HKLM

7 Simple Step to Remove Virus “Conficker” W32/Conficker.DV

Hello world! Are your network attacking by Conficker? hahaha.. don’t get mad this virus can be removed using 7 simple step only. Anyway this virus make some people mad because it’s attacking network (they might have more trouble when try to clean it) and of course your protection 😛 , If we look more deeply this virus using mostly lame virus technique included all in one packet *lol*…. but in advanced the virus maker understand and really know hows really weak windows protection so he make you all mad 😛

How to detect if your computer infected by conficker? There many sign like…. Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com, www.symantec.com, www.norman.com, www.clamav.com, www.grisoft.com, www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.

This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s (again) using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will starts download some images files and created temporary files then building himself (again) LAME! *lol*

Once virus build completed it will starts to disabled some windows services, Virus will blocking any string he found on each active application, here is the list:

Read More »7 Simple Step to Remove Virus “Conficker” W32/Conficker.DV

Remove Vista Virus: huhuhaha VBS/Autorun.AO

Who says new version of operating system would be safe and better than older version ?!?! In this case virus trouble maker show how they can adapted their new technique to touching new version of operating system. In this case “huhhaha” virus has been touched windows vista even it categorized as low risk virus.

“huhuhaha” virus has been created using language “VBScripting” virus size around 6 kb. Spreading technique almost same with classic technique using autorun.inf .. here us virus structure :

  1. autorun.inf (in all root drive)
  2. huhuhaha.vbs (in all root drive)
  3. %systemroot%\WINDOWS\system32\XpWin.vbs

How to detect when you get infected by this virus?

1. look on your run command.

huhuhaha-run

2. System restore deactivated automatically.

3. On your browser header.

huhuhaha-browser

4. Disable UAC (User Account Control) function, Vista team clarify this function as better protection for vista and now it’s already broken so who say vista are safe?

huhuhaha-uac

5. Change registry on name and organization on your registered version to become “huhuhaha

6. De-activated safe mode function, and try to make BSOD (Blue screen of death when you try to access “safe mode”.

huhuhaha-bsod

7. Turned off “security center” function.

How to clean your computer from huhuhaha VBS/Autorun.AO:

1. Unplug your computer from network.

2. Kill active virus process, in this case because this virus run as “VBScript” it will used file “wscript.exe” to run in computer background. Kill wscript.exe by select end process.

Read More »Remove Vista Virus: huhuhaha VBS/Autorun.AO

Remove W32/VBWorm.QXE (bulubebek)

Bulubebek virus has been made using visual basic with size 53kb. Bulubebek Virus very easy to removed using some manual technique. Once virus active it will created master files:

  • \Windows\Script.exe
  • \Windows\LSASS.exe
  • \Documents and Settings\%user%\autorun.inf
  • \Documents and Settings\%user%\bulubebek.ini
  • \bulubebek.ini
  • \autorun.inf

When virus active it will blocking some windows functions such as task manager, folder option, command prompt and more… This virus spreading (usually because it was designed) using flashdisk media by creating autorun.inf files.

bulubebek_autorun.JPG

Hidden folder and duplicate folder

Bulubebek has been designed and working almost same with older brontox varian, it will hidden your real folder and make duplicate .exe files with folder icon to tricky some newbie out there.

Step to cleaning bulubebek virus

1. I recommended to unplug your computers from your network, not really necessary but I think it’s gonna be safe.
2. Disable “System Restore” when in cleaning process.Read More »Remove W32/VBWorm.QXE (bulubebek)