This virus categorized as low class because actually this virus not really hard to removed and not really annoyed. Carefully when you received this messages/pop up:

1  nikmatnya_gadis_desa
2  saat pertama berkenalan dengannya aku merasa senang
3  dia hanya seorang gadis desa
4  dengan cahaya pada bola matanya
5  yang mampu membawaku terbang
6  dengan keluguannya
7  yang selalu membuatku membimbingnya
8  dia adalam matahariku
9  yang mencairkan kebekuan hatiku
10 dari :rieysha

To know if your computer infected by this virus is you will see many multimedia files with size around 148KB This virus will generate lot of this files type so it will take enough your disk-space.

Norman antivirus can detect this virus as W32/Wayrip.A

wayrip_norman.JPG

Virus Master

After success to active this virus will creating his master file and also copied it into another drive like d: e: etc.

3gp.exe
dari_rieysha_anak_jogja.exe
dokumenPenting.exe
film.exe
gambar.exe
musik.exe
puisi.txt

Virus will change registry value in HKLM to make it active each time computer reboot:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nikmatnya_gadis_desa = C:\nikmatnya_gadis_desa.exe

To protect himself from people( like me :P ) this Virus will try to blocking some windows function like:

- Folder Option
- Run
- Find
- Menu Shutdown
- Drive C:\
- Registry Editor
- Task Manager
- CMD

Virus will change your browser start page redirected to http://h1.ripway.com/anharku (Account already deleted by ripway company) This is the virus creator homepage he try to get lot of people come to his website maybe just for click him adsense ads *LOL*

Virus will change your time AM PM value into riesyha

wayrip-2.JPG

Virus will change your windows information

wayrip-3.JPG

Virus will hiding your drive C:

wayrip-4.JPG

The best part of this virus he will try to kill all security/antivirus programs with caption:

Virus
Trend
procexp.exe
Remove
Panda
mmc.exe
Kill
Kaspersky
cmd.exe
Rontok
Aladdin
Windows
Rontox
Sysinter
Setup
Machine
brontokwasher.exe
ansav
Norton
hijackthis.exe
anti
Symantec
killbox.exe
kill
Norman
Movzx
scan
Bitdef
Ertanto
remov
Avast
Washer
security
Mcaf
Killbox
config
Grisoft
Registry
patrol
Cillin
Utility
hijack
Process
Master
pcmav

I said this is the best part of this virus because it might make some people confused :D this virus also still active on windows mode “safe mode with command prompt” and the last lame autorun.inf file for spreading himself using flash disk media.

wayrip-5.JPG

Enough now time to remove this virus!

1. Turn off “system restore” service when in cleaning process.

2. Kill virus process using 3rd party tools killVB, Download it on here or download from my server here

wayrip-6.JPG

3. Delete registry changed by Virus using FixRegistry download from here or download from my server here

wayrip-7.JPG

4. Delete all master virus with specification:

  • Size 148KB
  • Icon Multimedia
  • File extension .exe
  • File type Application

Before you do this set folder option to show hidden files.

5.  Delete also this file list on root drive (c:\, d:\, etc)

  • pesene_seng_gawe.htm (size 22 KB)
  • xx pesene_seng_gawe.htm (size 1 KB), xx = Random
  • Autorun.inf
  • C:\Puisi.txt
  • C:\Windows\Taskman.com

6. Last scan with your best antivirus program to make sure your system clean.

Done, Have a nice day :D

Share |


SEARCH ENGINE KEYWORD RESULTS :
  • blog gadis desa
  • remove gambar exe
  • gadis bank
  • gadis desa
  • gadis desa 3gp
  • how to remove w32/sality xx
  • anti virus for riesyha
  • virus block procexp exe
  • rieysha virus removal
  • nikmatnya_gadis_desa
  • virus removal tools W32/Sality xx
  • desa ke desa 3GP
  • virus files added with extension exe size 148 Kb
  • gadis 3gp
  • 3gp gadis desa
  • virus gambar exe
  • ripway virus removal tool
  • gambar exe
  • Gadis xx
  • virus gadis desa removal
  • virus change 3gp to exe
  • forex 3gp blogspot
  • W32/Wayrip A
  • norman antivirus removal gadis desa
  • how to remove ripway virus
  • www forex3gp blogspot com
  • www forex3gpblogspot com
  • http://www new forex 3gp blog spot com
  • www forex 3gp blogspot com
  • forek 3gp
  • ripway virus removal
  • www new forex 3gp blog spot com
  • how to remove ripway home page permanently
  • gadis blogspot 9
  • Gambar exe sality
  • forex 3gp blogsport com
  • gambar gadis desa
  • how i can remove ripway
  • forex 3gpblogspot com
  • forex 3gp blogspot com
  • new forex 3gp blogspot
  • Www forex3gpblogspot com
  • how to delete gambar virus
  • www newforex3gp blogspot com
  • ripway virus
  • forex3gp com
  • forex 3gp
  • www newforex 3gp com
  • virus create 3gp folder
  • ripway how to remove symantec
  • WWW FOREX 3GP BLOGSPOT COM
  • NEWFOREX 3GP
  • newforex3gp blogspot com
  • 0h
  • forex3gp blogspot com
  • 2h
  • forex3gp blogsport
  • newforex 3gp blogspot
  • newforex 3gp
  • forex 3gp blog sport
  • wwwForex3gp blogspot com
  • virus blocking procexp exe avast
  • www 3gp blogspot com
  • forex 3gp com
  • newforex3gp
  • New Forex3gp blogspot
  • www forex3gp com
  • newforex3gp blogspot
  • how to remove ripway com virus
  • FOREX3GP BLOGSPOT COM
  • www new forex 3gp
  • forex 3gp bolgspot com
  • gadis xx
  • www newforex3gp blospot
  • WWW FOREX BLOG SPORT
  • forex3gp
  • www newforex blogsport 3gp com
  • http://www forex3gp blogspot com
  • www newforex3gp com
  • NEWFOREX BLOGSPOT COM
  • www newforex 3gp blogspot com
  • gambar2 gadis untuk berkenalan com
  • NEW FOREX 3GP BLOGSPOT
  • forex3gpblogspot
  • NEWFOREX3GP COM
  • new forex 3gp
  • www newforex 3gp blog spot
  • www forex3gp blogspot c;m
  • newforex blogspot
  • http://www newforex 3gp blogspot com/
  • wwwfofex 3gp-blog sport
  • new forek3gp blogspot com
  • www newforex blogspot com
  • how remove ripway viorus
  • www newforex 3gp blog spot com
  • forex3gp blogsport com
  • Sandra dewi xx
  • forex 3gp blog spot
  • newforex3gp blogspot com com
  • new forex3gp blogspot
  • newforex3gp com
  • www newforex3gp blogspot
  • www new forex3gp blogspot com
  • new forex3gp
  • http://newforex3gp com/
  • newforex 3p
  • newforex3gp blogsport com
  • 3gpblogspot com
  • www newforex3gp blogsport com
  • Newforex3gp blogspot
  • newforex3gp blog sport
  • http://www newforex3gp block spot comcom/
  • wwwnewforex3gp blogspot com
  • http://www forex 3gp blogspot com
  • http://www newforex3gp blogspot com
  • t
  • forex3gp block spot
  • www newforex3pg blogspot com
  • www forex 3gp com
  • www new forex3gp
  • www newforex 3gpblogspot com
  • 3gpgadis block sport
  • now forex3gp blogspot com
  • www forex 3gp blog spot com
  • newforex 3gp blogspot com
  • newforex blogsport
  • desa ke desa 3gp
  • newforex blogspot com
  • www forex 3gp
  • new forex 3gp blogspot com
  • new forex3gp com
  • www forex3gp blugspot com
  • Newforex 3 Gp blogspot
  • Forex 3gp
  • how to delete ripway from home page
  • www forex3gp biogspot com
  • www forex3gp blok sport com
  • www newforex blongspot com
  • FOREX3GP
  • www newforex blogspot
  • www newforex3gp blog spot com
  • www newforex3gp
  • www forex3gpblospot com
  • WWW NEWFOREX3GP BLOGSPORT COM
  • www Forex3gpblogsopt com
  • newforex 3gp com
  • www newforex3gp co id
  • forex 3Gp blogspot com
  • www newforex3gp blogspot com download
  • forexs3gp blogsport
  • forex3gp blogs
  • www forex3gp blogsport
  • www newforex 3gp blog com
  • WWW FOREX3GP BLOGSPOT COM
  • newforex3
  • http://www new forex3gp blogspot com/
  • www forex3gp blogspot co cc
  • www newforex 3gp
  • www forek3GP
  • www newforex 3p blogspot com
  • gadis
  • forex3gp blogspot
  • forex3gp biogs
  • www forex3gp blogspotcom
  • www forex3gp blogsot com
  • WWW NEWFOREX3GP BLOGSPOT COM
  • www new forex 3gp blogspot com
  • www forex3gp blog spot
  • www forek3gp blogspot com
  • forex3gp blokspot
  • forek3gp blogspot
  • newforex3gp blokspot
  • wwwforex3gp blogspot com
  • forex blogs 3gp
  • www forex3gp blok spot
  • newforex3pg
  • 1h
  • www newforex 3gp com my
  • www forex3gp blogspot
  • forex blogsport
  • http://www forex3gp com/
  • www forex 3 gp blog spot com
  • forex 3gp blog spot com
  • www newforex3gp blogsport com/
  • newforex blog 3gp
  • www forex3gp blogsop com
  • www newforex3gp blogspt com
  • HTTP://WWW FOREX3GP BLOGSPOT COM
  • www forex3 blogspot com
  • www forex gp blogs pot
  • www gambar gadis-spot com
  • rieysha virus remover
  • gadisxx sg
  • newforex 3gp blogsport com
  • newforexX 3gp blogsport com
  • www forex3pg com
  • newforex
  • forex 3 gp blogspot com
  • WWW FOREX3GP BLOGSPORT COM
  • forex3gp blog sport com
  • new forex 3p
  • FOREX 3GP BLOGSPOT
  • www forex 3gp blogsport com
  • h1 ripway virus
  • forex3pg
  • FOREX 3GP
  • YOU TUBE GADIS DESA
  • newforex3gp blogsport
  • www newforex3p blogspot com
  • 3gp blogsport
  • www newforex3gpblogspot com
  • newforex3gp my
  • blugspot
  • new forex3gp blogspot com
  • • www forex3gp blogspot co cc
  • www forex3gp com/blogspot
  • forek3gp spot com
  • http://www 3gpblog spot co id/

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!


This entry was posted on Sunday, September 7th, 2008 at 12:09 AM and is filed under Computer And Internet, Miscellaneous, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.