Jengkol.. What a stupid virus name, Jengkol is traditional food in Indonesia,  I don’t know how to categorized this one as food or fruit… usually some people like to eat this thing but I’m not those crazy one. THE SMELL *LOL*

Alright I think no need to explain more about what is jengkol ha..ha..ha..

This virus jengkol affect is it will logging off your computers once you executed .INF files or when you editing .VBS file. This virus will works by hiding all files he found with .DOC extension. You work in big company? when this happen your bos will fire you *LOL*

Alright let’s remove this virus out from your computers with 6 simple steps. Read More »

This is new variant of those d**n Chinese virus maker, It’s working same like older technique in old ARP Spoofing part II, If you see file name they using this team looks like gamers team in china. What they looking for? Spoofing your log! get your financial information, get your sensitive information, etc.

Know your enemy!

How actually this virus working? It’s actually attacking your network, no matter what operating system you’re using, what browser you’re using, this virus can reach  windows, linux and mac. Actually this virus active on windows platform but in linux  or mac with wine application installed on it this virus can active! Browser? Any browser can hijacked! said internet explorer, mozilla firefox, opera, even new google browser chrome! in short words “anyone, anything, can be infected by this virus“.

To know this virus active in your computer, the easiest way is looking from yahoo messenger error script the code for this virus is “]“

Same like older version it will hijack source of any website you access with modification code through fake gateway which infected for virus spreading, You have to stop access internet if you already know you’re infected.

Once active this virus will Read More »

Damn those all virus maker, they will never stop make our world better. Hey for you all virus maker out there get a job and stop harassing people! To detect if your computer has been infected by this virus:

1. You will get error message “16 bit MS-DOS Subsystem” when you start up your computer.

2. Virus will change computer owner and organization become:

RegisteredOrganization = GoldenGhost.Inc
RegisteredOwner = GoldenGhost

3. When you booting you will see option -= GoldenGhost Was Here =-

This virus has been made and compiled using visual basic,  compressed with UPX, virus size around 1,312 KB. To trick some newbie out there this virus will associated as windows media player files, Actually… with .exe extension.

Master Files
Virus will create master files on
%SystemRoot%\%folder%\%file%.exe (random)
%SystemRoot%\system32\%folder%\%file%.exe (random)
Blocking Windows Function
Disable function “paste”
Disable run
Disable Searh
Disable FolderOptions
Disable menu Recent Documents
Disable right click
Disable CMD
Disable RegistryTools
Disable TaskMgr
Cannot show hidden files
Deleted AntiVirus Programs

This virus will try to deleted some antivirus programs like Norman Virus Control, kaspersky dan McAfee.

Read More »

Computer virus again.. Today my Laptop and PC got infected by W32/ALMAN. All I can say this virus is smart and not easy to killed It’s cannot stopped by just view in background process, in services, and startup list. This virus will make 2 master source files on %SystemRoot%\System32 first wmdrtc32.dll (40 KB) and wmdrtc32.dl_ (26,5 KB) Once it active it will injected code to any executable files and infected it. If you got message box with message “There is no disk blabla” or you cannot run any executable files you should check on your system files about those 2 d**n files.

To clean infected files use this free W32/ALMAN remover from grisoft. Download this booth files and save in one folder rmalman.exe rmalman.nt run rmalman.exe and follow instruction on there. Anyway I’m not guarantee this remover will make your computer totally clean from this virus.

In my case this remover not clean my computer totally from this virus, it keep generate .dll files again and again I do scan with ANSAV, AVG and rmalman.exe but there is nothing can help me out. I was so frustrated because much of important data in my laptop should be safe. After searching in google I found out we can check and bring back Windows genuine file by using command sfc (Windows System File Checker) so I test it run “sfc /scannow” from command prompt. It’s WORKS this virus stopped infected my computer now! Yay!

*Tips
You lost your windows CD or you install your windows from your Hard disk? you can run sfc command without CD by following this tricks.. Run regedit and find..

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath

Change Value Data and point it into your i386 folder! example: the structure is D:\blabla\i386 then you should change Value Data to D:\blabla

Run “sfc /scannow” It should work if you set right Value Data on registry!

This is Madness, my BIGGEST failure since 2001 in manage my own cyber cafe. 2 or 4 days ago I fell something strange happen with my ADSL connection it’s run very slowly and I’m pretty sure there is something run in my background. I do checked my background, I scan my computers with trusted antivirus, what I found.. NOTHING!

To bad, I let that worm run on my computers until yesterday and I found something. I tested my ADSL connection by unplug my lan wire then connect it again… and you bet what I found DSL modem blinking tell me there is something used the internet connection!.

To make it sure I was called my ISP support and ask him if there is something wrong on their network, he’s answer everything run like normally. OMG… WT* WT* I’m pretty sure my personal computers in my room sending something out to Internet. I was going to my room and do SUPERMAMBO move, GHOST it to make my windows XP back to the state clean install.

The bad news now, I do checking my IP if there someone listed my IP on blacklist list. I do check from here and found there is some website listed my IP as spammer…. errrrr… emmm… and stranger’s keep continues, dalnet network autokilled my IP when I try connecting into they server, Egold blocked my IP from accessing my account. This worm affect really SUCKS!

I was contacting those website who’s listed my IP as spammer and told them this is an mistake, I’m not sending spam but there is worm in my computers and I already get that worms OUT! from my computers. Progress very slow, at least I have to wait for a week.. *woops* slowly world wait web… my bad…. nothing I can do right now, just waiting…

My tips for you

• Always get the lattest update from your antivirus vendor.
• Always get the lattest update from your Operating System.
• Sometimes worm or virus not detected automatically you should check it manually.
• If you feel something strange stop your internet activity and check to make sure you are on clean state.
• Do proxy test at least once a month, you can do it free from here.
• Check at least once a month for BlackListed, you can do it for free from here.

Just a few days ago I found this virus process on my computer server, it’s make my server running slowly and make my server as boot flooding zombie. I know it after dal.net autokill my IP address with reason flooding network.

Kspoold.exe virus is not totally broken your computer and very easy to remove I rate it as low risk virus, but.. if you let it stay for a days the virus will checking for any shared folders on your network and make clone on other computer in same network. And the bad news… This virus will change all yours office document files with extension .DOC .XLS .MDB .PPT and you can’t get your document back without this 3rd party tolls, if you’re in big company this is serious problem.

How to remove manually Kspoold.exe virus

First This virus have to be shutting down, Kspoold.exe is running as windows service.

• Open service manager by click Start » Run, type: services.msc, then enter.
• Find service with name K Print Spooler, Watch out for Print Spooler service do not wrong.
• 
• Double click on that service . The new window will open with label : K Print Spooler Properties (Local Computer)
• Click on tab Log On
• 
• Click option This Account, type username .\Guest, without password (let it blank)
• Click Disable button to stop virus process running on computer background.
• Click Apply button, then click OK.
• Click on tab General.
• Stop proses by click Stop button.
• 

And this virus now not running on your computer. Last step is going to your %SYSTEMROOT%\system32\ and find file with name kspoold.exe delete it.

Optionally you don’t need to remove this line from your registry to stop the virus infected your system in the future.

• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kspooldaemon
• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kspooldaemon
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\