via Removable Drives

This worm drops copies of itself in all removable drives.

Affected Platforms

This worm runs on Windows 98, ME, NT, 2000, XP, and Server 2003.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go To Topic Listing
×
×
  • Create New...