This virus categorized as low class because actually this virus not really hard to removed and not really annoyed. Carefully when you received this messages/pop up:

1  nikmatnya_gadis_desa
2  saat pertama berkenalan dengannya aku merasa senang
3  dia hanya seorang gadis desa
4  dengan cahaya pada bola matanya
5  yang mampu membawaku terbang
6  dengan keluguannya
7  yang selalu membuatku membimbingnya
8  dia adalam matahariku
9  yang mencairkan kebekuan hatiku
10 dari :rieysha

To know if your computer infected by this virus is you will see many multimedia files with size around 148KB This virus will generate lot of this files type so it will take enough your disk-space.

Norman antivirus can detect this virus as W32/Wayrip.A

Virus Master

After success to active this virus will creating his master file and also copied it into another drive like d: e: etc.

3gp.exe
dari_rieysha_anak_jogja.exe
dokumenPenting.exe
film.exe
gambar.exe
musik.exe
puisi.txt

Virus will change registry value in HKLM to make it active each time computer reboot:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nikmatnya_gadis_desa = C:\nikmatnya_gadis_desa.exe

To protect himself from people( like me ) this Virus will try to blocking some windows function like:

- Folder Option
- Run
- Find
- Menu Shutdown
- Drive C:\
- Registry Editor
- Task Manager
- CMD

Virus will change your browser start page redirected to http://h1.ripway.com/anharku (Account already deleted by ripway company) This is the virus creator homepage he try to get lot of people come to his website maybe just for click him adsense ads *LOL*

Virus will change your time AM PM value into riesyha

Virus will change your windows information

Virus will hiding your drive C:

The best part of this virus he will try to kill all security/antivirus programs with caption:

Virus
Trend
procexp.exe
Remove
Panda
mmc.exe
Kill
Kaspersky
cmd.exe
Rontok
Aladdin
Windows
Rontox
Sysinter
Setup
Machine
brontokwasher.exe
ansav
Norton
hijackthis.exe
anti
Symantec
killbox.exe
kill
Norman
Movzx
scan
Bitdef
Ertanto
remov
Avast
Washer
security
Mcaf
Killbox
config
Grisoft
Registry
patrol
Cillin
Utility
hijack
Process
Master
pcmav

I said this is the best part of this virus because it might make some people confused this virus also still active on windows mode “safe mode with command prompt” and the last lame autorun.inf file for spreading himself using flash disk media.

Enough now time to remove this virus!

1. Turn off “system restore” service when in cleaning process.

2. Kill virus process using 3rd party tools killVB, Download it on here or download from my server here

3. Delete registry changed by Virus using FixRegistry download from here or download from my server here

4. Delete all master virus with specification:

• Size 148KB
• Icon Multimedia
• File extension .exe
• File type Application

Before you do this set folder option to show hidden files.

5.  Delete also this file list on root drive (c:\, d:\, etc)

• pesene_seng_gawe.htm (size 22 KB)
• xx pesene_seng_gawe.htm (size 1 KB), xx = Random
• Autorun.inf
• C:\Puisi.txt
• C:\Windows\Taskman.com

6. Last scan with your best antivirus program to make sure your system clean.

Done, Have a nice day

Similar Posts:

• Microsoft.lnk Shortcut Virus? Worm:PIF/Starter.A
• Remove Sandra Dewi Bugil Virus W32/Sadra.A
• Remove W32/ALMAN Virus
• Remove MaHaDeWa VBS.Autorun.AM

• newforex3gp
• newforex3gp blogspot
• gadis desa
• forex3gp
• dewi3gp blogspot
• youtubebokeptv
• www blogspot co id
• Indo xx 3gp
• My faporite 3gp
• puisi desa
• japanxx 3gp
• forex3gp blogspot
• Gadis bugil
• newforex3gp blogspot video
• gadis desa bugil
• gambar gadis desa
• gambar gadis
• new forex 3gp
• new forex3gp
• gadisdesa
• newforex 3gp
• newforex 3gp blogspot
• gadis tube
• Newforex blogspot
• forek3gp
• bugil gadis desa
• 3gp japanXX
• 3gp GADIS
• 3gpgadis desa
• dewi3gpblogsport
• tubexx 3gp
• blog indo xx 3gp
• tube3gp blogsport
• gadis desa 3gp
• newforex3gp blog
• 3gpblogsport
• new forex3gp blogspot
• new forex3gp blok
• Xx file gadis bugil xx
• new forex 3gp blogspot
• xx gadis kampung
• mahu berkenalan dengan gadis indonesia
• kantor pusat bpd jawa timur
• kampung bugil
• japanxx blogspot
• youtube gadis desa
• search category xx 3gp
• xvideos newforek 3gp blogspot
• xvideos 3gp download
• rontox exe virus
• puisi gadis desa
• POTO CEWE DESA
• blogger gadis bugil
• NIKMATNYA GADIS DESA
• newforex3gp com
• Vidio gadis indonesia xx
• virus redirected to ripway
• ww newforex blogspot com
• newforex3gp blog spot
• xvidios 3gp
• tube blogsport3gp
• www Gadis Desa Bugil
• newforex3gp block
• Wxw gambar cewek cnm
• indoxx bugil
• Indoxx
• 22 xx 3gp
• desa awek blogspot
• dewi3gpblogspotyoutube
• DIDU DESA 3GP VIDEOS
• Download gadis indonesia bugil
• download video bokeptv
• file tipe 3gp awek
• foreg3gp
• FORES NEW KOOLWAP IN MP4
• forex blogspot 3gp
• cewekindone
• Bugilbloksport
• 3gp blogsport
• 3gp gadis desa
• 3gpgadis
• anew forex 3gp blogspot
• awek bugil blok sport
• bianchi
• BloG gadis gadis video
• blogsport3gp
• bokeptv indonesia
• forex3gp tube
• forex3p blog
• gadisdesa bugil
• Gadisxx
• gadisxx bugil
• gadisxx vidio 3gp
• gambr gadis desa
• Indo 3gp tube
• indo gadis 3gp
• indo xvideos 3gp
• indo xx
• gadisbugilxx
• Gadisbugilsek blog spot
• gadi8s
• gadis 12th xx
• gadis bugil desa
• gadis desa 3gp blogspot
• gadis desa adult
• gadis desa blogspot
• gadis gadis bornoe youtube
• gadis virus
• gadis xx
• indoxvideos 3gp

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Sunday, September 7th, 2008 at 12:09 AM and is filed under Computer And Internet, Miscellaneous, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.