TRUSTED

YM and Skype Virus:YouTube Lady_Eats_Her_Shit Worm:Coutsonif.A

Last week I got IRC bot virus in my server. I don’t know the virus name but I cleaned it manually. We’re not talking about this IRC bot virus cause it really simple cleaned manually using ANSAV UPX tools and Hidden Revealer I cleaned it in within short 1 minutes 😛 In this article we will write to clean YM and Skype bot virus Worm:Coutsonif.A

This virus spreading using social technique and autorun.inf, since it using social technique this virus can spreading easy. Did you ever received message from your TRUSTED friend like this sample?

coutsonif

Listen to me, don’t so easy clicked any link in email or anything! even it come from trusted source. In this case social technique can make you in danger position, Think if virus collecting your financial information :p

When you download this virus it will making 2 random file in %systemroot%\Documents and Settings\%user%\Local Settings\Temp with extension .tmp and .exe then created vshost.exe with size 122kb, file will available on every drive root.

Virus will also make another files:

  • %systemroot%\autorun.inf [all drive]
  • %systemroot%\RECYCLER\S-1-5-21-9949614401-9544371273-983011715-7040\winservices.exe
  • %systemroot%\WINDOWS\system32\sysmgr.exe
  • %systemroot%\WINDOWS\TEMP\5755.tmp
  • %systemroot%\windows\system32\crypts.dll
  • %systemroot%\windows\system32\msvcrt2.dll

It wil also change your registry to automatically started when your computers booting. Beside that, old autorun.inf technique also adopted in this virus spreading:

coutsonif-autorun

Virus will change your registry to allowed only 11 maximum active application, it also blocking your maximum port to only port 8000.

Automatic Update:

This virus will try to automatically update himself to this address list:

66.90.103.169:99/a.exe
66.90.103.169:6666/lsass .exe
66.90.103.169:443/crss .exe
TCP:72.249.94.146:7008 Port:27
TCP:127.0.0.1:1092 Port:30
TCP:66.90.103.169:99 Port:29
TCP:66.90.103.169:6666 Port:30
TCP:66.90.103.169:443 Port:30
Port 80 IP:83.133.127.5
Port 80 IP:68.180.151.74
Port 25 IP:127.0.0.1
Port 80 IP:65.55.21.250
TCP:83.133.127.5:443 Port:17
TCP:65.54.186.47:443 Port:17
Port 80 IP:87.248.208.54
TCP:89.149.254.14:443 Port:21
Port 80 IP:64.4.33.7
Port 80 IP:207.46.11.121
Port 80 IP:65.54.186.47
Port 80 IP:88.221.26.64
TCP:65.55.16.123:443 Port:28
TCP:92.122.112.124:443 Port:28
TCP:92.122.112.124:443 Port:28
TCP:88.221.165.186:443 Port:29
TCP:88.221.165.186:443 Port:29
TCP:83.133.127.5:443 Port:18
TCP:89.149.254.14:443 Port:2
TCP:65.55.16.123:443 Port:27
TCP:65.54.186.47:443 Port:27
TCP:92.122.112.124:443 Port:27
TCP:92.122.112.124:443 Port:28
TCP:88.221.165.186:443 Port:28
TCP:89.149.254.14:443 Port:21

Simple steps to cleaning Coutsonif.A:

1. Disable “System Restore” when in cleaning process.

2. Disable “autoplay/autorun” function by:

Read More »YM and Skype Virus:YouTube Lady_Eats_Her_Shit Worm:Coutsonif.A

RELATED SEARCH TERMS:

Another:Forex Strategy

Another my simple strategy to win forex daily. Patient, unlimited margin, and smart analyze is the key to win. Use Parabolic SAR indicator and FIBONACCI indicator for prediction. Beside this indicator you can read people prediction and read some TRUSTED news source. Here some important point you have to look before you’re going to open position: Looking on daily chart and weekly chart, to see what major trend are still valid. Looking on 1 hour chart and 4 hour chart to open best position following the major trend. Always use 1% margin to open buy or sell position. If you… Read More »Another:Forex Strategy