D**n those f***ing China! *joke*

This is new varian for Microsoft.vbs virus which I write formula how to clean it around a month ago when it hit my cybercafe until totally broken he he… Now most people know this virus as ARP virus.  Why? Because after learning it more deeply this virus categorized as HIGH RISK and should removed as soon as possible before it infected total your network.

First.. To know this virus is active on your computer is  you will get most error pages  message when browsing, or error when using messenger, PLUS you will find this file Microsoft.vbs Microsoft.bat Microsoft.pif on your hard drive where you install your OS PLUS *again* your computer gonna be slow PLUS *oh not again* Your internet connectivity will going slow than usually PLUS *OMG* It will flooding your network until some billing(via TCP/IP) will stop responding.

It’s hard to know when your computer infected because it’s only showing a little error when you browsing and sometimes it’s not active (like clean computer) until you idle for some minutes/hour.

When you browsing you don’t feel something goes wrong… but when you look on the page source the evil is waiting on there

Clean page source from google.com not injected with any code.. but wait when virus active you will look something like this..

Holy s**t what is that!!!

So the answer is virus going active when you’re using internet by browsing or chat on messenger. Basically all internet explorer activity can bring this virus active! Enough let’s remove this virus permanently and stop it from coming back.

You can use Colasoft MAC Scanner (shareware) to scan your network, If you found there is mac address same with your gateway then you have to unplug that computer from network and clean it before you put it back on network. Why? In condition when you clean infected one virus will going to spread on other computer in your network once you clean it, it will calling back file from other infected one in your network so don’t waste your time for this stupid thing UNPLUG IT to stop it spreading in network!

Now.. Get Security Task Manager and delete/remove strange process on your computer background (usually with IE icon and dll files) delete/remove Desktopwin.dll/Jview.dll and ThunderAdvise.dll delete/remove AppInit_DLLs.

Done.. Now get hijackthis and restore your hosts file by Open the Misc Tools section, on System tools choose Open hosts file manager and deleted all line after 127.0.0.1 localhost or you can done this using notepad hosts file is on %systemroot%/system32/drivers/etc

Now get ATF Cleaner  and deleted all cookies, history and java cache.

Repair your registry to back in normal by using this code:

 [Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs,0, “”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object

[del]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ThunderAdvise
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, DesktopWin

Or download repair.inf

To stop virus coming back from other computer disable default share  by using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, AutoShareWks,0×00010001,0
HKLM, SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, AutoShareServer,0×00010001,0

Or download disable-default-share.inf and activate it restart-net-service.bat

Disable autorun to stop virus coming back from USB flashdisk/removable mediaby using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

Or download disable-autoplay.inf

To stop virus from coming back by replacing old files let’s make dummy files download dummy.bat!

Last scan with your BEST antivirus/antimalware to make sure your system clean! Another trick to stop virus from infected back your computer you can add static entry on ARP by write in command prompt “arp –s *gatewayipaddress* *gatewaymacaddress*” or another trick say we can blocked those d**n virus site by change it in hosts file here is some website list detected as virus update:

972.aksjd11.com
w3og.cn
qazc.fourtw.cn
www.aujoy.cn
www.hao601.cn
www.psp476.cn
222.1212l112.net
444.1212l112.net
555.1212l112.net
111.1212l112.net
root.51113.com
hk.www404.cn
err.www404.cn
(Still there a lot out there.. BLOCKING ALL .cn domain might resolve this problem ha ha ha )

Anyway this method is not really can stop virus updated as long the creator change website again we have to update block it manually.

Done (finally)… now using your computer like usually for 1-2 hours and see if the virus coming back..

SIMILAR POST :

• Remove virus AMBURADUL (all varian)
• How To Remove W32/Obfuscated.J (Trojan.Downloader2.25378)
• 8 Tools Kido/Conficker/Downadup Remover
• Microsoft.lnk Shortcut Virus? Worm:PIF/Starter.A

Incoming search terms:

• PENGERTIAN SPOOFING
• cara mengatasi does name exist
• setting anti arp spoofing mikrotik
• pengertian ARP spoofing attack
• Tutorial membuat plood web via hp
• serang ip dengan cmd
• antiarp bat
• time scheduler in winbox
• blok sality di mikrotik
• mikrotik sality
• arti arp spoofing
• menyembunyikan ip address dengan cmd
• cara mengatasi virus arp
• free download anti spoofing windows xp
• pengertian arp
• mikrotik anti arp spoofing
• carainjectvirus
• cara mengatasi arp spoorfing
• CARA MENYEMBUNYIKAN IP
• pengertian arp spoofing
• pengertian mikrotik
• cara drop virus arp spoofing di mikrotik
• Cara flood web pakai hp
• mengatasi-ip-spoofing-pada-mikrotik
• tips pembersihan virus arp spoofing
• Anti ARP VER 6 O2
• arp spoofing mikrotik
• kegunaan arp
• anti arp di mikrotik
• fungsi arp poisoning
• memblokir virus arp
• mikrotik blocking arp poisoning
• membersihkan arpvirus di mikrotik
• mikrotik disable arp
• melihat trafik virus pada mikrotik
• mikrotik drop attack and scan
• mikrotik boot scripts
• mikrotik port virus sality
• mikrotik stop virus flooding
• kegunaan spoofing di ubuntu
• mac spoofing mikrotik
• manual mikrotik anti spoofing
• penangkal ARP dengan notepad
• mikrotik tr content uploads 2008 winbox firewall log drop 7
• merakit jaringan warlles dengan manual mengunakan windows 7
• melepaskan jaringan dari mikrotik
• mikrotik prevent arp spoofing
• membuat ip flooding
• mikrotik block china domain
• mencegah flood di mikrotik
• mencegah flooding di mikrotik
• mengatasi arp position
• mengilangkan flood mikrotik
• menghapus host otomatis mikrotik
• mengatasi billing error terkena firus
• mengatasi virus arp spoofing di mikrotik
• mengatur jaringan dalam cmd
• mencegah arp spoofing di mikrotik
• microtek protect from spoof
• mikrotik anti fix ip
• mikrotik block arping
• mikrotik block arp broadcast
• mikrotik block arp attac
• mikrotik arp virus removal tool
• mikrotik arp spoofing
• mikrotik arp flooding
• membuat trojan dengan vbscript
• mikrotik anti spoofing
• mengatasi virus code block
• pengertian anti arp
• winbox sharing internet dengan mac address
• spoofing dan flooding pengertian
• Spoofing
• spoof ip in winbox
• spofing mikrotik
• source code java program anti arp
• source code html code injection dengan vbscript
• software penangkal arp poisoning
• trik sms sembunyikan nomor
• setting sharing jaringan menggunakan windows 7
• setting arp poisoning mikrotik dengan winbox
• spoofing mikrotik
• stop mac spoofing in mikrotik
• what is arp list winbox
• virus XP Duplicate name in network
• virus sality mikrotik
• virus jaringan dengan nembak ip address
• virus cara mengatasi ip address conflict
• virus arp windows 7
• virus arp spoofing mikrotik
• vb6 source code arp spoof -freelancer -softwaretopic
• vb net arp posion
• tips mengetahui flood mikrotik
• arp spoofing 소스 vb
• sembunyikan mac address windows 7
• sembunyikan IP Adress
• Pengertian sofhwer
• pengertian sality virus
• Pengertian jaringan nirkabel spoofing took online download dan upload
• pengertian interface pada java
• pengertian Idle
• pengertian flooding
• pengertian clearing ARP
• pengertian cara membuat jaringan wireles
• pengertian blok
• pengertian block
• pengertian spoofing dan flooding
• Pengertian spoofing dan flooding dalam jaringan
• scheduler static arp di mikrotik
• sality dengan mikrotik
• put virus o mikrotik
• proteksi virus mikrotik
• protect mikrotik from arp spoof
• program bank pake vb
• prevent arp spoof by mikrotik
• port 38768
• pengertianARP spoofing attack
• pengertian virus sality
• pengertian arp attacker
• cara menangani arp spoofing di mikrotik
• cara attack ip address
• blokir port virus sality di mikrotik
• bloking arp poisioning/spoffing di jaringan wifi
• block trojan dengan miktoik
• block arp poisoning mikrotik
• block arp flooding mikrotik
• block arp attack windows 2008 64bit
• best antivirus for anti arp spoofing
• arti logo mikrotik
• arti ARP pada tcp/ip
• cara bikin link flood web pakai vbs
• cara bikin web flood
• cara blocking via cmd
• cara membuat bingkai di cmd
• cara memblokir win32 worm downadup gen di mikrotik
• cara memakai arp-scan di ubuntu
• cara flood komputer lain pada jarigan wireles
• cara disble arp pada mikrotik
• cara blok worm di mikrotik
• cara blok jaringan kantor
• cara blok ip dengan anti arp
• cara blok internet kantor
• cara blok arp attacker
• arp spoofing with vb net
• ARP Spoofing virus download
• arp spoofing using vb net
• anti poisoning mikrotik
• anti flooding mikrotik
• anti flood mikrotik
• anti conficker mikrotik
• anti arp spoofing mikrotik
• anti arp spoofing
• anti arp spoof mikrotik
• anti arp source code java
• anti arp server java
• anti arp mikrotik
• antispoofing for mikrotik
• aplikasi anti arp wifi di ubuntu
• Aplikasi flood ip
• arp spoofing code implementation in batch
• arp spoofer in vb
• ARP scan vbs
• arp poisoning vbs
• arp poisoning vb
• arp poisoning mikrotik
• arp menggunakan cmd
• arp lewat cmd
• arp flood from conficker
• arp flood
• anti arp in vb net
• kegunaan spofing di ubuntu
• fungsi ARP spoofing
• fungsi arp pada winbox
• fungsi arp list di router
• fungsi anti spoofing
• free arp spoofing for xp 2
• drop spoofing dengan mikrotik
• disable arp
• detect arp poison mikrotik
• crawler host windows xp guest ubuntu
• coding microsoft bat
• fungsi dari antiarp
• fungsi spoofing
• genius 2 spoof ip
• kegunaan antiARP
• jaringan microsoft window xp 2011
• ip scanner vbs bat
• install ip spoofing di ubuntu
• how to remove virus from Mikrotik
• how to find and block confiker c with mikrotik
• how to filter duplicate mac address with mikrotik
• how to block arp in mikrotik winbox
• how to block arp attack in mikrotik winbox
• genius2 ip spoof
• cmd arp flooding codes
• cara sebunyi in nomor
• cara scanner ip pakai mikrotik
• cara mengetahui winbox
• cara mengetahui nomor ip client menggunakan ubuntu
• cara mengatasi windows 7 geniu
• cara mengatasi spoofing
• cara mengatasi mac addres d blok
• cara mengatasi copy mac mikrotik wifi
• cara mengatasi arp duplicate ip address
• cara mengaktifkan ip yang di delete dengan arp di cmd
• cara mencegah flooding di mikrotik
• cara mencegah flooding attack dengan avira
• cara menggunakan anti arp linux
• cara menggunakan arp-scan
• cara menggunakan arpspoof pada terminal
• cara scan mac address jaringan
• cara proteksi flood linux
• cara penggunaan winarp spoof
• cara ngatasi ip banned pada wifi
• cara nembak arp dari cmd
• cara menyembunyikan ip dan hostname di jaringan dengan cmd
• cara menjebol firewall dengan arpspofing
• cara menghilangkan virus jview
• cara menghilangkan virus arp
• cara menggunakan arpspoofing
• cara menangani spoofing

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Wednesday, July 30th, 2008 at 11:50 AM and is filed under Computer And Internet, Miscellaneous, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.