Computer And Internet

This is Madness, my BIGGEST failure since 2001 in manage my own cyber cafe. 2 or 4 days ago I fell something strange happen with my ADSL connection it’s run very slowly and I’m pretty sure there is something run in my background. I do checked my background, I scan my computers with trusted antivirus, what I found.. NOTHING!

To bad, I let that worm run on my computers until yesterday and I found something. I tested my ADSL connection by unplug my lan wire then connect it again… and you bet what I found DSL modem blinking tell me there is something used the internet connection!.

To make it sure I was called my ISP support and ask him if there is something wrong on their network, he’s answer everything run like normally. OMG… WT* WT* I’m pretty sure my personal computers in my room sending something out to Internet. I was going to my room and do SUPERMAMBO move, GHOST it to make my windows XP back to the state clean install.

The bad news now, I do checking my IP if there someone listed my IP on blacklist list. I do check from here and found there is some website listed my IP as spammer…. errrrr… emmm… and stranger’s keep continues, dalnet network autokilled my IP when I try connecting into they server, Egold blocked my IP from accessing my account. This worm affect really SUCKS!

I was contacting those website who’s listed my IP as spammer and told them this is an mistake, I’m not sending spam but there is worm in my computers and I already get that worms OUT! from my computers. Progress very slow, at least I have to wait for a week.. *woops* slowly world wait web… my bad…. nothing I can do right now, just waiting…

My tips for you

  • Always get the lattest update from your antivirus vendor.
  • Always get the lattest update from your Operating System.
  • Sometimes worm or virus not detected automatically you should check it manually.
  • If you feel something strange stop your internet activity and check to make sure you are on clean state.
  • Do proxy test at least once a month, you can do it free from here.
  • Check at least once a month for BlackListed, you can do it for free from here.
    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet

Last night one of my costumer on cybercafe complaint to me….. she say can’t opening her important document files and I look on it.. I’m not surprised…. kspoold.exe is infected on her flashdisk, all important document changed to executable files.

We talk for a moment then she asking me to help her get that document files back again. first I said can’t, because I’m not already seeing hex code on that infected files and of course because I’m lazy boy.. :p but she keep pushing me and said she will pay me to get that important document back.

*laugh out loudly – this is evil business*

Again google search always help me on my work, I do searching about restoring infected document and found this nice program. you can download and use it for free at your own risk. This program can get your document files back and remove the virus in one way.

Download Here

Document Restore Program Screenshot

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet

Just a few days ago I found this virus process on my computer server, it’s make my server running slowly and make my server as boot flooding zombie. I know it after dal.net autokill my IP address with reason flooding network.

Kspoold.exe virus is not totally broken your computer and very easy to remove I rate it as low risk virus, but.. if you let it stay for a days the virus will checking for any shared folders on your network and make clone on other computer in same network. And the bad news… This virus will change all yours office document files with extension .DOC .XLS .MDB .PPT and you can’t get your document back without this 3rd party tolls, if you’re in big company this is serious problem.

How to remove manually Kspoold.exe virus

First This virus have to be shutting down, Kspoold.exe is running as windows service.

  • Open service manager by click Start -> Run, type: services.msc, then enter.
  • Find service with name K Print Spooler, Watch out for Print Spooler service do not wrong.
  • Images 1
  • Double click on that service . The new window will open with label : K Print Spooler Properties (Local Computer)
  • Click on tab Log On
  • Images 2
  • Click option This Account, type username .\Guest, without password (let it blank)
  • Click Disable button to stop virus process running on computer background.
  • Click Apply button, then click OK.
  • Click on tab General.
  • Stop proses by click Stop button.
  • Images 3

And this virus now not running on your computer. Last step is going to your %SYSTEMROOT%\system32\ and find file with name kspoold.exe delete it.

Optionally you don’t need to remove this line from your registry to stop the virus infected your system in the future.

  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kspooldaemon
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kspooldaemon
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Personal

After 2 days ago my server already cleaned from mso.sys yesterday it’s spreading again in my local networks and download new Trojan called Virut.56 then infected one of my computers client. I think I’m lucky because I detect this Trojan early before it infected all clients. I’m pretty sure this is a new virut variant which coming from mso.sys , It’s really bad bad Trojan and very hard to remove it using manual technique.

To detect when you’re infected by this Trojan:

  1. When your computer start-up you will see 2 IEXPLORE.exe running on process background.
  2. When It’s already totally control your computer you will see VRTxxx.TMP in your process background (xxx=random from 1 to z) and sometimes created random executable inร‚  your username folder.
  3. You can’t open anti-virus website, to test if try to browse www.microsoft.com
  4. If you’re monitoring your traffic Trojan will try to communicate with their server, I don’t know who own this IP but sure it’s located and registered in CHINA!.
  5. You’re executable programs sometimes not working properly.
  6. Your Internet connection slower than usual.

That’s some sign for you to make sure you’re infected by this Trojan. This is really hard Trojan, when I try to remove it using manual technique Trojans keep coming back again and again. Even after I using ckean image from ghost software it’s coming back really fast!. This Trojan infected everything! not only .exe files but .htm and .txt also got infected! specially windows file common used example: explorer.exe, userinit.exe, svchost.exe, and much more.

[to_plus]

If you’re got infected by Trojan virut you actually doesn’t need to re-install total your system. This information was false (but it’s fine), when I try to follow it Trojan coming back in seconds. So don’t waste your time to re-install the system it’s will not working!

How to repair your computer if infected by trojan Virut.56 :

1. Make sure your computer totally not connected to local network and Internet to make sure Trojan can’t hidden or run from the scanner.

2. Download Dr. Web Cure It! and burn it into your CD/DVD (to make sure it’s not infected I used CD non re-writable). Why use Cure It? I try using another anti-virus, anti-malware, and anti-spyware none of them workings right! this is not promotion!

3. Run your computer in safe-mode (recommended) then run Dr. Web Cure It! scan total your system including your removable device (if available) don’t use express scan or custom scan. It should be complete scan! should there is no infected file left or you may cry.

4. After scan complete (usually in 3-6 hours) reboot your computer and try to connect it into local network and Internet. Always check your background process if you find something strange on there disconnected from local network and Internet and re-scan total again your system.

5. If you’re already connected to local network/Internet then you can browse to www.microsoft.com and there is nothing strange on your computer background take a deep breath, the Trojan has been assassinated!

That’s a share for today, have a nice day ๐Ÿ˜€

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Personal

My server just got infected by this virus yesterday from my client USB drive. The effect caused my computer run slowly and windows explorer keep crashing if I open to much programs. It’s very easy to remove this virus just keep reading this short articles…

To detect if you’re infected by this virus is your computer run very slow especially if you’re using explorer.exe resource. You will find file with name “recycler.lnk” in C:\ drive and you will find also “Internet explorer.lnk” (without icon) in your start menu. When you try to delete this shortcut it will coming back and your computer response become more slowly.

Virus spreading from USB drive, if you find out your computer infected don’t add USB drive into it and also if you can unplug that infected computers from local networks to stop it spreading.

[to_plus]

How To Remove Recycler.lnk Virus :

1. Disconnected your computer from Internet/local networks.

2. Close all running programs, Press CTRL+ALT+DEL to run task manager and kill all process name “Rundll32.exe“.

3. Go to c:\ drive and choose folder option, tab view, show hidden files and folders, and the un-check “Hide protected operating system files (recommended)” then click apply.

4. Find file with name “mso.sys” in c:\ root drive then deleted it. Don’t worry this is a fake system files which actually the core of this virus.

5. Run MSConfig, Start -> Run -> Type “msconfig” (without quote), Remove “recycler.lnk” and “Internet Explorer.lnk” from your startup list.

6. Delete “recycler.lnk” in c:\ and “Internet explorer.lnk” in your start menu, then restart your computer.

7. It’s done, Your computers should back normal again.

That’s share for today, have a nice day ๐Ÿ˜€

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
๏ปฟ