This is a new stupid virus/trojan that will redirected all your traffic to google.com (209.85.225.99) infected my client on 01-01-2010, This virus was made using visual basic with size around 212-233KB. If active it has another supported files with random size.

How to know if you’re infected?

It’s very easy, if you browsing on internet or opening antivirus website then your page always redirected to google website that mean you’re infected by this virus.

Master Files

When this virus active it will created some master files and downloading some another supported files from internet. It will spreading files in different location to make it hard to cleaned. This virus also hiding as windows service and windows drivers.

This is a list of virus master files:

• %systemroot%\windows\system32

1. wmispqd.exe
2. Wmisrwt.exe
3. qxzv85.exe
4. qxzv47.exe
5. secupdat.dat

• %systemroot%\Documents and Settings\%user%\%xx%.exe, Where xx is random character with size 6KB (example: rclxuio.exe).

• %systemroot%\windows\system32\drivers

1. Kernelx86.sys
2. xx%.sys, where xx is random character with size 40KB (example: cvxqkopsd.sys)
3. Ndisvvan.sys
4. krndrv32.sys

• %systemroot%\Documents and Settings\%user%\secupdat.dat

• %systemroot%\Windows\inf

1. Netsf.inf
2. Netsf_m.inf

Spreading Technique and Virus Affect

This virus will spreading in your network or using any removable disk using a autorun technique. If we look in the back mostly all virus using this same technique to spreading, Maybe a good option to modify your windows to disable autorun.

Virus will blocking some windows function like: System Restore, Windows Firewall, RPC DCOM, etc. Virus will also redirected mostly antivirus or security website into google.com using hosts file.

How to Remove W32/SmallTroj.VPCG

1. Deactivated “System Restore” when in cleaning  progress.

2. Disconnected your computer from Network/LAN.

3. Rename msvbvm60.dll (%systemroot%\Windows\system32\msvbvm60.dll) to backup.dll This step to prevent virus active because this virus was made using visual basic, virus will need msvbvm60.dll to run, when you rename it virus can’t active. After you cleaned this virus I recommended you to rename backup.dll back to msvbvm60.dll.

4. Deleted virus master files using Mini PE2XT, Because some rootkit hidden as windows service and driver you need to boot your computers using Mini PE2XT then follow the step:

Menu -> Programs -> File Management -> Windows Explorer

Then deleted files “Virus Master Files” (check in this article).

5. Deleted registry made by virus using Mini PE2XT

Menu -> Programs -> Registry Tools -> Avast! Registry Tools

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\\ctfmon.exe
HKEY_LOCAL_MACHINE\system\ControlSet001\services\kernelx86
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\kernelx86
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\passthru
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
HKEY_LOCAL_MACHINE\system\ControlSet001\services\%xx%
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\%xx%

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
* %windir%\system32\ wmispqd.exe = %system%\ wmispqd.exe:*:enabled:UpnP Firewall

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
* %windir%\system32\ wmispqd.exe = %system%\ wmispqd.exe:*:enabled:UpnP Firewall

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
* %windir%\system32\ wmispqd.exe = %system%\ wmispqd.exe:*:enabled:UpnP Firewall

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
* Change string value Userinit to = userinit.exe

ATTENTION: %xx% is random character, this key created to run .SYS with size 40KB.

6. Restart your computer then use this repair-inf (rename it to repair.inf) right click on it then choose install.

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, software\microsoft\ole, EnableDCOM,0, “Y”
HKLM, SOFTWARE\Microsoft\Security Center,AntiVirusDisableNotify,0×00010001,0
HKLM, SOFTWARE\Microsoft\Security Center,FirewallDisableNotify,0×00010001,0
HKLM, SOFTWARE\Microsoft\Security Center,AntiVirusOverride,0×00010001,0
HKLM, SOFTWARE\Microsoft\Security Center,FirewallOverride,0×00010001,0
HKLM, SYSTEM\ControlSet001\Control\Lsa, restrictanonymous, 0×00010001,0
HKLM, SYSTEM\ControlSet002\Control\Lsa, restrictanonymous, 0×00010001,0
HKLM, SYSTEM\CurrentControlSet\Control\Lsa, restrictanonymous, 0×00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, CheckedValue,0×00010001,0

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableCMD
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ctfmon.exe
HKLM, SYSTEM\ControlSet001\Services\kernelx86
HKLM, SYSTEM\ControlSet002\Services\kernelx86
HKLM, SYSTEM\CurrentControlSet\Services\kernelx86
HKLM, SYSTEM\CurrentControlSet\Services\mojbtjlt
HKLM, SYSTEM\ControlSet001\Services\mojbtjlt
HKLM, SYSTEM\ControlSet002\Services\mojbtjlt
HKLM, SYSTEM\ControlSet001\Services\Passthru
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKLM, SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate, DoNotAllowXPSP2
HKLM, SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe

7. Deleted all temporary internet files using ATF Cleaner.

8. Restore your hosts files using HostsXpert.

9. To make sure your system totally clean and to prevent virus from coming back please scan full your system using Norman Malware Cleaner, If you don’t like Norman I would recommended you to use AVIRA.

Good luck!

SIMILAR POST :

• 6 Step to: Remove Jengkol Virus
• Repair:Antivirus XP 2008, CNN fake message, get_flash_update.exe, Spam & Fake blue screen of death(BSOD)
• Stop Virus Stargate
• 8 Tools Kido/Conficker/Downadup Remover

Incoming search terms:

• menghilangkan searchqu
• f1ku exe
• f1ku exe remove
• mengatasi f1ku exe
• sirefef 0
• f1ku
• win32/sirefef 0
• how to remove f1ku exe
• sirefef taringa
• client for microsoft sharing
• cara menghapus f1ku exe
• virus f1ku
• cara mengatasi searchqu
• hoe sirefef da verwijderen
• TROJ_SIREFEF dd
• troj_sirefef hh
• sirefet
• eliminar searchqu
• eliminar virus explorer exe
• searchqu 406
• menghilangkan virus f1ku
• menghilangkan f1ku exe
• cara menghapus virus trojan
• remove client for microsoft sharing
• sirefef nasıl silinir
• basmi virus f1ku
• virus f1ku exe
• removing client for microsoft sharing
• remove f1ku exe
• mengatasi virus f1ku
• mengatasi virus f1ku exe
• firefox exe drive not ready
• cara menghapus virus f1ku
• serchqu verwijderen
• menghapus f1ku exe
• searchqu nedir
• win32 sirefef 0
• serchqu
• cara menghilangkan f1ku exe
• manajemen file menggunakan explorer
• sirefef o eliminar
• cara menghapus f1ku
• Cara menghapus serverx exe
• cara menghapus sirefef o
• f1ku exe removal
• cara menghapus virus trojan win32/sirefef o
• delete f1ku exe
• virus sirefef 0
• diet virus f1ku exe
• trojan win32/sirefef 0
• f1ku nedir
• cara mengatasi virus f1ku exe
• masalah firefox exe - No Disk
• cara menghapus user related errors specific to your windows account
• mengatasi problem page windows xp
• Cara mengatasi windows explorer error pada win xp
• sirefet dv
• apa itu f1ku exe
• cara menghilangkan virus f1ku
• membasmi virus f1ku
• membasmi f1ku exe
• f1ku remover
• limpia sirefet
• trojan:win32/sirefef 0
• sirefif
• cara menghilangkan virus f1ku exe
• eliminar client for microsoft sharing remove
• w32 smalltroj
• cara mengatasi virus trojan
• desinstalar client for microsoft sharing
• userinit logon application has stopped working windows 7
• userinit logon application has stopped working
• cara hapus f1ku
• cara hapus f1ku exe
• cara mengatasi host application has stopped working
• searchqu destruir de explorer
• serchqu sorunu
• searchqu silmek
• cách diệt virus f1ku exe
• rimuover sirefef o
• cara menghilangkan searchqu pada mozilla
• sirefef dv
• taringa sirefef dv
• bagaimana cara menghapus searchqu
• client for microsoft sharing remove
• client for microsoft sharing virus
• troj_sirefef dd removal
• cara membuang virus trojan:win32/sirefef o
• cara mengatasprivacy protection
• eliminar f1ku
• eliminar f1ku exe
• membasmi virus f1ku exe
• cach diet virus f1ku exe
• win32/sirefef o nasıl kaldırırım
• how to delete f1ku exe
• mengatasi internet explorer has stopped working bagaimana
• hapus f1ku exe
• hapus virus f1ku exe
• hapus virus f1ku
• f1ku exe silme
• f1ku exe remover
• borrar seachqu
• apa itu hh exe
• remove f1ku
• programa para eliminar troyano serefef
• membersihkan f1ku exe
• firefox exe - drive not ready
• membersihkan searchqu
• วิธีแก้ f1ku
• kenapa semua program muncul tulisan has stop working
• eliminar sirefef da
• cara menghilangkan virus pada system win32
• hapus f1ku exe virus
• sirefef k
• cara menghapus virus trojan sirefef O
• mengatasi userinit logon application has stopped working
• mengatasi virus adobe pada windows 7
• MENGATASI USERINIT ERROR
• sirefef da trojan removal
• cara menghilangkan error windows explorer
• cara menghilangkan f1ku
• Serverx exe corrupt file cara menghapus
• cara menghilangkan f1ku exe bagaimana ya?
• sirefef 0 remove
• google searchqu 414
• cara menghapus virus sirefef o
• cara mengatasi virus Trojan:Win32/Sirefef O
• Membasmi virus yang menyebabkan fire fox error
• cara mengatasi windows explorer has stopped working
• mencegah f1ku exe
• cara menghapus atau mendelete virus f1ku exe
• sirefef virüsü nasıl temizlenir
• mengatasi diffrent string pada
• how to remove f1ku
• sirefef o nedir
• mengatasi f1ku
• sirefef o nasıl silerim
• cara menghapus trojan sirefef o
• hilangkan f1ku exe
• hh exe & how to remove permanently
• cara menghilangkan virus rpc
• cara menghapus virus f1ku exe
• sirefef k microsoft não consegue resolver
• mematikan windows-driver not ready
• eliminar i6g8xs
• eliminare sirefef dv trojan
• remove win32/sirefef 0
• remove Win32/Sirefef DD
• eliminare trojan win32/sirefef 0
• delete f1ku exe from registery
• eliminare trojan:win32/sirefef 0
• con que programa puedo eliminar el virus trojan:win32/sirefef o
• удалить StartNow
• non riesco a rimuovere sirefef
• remove w32 smalltroj
• diệt virus autorun f1ku và i6g8xs
• diet f1ku exe
• eliminar sirefif dv
• quitar f1ku virus
• que es run a dll as an app
• eliminar virus f1ku
• eliminar virus sirefef
• edit regedit tool exe
• remove sirefef 0
• penyebab windows drive not ready
• diet virus f1ku
• cmenghapuskan virus trojen win32/sirefef dengan cmd
• f1ku exe antivirus
• f1ku remove
• menghapus virus f1ku
• cara mudah menghapus virus f1ku
• masalah firefox stop working
• menghapus f1ku
• buang virus f1ku
• f1ku برنامج للتخلص من
• f1ku حذف كردن
• mengatasi windows no disk pada windows XP
• Menghilangkan f1ku
• searchqu cara hapus dari mozilla
• searchqu blue screen
• clinet microsoft sharing
• f1ku exe diet
• menghilangkan virus no disc
• client for microsoft sharing cannot be uninstalled
• clean f1ku exe
• cara remove virus trojan sirefef o
• menghilangkan sebab not responding pada komputer
• cara remove f1ku exe
• menghilangkan searchqu virus
• firefox drive not ready
• Bagaimana cara membuang virus yg sasah hilang
• cara hilangkan nbu exe 32
• cara hapus virus trojan
• bagaimana cara uninstall searchqu
• basmi f1ku
• troj-sirefef dd
• วิธีค่า virus sirefef da trojan
• cara basmi virus trojan:win:sirefef p
• cara basmi virus Trojan:Win32/Serefef p
• CARA MENGATASI HAS STOPPED WORKING DI WINDOWS 7
• cara basmi virus trojan
• cara hilangkan privacy protetion
• aplikasi untuk menghapus virus trojan win32 sirefef o
• cara mengahapus searcqu
• bagaimana cara memgatasi firefox exe - no disk
• bagai mana cara menghapus searchqu 406
• bagaimana cara menghapus pesan di facebook
• bagaimana cara menghapus virus malwere
• win32 sirefef o nasıl temizlenir
• trojan:win32sirefef 0
• cara membersihkan f1ku exe
• troj_sirefef
• troj_sirefef bw
• bagaimana cara menghilangkan searchqu
• التخلص من f1ku
• solusi mengatasi f1ku exe
• anti f1ku exe
• cach diet f1ku exe
• cara basmi trojan userinit
• sirefif ch
• cach diet con virus trojan:win32/sirefef
• trojan win32 sirefef 0
• W32 small troj Vpcg
• cara mengatasi masalah firefox has stopped working
• cara mengatasi virus f1ku
• cach diet con viris trojan:win32/sirefef
• annti virus penghilang searchqu
• menghilangkan 406?tag
• menghilangkan data preventation
• удалить вирус SIREFEF O
• menghilangkan error 5 di service windows
• win32 sirefef nasıl kurtulurum
• menghilangkan explorer exe drive not ready
• win32 sirefef j zero
• norton removal win32/sirefef j
• menghilangkan explorer exe-no disk
• nonaktifasi searchqu
• pembasmi virus sirefef e
• penyebab f1ku exe
• mengatasi windows explorer problem
• penyebab windows 7 muncul pesan has stopped working
• win32/ sirefet CH
• mengatasi windows7 firewal cant change some of ypur setting
• win32 sirefif-fq
• win32 sirefef-ix bloqueando o firewall
• menghapus drive not ready mozilla firefox
• menghilan trojan
• w32 sirefif dv winlogon exe
• menghapus searchqu homepage
• win sifefe 0 virus
• menghapus virus f1ku exe
• penyebab virus f1ku
• menghapus worm 32 privacy
• win32 sirefef dv taringa
• menghilangkan f1ku exe virus
• non riesco a eliminare virus trojan win32/sirefef p
• w32/smalltroj yaja
• menghilangkan virus sirefef o
• menghilangkan virus trojan/sirefef pada windows
• menghilangkan virus trojan:win32/sirefef O
• Mini PE2XT
• no spyware program will remove searhqu
• msvbvm60 dll cannot delet
• msvbvm60 dll iis7
• muncul f1ku exe
• w32/smalltroj
• netsf exe virus
• muncul pesan driver is not ready pada win xp
• muncul tulisan iexplore exe drive not ready
• w32/smalltroj dvd
• musnahkan virus f1ku
• ndisvvan driver bsod
• menghilangkan virus f1ku exe
• w32smalltrojvpcg f1ku
• menghilangkan firefox exe no disk
• menghilangkan pesan iis7 di mozilla firefox
• menghilangkan privacy protection dikomputer
• menghilangkan run a dll a an app
• win32 sirefef dd trojan
• menghilangkan searchqu pada mozilla
• win32 serefef dv
• menghilangkan searshqu
• win/32sirefef da trojan virus removal
• menghilangkan startnow pada internet exploler
• menghilangkan trojan
• w32 smalltroj yaya
• menghilangkan virus explorer exe
• utilidad para win32/sirefef taringa
• win 32 sirefef da tehlikelimi
• what is sirefef k
• ndisvvan sys sample
• mengatasi windows explorer exe runtime yang error
• mengatasi error signature windows explorer
• memperbaiki windows explorer has stopped working
• memperbaiki hkcmd pada windows
• memperbaiki firefox exe - no disk
• memperbaiki f1ku exe
• memperbaiki exploere exe not responding
• memperbaiki different string value
• memperbaiki ctfmon exe yang error
• membuang virus trojan
• menangani error window savevid toolbar
• menangani virus f1ku exe
• как удалить аваст
• mengatasi dumprep
• mengatasi direfox drive not ready
• yang menyebabkan f1ku exe
• как удалить startnow
• как удалить trojan:win32/sirefef p
• mengatasi data execution prevention run a dll as app
• mengatasi blue screen win32
• mengatasi autoplay aplication has stopped working
• membersikan windows no disk
• membersihkan virus f1ku exe
• membersihkan virus f1ku
• برنامج ازالة الفيروسات drive not ready
• mematikan f1ku exe
• حذف فيروس Win32/Sirefef CH trojan
• mematikan f1ku
• masalah windows drive not ready
• masalah window explorer stop working pada windows 7
• masalah window explorer restarting
• Masalah toolbar searchqu
• membasmi f1ku
• برنامج للتخلص من DRIVE NOT READY
• membasmi f1ku virus
• membersihkan toolbar
• membersihkan searchqu dari browser
• التخلص من searchqu 406
• membersihkan f1ku
• اموزش پاك كردن ويروس f1ku
• ازالة فايروس f1ku
• برنامج EXE I6G8XS
• membasmi small trojan
• mengatasi my windows explorer is stop working pada windows 7
• mengatasi explorer exe-no disk
• win32/serefef CH Troyano
• win32/sirefef 0 clean
• win32/sirefef dv trojan remover
• Win32/Sirefef O
• win32/sirefef o eliminar
• mengatasi userinit
• win32/sirefef o quitar
• win32sirefef remover
• Mengatasi problem userinit stop working
• mengatasi userinit exe no disk
• mengatasi userinit ogon application has stopped working pada win7
• mengatasi usreinit logon application has sopped working
• mengatasi windows eror
• mengatasi windows 7 firewall erorr

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Sunday, January 10th, 2010 at 11:17 PM and is filed under Computer And Internet, Miscellaneous, Personal, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.