This is a new stupid virus/trojan that will redirected all your traffic to google.com (209.85.225.99) infected my client on 01-01-2010, This virus was made using visual basic with size around 212-233KB. If active it has another supported files with random size.

How to know if you’re infected?

It’s very easy, if you browsing on internet or opening antivirus website then your page always redirected to google website that mean you’re infected by this virus.

Master Files

When this virus active it will created some master files and downloading some another supported files from internet. It will spreading files in different location to make it hard to cleaned. This virus also hiding as windows service and windows drivers.

This is a list of virus master files:

• %systemroot%\windows\system32

1. wmispqd.exe
2. Wmisrwt.exe
3. qxzv85.exe
4. qxzv47.exe
5. secupdat.dat

• %systemroot%\Documents and Settings\%user%\%xx%.exe, Where xx is random character with size 6KB (example: rclxuio.exe).

• %systemroot%\windows\system32\drivers

1. Kernelx86.sys
2. xx%.sys, where xx is random character with size 40KB (example: cvxqkopsd.sys)
3. Ndisvvan.sys
4. krndrv32.sys

• %systemroot%\Documents and Settings\%user%\secupdat.dat

• %systemroot%\Windows\inf

1. Netsf.inf
2. Netsf_m.inf

Spreading Technique and Virus Affect

This virus will spreading in your network or using any removable disk using a autorun technique. If we look in the back mostly all virus using this same technique to spreading, Maybe a good option to modify your windows to disable autorun.

Virus will blocking some windows function like: System Restore, Windows Firewall, RPC DCOM, etc. Virus will also redirected mostly antivirus or security website into google.com using hosts file.

How to Remove W32/SmallTroj.VPCG

1. Deactivated “System Restore” when in cleaning  progress.

2. Disconnected your computer from Network/LAN.

3. Rename msvbvm60.dll (%systemroot%\Windows\system32\msvbvm60.dll) to backup.dll This step to prevent virus active because this virus was made using visual basic, virus will need msvbvm60.dll to run, when you rename it virus can’t active. After you cleaned this virus I recommended you to rename backup.dll back to msvbvm60.dll.

4. Deleted virus master files using Mini PE2XT, Because some rootkit hidden as windows service and driver you need to boot your computers using Mini PE2XT then follow the step:

Menu -> Programs -> File Management -> Windows Explorer

Then deleted files “Virus Master Files” (check in this article).

5. Deleted registry made by virus using Mini PE2XT

Menu -> Programs -> Registry Tools -> Avast! Registry Tools

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\\ctfmon.exe
HKEY_LOCAL_MACHINE\system\ControlSet001\services\kernelx86
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\kernelx86
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\passthru
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
HKEY_LOCAL_MACHINE\system\ControlSet001\services\%xx%
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\%xx%

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
* %windir%\system32\ wmispqd.exe = %system%\ wmispqd.exe:*:enabled:UpnP Firewall

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
* %windir%\system32\ wmispqd.exe = %system%\ wmispqd.exe:*:enabled:UpnP Firewall

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
* %windir%\system32\ wmispqd.exe = %system%\ wmispqd.exe:*:enabled:UpnP Firewall

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
* Change string value Userinit to = userinit.exe

ATTENTION: %xx% is random character, this key created to run .SYS with size 40KB.

6. Restart your computer then use this repair-inf (rename it to repair.inf) right click on it then choose install.

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, software\microsoft\ole, EnableDCOM,0, “Y”
HKLM, SOFTWARE\Microsoft\Security Center,AntiVirusDisableNotify,0×00010001,0
HKLM, SOFTWARE\Microsoft\Security Center,FirewallDisableNotify,0×00010001,0
HKLM, SOFTWARE\Microsoft\Security Center,AntiVirusOverride,0×00010001,0
HKLM, SOFTWARE\Microsoft\Security Center,FirewallOverride,0×00010001,0
HKLM, SYSTEM\ControlSet001\Control\Lsa, restrictanonymous, 0×00010001,0
HKLM, SYSTEM\ControlSet002\Control\Lsa, restrictanonymous, 0×00010001,0
HKLM, SYSTEM\CurrentControlSet\Control\Lsa, restrictanonymous, 0×00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, CheckedValue,0×00010001,0

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableCMD
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ctfmon.exe
HKLM, SYSTEM\ControlSet001\Services\kernelx86
HKLM, SYSTEM\ControlSet002\Services\kernelx86
HKLM, SYSTEM\CurrentControlSet\Services\kernelx86
HKLM, SYSTEM\CurrentControlSet\Services\mojbtjlt
HKLM, SYSTEM\ControlSet001\Services\mojbtjlt
HKLM, SYSTEM\ControlSet002\Services\mojbtjlt
HKLM, SYSTEM\ControlSet001\Services\Passthru
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKLM, SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate, DoNotAllowXPSP2
HKLM, SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe

7. Deleted all temporary internet files using ATF Cleaner.

8. Restore your hosts files using HostsXpert.

9. To make sure your system totally clean and to prevent virus from coming back please scan full your system using Norman Malware Cleaner, If you don’t like Norman I would recommended you to use AVIRA.

Good luck!

SIMILAR POST :

• 6 Step to: Remove Jengkol Virus
• Repair:Antivirus XP 2008, CNN fake message, get_flash_update.exe, Spam & Fake blue screen of death(BSOD)
• Stop Virus Stargate
• 8 Tools Kido/Conficker/Downadup Remover

Incoming search terms:

• menghilangkan searchqu
• f1ku exe
• f1ku exe remove
• mengatasi f1ku exe
• f1ku
• sirefef 0
• win32/sirefef 0
• client for microsoft sharing
• how to remove f1ku exe
• searchqu 406
• sirefef taringa
• cara menghapus f1ku exe
• virus f1ku
• cara mengatasi searchqu
• hoe sirefef da verwijderen
• TROJ_SIREFEF dd
• eliminar searchqu
• eliminar virus explorer exe
• sirefet
• troj_sirefef hh
• menghilangkan virus f1ku
• basmi virus f1ku
• cara menghapus virus trojan
• f1ku exe removal
• mengatasi virus f1ku
• menghilangkan f1ku exe
• remove client for microsoft sharing
• remove f1ku exe
• removing client for microsoft sharing
• sirefef nasıl silinir
• virus f1ku exe
• cara menghapus f1ku
• Cara menghapus serverx exe
• cara menghapus sirefef o
• cara menghapus virus f1ku
• cara menghapus virus trojan win32/sirefef o
• cara menghilangkan f1ku exe
• eliminar abnow
• firefox exe drive not ready
• manajemen file menggunakan explorer
• mengatasi virus f1ku exe
• menghapus f1ku exe
• searchqu nedir
• serchqu
• serchqu verwijderen
• sirefef o eliminar
• sirefif
• win32 sirefef 0
• apa itu f1ku exe
• cara mengatasi virus f1ku exe
• Cara mengatasi windows explorer error pada win xp
• cara menghapus user related errors specific to your windows account
• cara menghilangkan virus f1ku
• cara menghilangkan virus f1ku exe
• delete f1ku exe
• diet virus f1ku exe
• f1ku nedir
• f1ku remover
• limpia sirefet
• masalah firefox exe - No Disk
• membasmi f1ku exe
• membasmi virus f1ku
• membersihkan searchqu
• mengatasi problem page windows xp
• sirefet dv
• trojan win32/sirefef 0
• trojan:win32/sirefef 0
• virus sirefef 0
• apa itu hh exe
• วิธีแก้ f1ku
• วิธีแก้ไวรัส abnow
• bagaimana cara menghapus searchqu
• borrar seachqu
• cach diet virus f1ku exe
• cara hapus f1ku
• cara hapus f1ku exe
• cara membuang virus trojan:win32/sirefef o
• cara mengatasi host application has stopped working
• cara mengatasi masalah firefox has stopped working
• cara mengatasi virus trojan
• cara mengatasprivacy protection
• cara menghilangkan searchqu pada mozilla
• cách diệt virus f1ku exe
• client for microsoft sharing remove
• client for microsoft sharing virus
• desinstalar client for microsoft sharing
• eliminar client for microsoft sharing remove
• eliminar f1ku
• eliminar f1ku exe
• eliminar sirefef da
• f1ku exe remover
• f1ku exe silme
• firefox exe - drive not ready
• hapus f1ku exe
• hapus virus f1ku
• hapus virus f1ku exe
• how to delete f1ku exe
• kenapa semua program muncul tulisan has stop working
• membasmi virus f1ku exe
• membersihkan f1ku exe
• mengatasi internet explorer has stopped working bagaimana
• penyebab windows drive not ready
• programa para eliminar troyano serefef
• remove f1ku
• rimuover sirefef o
• searchqu destruir de explorer
• searchqu silmek
• serchqu sorunu
• sirefef dv
• taringa sirefef dv
• troj_sirefef dd removal
• userinit logon application has stopped working
• userinit logon application has stopped working windows 7
• w32 smalltroj
• win32/sirefef o nasıl kaldırırım
• annti virus penghilang searchqu
• anti f1ku exe
• aplikasi untuk menghapus virus trojan win32 sirefef o
• วิธีค่า virus sirefef da trojan
• bagai mana cara menghapus searchqu 406
• Bagaimana cara membuang virus yg sasah hilang
• bagaimana cara memgatasi firefox exe - no disk
• bagaimana cara menghapus pesan di facebook
• bagaimana cara menghapus virus malwere
• bagaimana cara menghilangkan searchqu
• bagaimana cara uninstall searchqu
• basmi f1ku
• buang virus f1ku
• cach diet con viris trojan:win32/sirefef
• cach diet con virus trojan:win32/sirefef
• cach diet f1ku exe
• cara basmi trojan userinit
• cara basmi virus trojan
• cara basmi virus Trojan:Win32/Serefef p
• cara basmi virus trojan:win:sirefef p
• cara hapus virus trojan
• cara hilangkan nbu exe 32
• cara hilangkan privacy protetion
• cara membersihkan f1ku exe
• cara mengahapus searcqu
• CARA MENGATASI HAS STOPPED WORKING DI WINDOWS 7
• cara mengatasi virus f1ku
• cara mengatasi virus Trojan:Win32/Sirefef O
• cara mengatasi windows explorer has stopped working
• cara menghapus atau mendelete virus f1ku exe
• cara menghapus trojan sirefef o
• cara menghapus virus f1ku exe
• cara menghapus virus sirefef o
• cara menghapus virus trojan sirefef O
• cara menghilangkan abnow
• cara menghilangkan error windows explorer
• cara menghilangkan f1ku
• cara menghilangkan f1ku exe bagaimana ya?
• cara menghilangkan virus abnow
• cara menghilangkan virus pada system win32
• cara menghilangkan virus rpc
• cara mudah menghapus virus f1ku
• cara remove f1ku exe
• cara remove virus trojan sirefef o
• clean f1ku exe
• client for microsoft sharing cannot be uninstalled
• clinet microsoft sharing
• cmenghapuskan virus trojen win32/sirefef dengan cmd
• con que programa puedo eliminar el virus trojan:win32/sirefef o
• delete f1ku exe from registery
• diệt virus autorun f1ku và i6g8xs
• diet f1ku exe
• diet virus f1ku
• edit regedit tool exe
• eliminar i6g8xs
• eliminar sirefif dv
• eliminar virus f1ku
• eliminar virus sirefef
• eliminare sirefef dv trojan
• eliminare trojan win32/sirefef 0
• eliminare trojan:win32/sirefef 0
• f1ku exe antivirus
• f1ku exe diet
• f1ku remove
• f1ku برنامج للتخلص من
• f1ku حذف كردن
• firefox drive not ready
• google searchqu 414
• hapus f1ku exe virus
• hh exe & how to remove permanently
• hilangkan f1ku exe
• how to remove f1ku
• masalah f1ku exe
• masalah firefox has stoped working
• masalah firefox stop working
• mematikan windows-driver not ready
• Membasmi virus yang menyebabkan fire fox error
• mencegah f1ku exe
• mencegah windows explorer always stopped working
• mengatasi diffrent string pada
• mengatasi f1ku
• mengatasi masalah F1ku exe
• MENGATASI USERINIT ERROR
• mengatasi userinit logon application has stopped working
• mengatasi virus adobe pada windows 7
• mengatasi windows no disk pada windows XP
• menghapus f1ku
• menghapus virus f1ku
• Menghilangkan f1ku
• menghilangkan searchqu virus
• menghilangkan sebab not responding pada komputer
• menghilangkan virus no disc
• non riesco a rimuovere sirefef
• удалить StartNow
• que es run a dll as an app
• quitar client for microsoft sharing
• quitar f1ku virus
• remove sirefef 0
• remove w32 smalltroj
• remove win32/sirefef 0
• remove Win32/Sirefef DD
• searchqu blue screen
• searchqu cara hapus dari mozilla
• serachqu verwijderen
• Serverx exe corrupt file cara menghapus
• sirefef 0 remove
• sirefef da trojan removal
• sirefef k
• sirefef k microsoft não consegue resolver
• sirefef o nasıl silerim
• sirefef o nedir
• sirefef virüsü nasıl temizlenir
• sirefif ch
• solusi mengatasi f1ku exe
• troj-sirefef dd
• trojan win32 sirefef 0
• trojan:win32sirefef 0
• troj_sirefef
• troj_sirefef bw
• virus abnow
• W32 small troj Vpcg
• win32 sirefef o nasıl temizlenir
• التخلص من f1ku
• (mengatasi pesan error explorer pada windows xp)
• abnow
• abnow eliminar
• abnow nedir
• abnow nedir?
• abnow tidak mau hilang
• abnow virüs silme
• anti virus f1ku
• anti virus f1ku exe
• antisipasi not responding mozilla
• antivirus f1ku exe
• antivirus membersihkan virus sirefef o
• antivirus para win32/sirefef o
• antivirus untuk f1ku
• antivirus untuk menghapus virus windows no disk
• antivirus untuk virus f1ku
• antivirus w32/smalltroj vpcg
• apa itu cmd exe drive not ready
• apa itu f1ku exe pada system window
• apa itu searchqu
• apa itu sirefef
• apa itu sirefef-a
• apa sih f1ku exe virus
• apa sih virus f1ku exe
• apa yang dimaksud dengan userinit logon application has stopped working
• aplikasi untuk menghapus virus trojan win32/sirefef o
• aplikasi untuk menghilangkan has stopped working
• archivo f1ku
• atasi exe disk not ready
• ยกเลิกseachqu
• ลบ seachqu
• วิธี ลบ seachqu 406
• วิธีกำจัด abnow
• วิธีกำจัด trajan sirefef da
• วิธีลบ troj_sirefef cl
• วิธีลบf1ku exe
• วิธีแก้ i6g8xs exe
• แก้f1ku
• bagai mana cara mengatasi iexplore exe drive not ready
• bagaimana cara hapus manual searchqu
• bagaimana cara mengahapus blog
• bagaimana cara mengatasi sistem32 pada windows7
• bagaimana cara menghapus 32 key look
• bagaimana cara menghilangkan firepox has stopped working
• bagaimana cara ramove searchqu di mozilla
• bagaimana cara remove 32
• bagaimana me restore exe file pada wins7
• bagaimana membersihkan trojan sirefef
• bagaimana mengatasi mozilla stop censorship
• bagaimana mengatasi Windows System32
• bagaimana menghapus f1ku
• bagaimana menghapus software security shield
• basmi trojan
• basmi virus f1ku exe
• borrar virus f1ku
• borrar virus win32/sirefet da
• browsing muncul serchqu
• buang trojan zeroacces
• buang win32 pada windows 7
• cach diet f1ku
• cach diet trojan:win32/sirefef o
• cach diet virus elimina
• cach diet virut f1ku exe
• can we remove f1ku virus from my pc
• cannot remove client for microsoft sharing
• cara atasi f1ku exe
• cara atasi virus redirect
• cara atasi virus trojan 32/sirefef
• cara basmi f1ku exe virus
• cara basmi trojan w32/sirefef
• cara basmi virus f1ku
• cara benerin mozilla firefox stop working win 7
• cara bersihin virus f1ku
• cara blokir file f1ku
• cara f1ku exe
• cara firefox exe drive not
• cara hapus hilang trojan win32 sirefef
• cara hapus malware abnow
• cara hapus recently visited pada mozilla firefox
• cara hapus searchqu/406
• cara hapus sirefef ch
• cara hapus toolbar searchqu
• cara hapus trojan
• cara hapus trojan di mozzila
• cara hapus trojan vb
• cara hapus trojan:win32/sirefef o
• cara hapus virus
• cara hapus virus f1ku
• cara hapus virus f1ku exe
• cara hapuskan virus trojan:win332/sirefef 0
• cara hilangkan trojan:win32/sirefef o
• cara hilangkan virus Trojan:win32/sirefef O
• cara hilankan trojan:win32/sirefef o
• cara hn trojan
• CARA ISTAL WIN XP
• cara mematikan fire fox searchqu
• cara membasmi virus f1ku
• cara membasmi virus f1ku exe
• cara membasmi virus trojan:win32/sirefef p
• cara membersihkan dv trojan
• cara membersihkan komputer dari virus f1ku exe
• cara membersihkan redirect virus
• cara membersihkan searchqu internet explorer
• Cara membersihkan serverx exe dari drive
• cara membersihkan trojan win32 seref pada window 7
• cara membersihkan trojan win32/sirefef o
• cara membersihkan virus exe yang stopped working
• cara membersihkan virus f1ku
• cara membersihkan virus komputer W32/Small
• cara membersihkan virus sirefef o
• cara memperbaiki f1ku
• cara memperbaiki firefox exe-drive not ready

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Sunday, January 10th, 2010 at 11:17 PM and is filed under Computer And Internet, Miscellaneous, Personal, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.