vbs

Remove Worm VBS/Cryf.A, Shemale by CRY

VBS/Cryf.A was created using visual basic scripting (not visual basic), first case happen on my cyber cafe on date 18 July 2009 it spreading from user flash disk and try to infected all PC in my network.

I’m not sure why so much Indonesian virus maker using lot of this VBS technique (maybe they know without msvbvm.dll VBS can executed on a lot target), Since I write about VBS article long long time ago (I forget maybe around year 2003-2005) in jasakom website with title “VBS sederhana yang berbahaya” many people has try to manipulate that simple code to become advanced code. Now I’m fell really stupid by share that Article to public…

How to know if you’re infected by this worm VBS/Cryf.A:

1.First time your computer turned on it will open web browser and show this pictures.

VBS-Cryf.A-3

2. VBS/Cryf.A will change your web browser start page become:

VBS-Cryf.A-4

3. There is folder “album bokep” (in Indonesian language this mean p**n) in all folder.

4. VBS/Cryf.A will change your system properties become like this:

VBS-Cryf.A-5

5. Change file type .lnk become “movie clip”

VBS-Cryf.A-6

6. It will control your DVD/CD-rom by make it open and close to make you panic.

Read More »Remove Worm VBS/Cryf.A, Shemale by CRY

RELATED SEARCH TERMS:

Remove Vista Virus: huhuhaha VBS/Autorun.AO

Who says new version of operating system would be safe and better than older version ?!?! In this case virus trouble maker show how they can adapted their new technique to touching new version of operating system. In this case “huhhaha” virus has been touched windows vista even it categorized as low risk virus.

“huhuhaha” virus has been created using language “VBScripting” virus size around 6 kb. Spreading technique almost same with classic technique using autorun.inf .. here us virus structure :

  1. autorun.inf (in all root drive)
  2. huhuhaha.vbs (in all root drive)
  3. %systemroot%\WINDOWS\system32\XpWin.vbs

How to detect when you get infected by this virus?

1. look on your run command.

huhuhaha-run

2. System restore deactivated automatically.

3. On your browser header.

huhuhaha-browser

4. Disable UAC (User Account Control) function, Vista team clarify this function as better protection for vista and now it’s already broken so who say vista are safe?

huhuhaha-uac

5. Change registry on name and organization on your registered version to become “huhuhaha

6. De-activated safe mode function, and try to make BSOD (Blue screen of death when you try to access “safe mode”.

huhuhaha-bsod

7. Turned off “security center” function.

How to clean your computer from huhuhaha VBS/Autorun.AO:

1. Unplug your computer from network.

2. Kill active virus process, in this case because this virus run as “VBScript” it will used file “wscript.exe” to run in computer background. Kill wscript.exe by select end process.

Read More »Remove Vista Virus: huhuhaha VBS/Autorun.AO

RELATED SEARCH TERMS:

6 Step to: Remove Jengkol Virus

Jengkol.. What a stupid virus name, Jengkol is traditional food in Indonesia, I don’t know how to categorized this one as food or fruit… usually some people like to eat this thing but I’m not those crazy one. THE SMELL *LOL*

jengkol

Alright I think no need to explain more about what is jengkol ha..ha..ha..

This virus jengkol affect is it will logging off your computers once you executed .INF files or when you editing .VBS file. This virus will works by hiding all files he found with .DOC extension. You work in big company? when this happen your bos will fire you *LOL*

Alright let’s remove this virus out from your computers with 6 simple steps. Read More »6 Step to: Remove Jengkol Virus

RELATED SEARCH TERMS:

ARP Spoofing:PART III, W32/RootKit.STG, Gameeeeeee.vbs, Gameeeeeee.pif

This is new variant of those d**n Chinese virus maker, It’s working sameÂlike older technique in oldÂARP SpoofingÂpart II, If you see file name they using this team looks like gamers team in china. What they looking for? Spoofing your log! get your financial information, get yourÂsensitive information, etc.

Know your enemy!

How actually this virus working? It’s actually attacking your network, no matter what operating system you’re using, what browser you’re using, this virus can reach windows, linux and mac. Actually this virus active on windows platform but in linux or mac with wine application installed on it this virus can active! Browser? Any browser can hijacked! said internet explorer, mozilla firefox, opera, even new google browser chrome! in short words “anyone, anything, can be infected by this virus“.

To know this virus active in your computer, the easiest way is lookingÂfrom yahoo messenger error script the code for this virus is “]

yahoo.jpg

Same like older version it will hijack source of any website you access with modification code through fake gateway which infected for virus spreading,ÂYou have toÂstop access internet if you alreadyÂknow you’re infected.

hijack.jpg

Once active this virus will Read More »ARP Spoofing:PART III, W32/RootKit.STG, Gameeeeeee.vbs, Gameeeeeee.pif

RELATED SEARCH TERMS: