virus

Simple Step To Remove Recycler.lnk Mso.SYS

My server just got infected by this virus yesterday from my client USB drive. The effect caused my computer run slowly and windows explorer keep crashing if I open to much programs. It’s very easy to remove this virus just keep reading this short articles… To detect if you’re infected by this virus is your computer run very slow especially if you’re using explorer.exe resource. You will find file with name “recycler.lnk” in C:\ drive and you will find also “Internet explorer.lnk” (without icon) in your start menu. When you try to delete this shortcut it will coming back and… Read More »Simple Step To Remove Recycler.lnk Mso.SYS

How To Remove Services303.exe, Fake Adobe Speed launcher Virus

My cybercafe just got infected this virus yesterday. It’s spreading from removable device users plug into my server. It’s really annoying because my computers starts to hang for 10 seconds and then it run again but very slows. All I notice is windows give notification low virtual memory, I cannot run Internet explorer (but still I can run another .exe application), and I cannot shutdown the computer. It also effect Internet connection speed, but I’m not really sure about this. When I type  in command prompt netstats -a I see a lot of established connection (maybe virus sending or downloading… Read More »How To Remove Services303.exe, Fake Adobe Speed launcher Virus

How To Remove W32/Obfuscated.J (Trojan.Downloader2.25378)

If you feel your Computers and Internet slower than usual you may get infected by W32/Obfuscated.J (Trojan.Downloader2.25378). This new Trojan will using your Internet connection to send your information to their server  and updated their self. Carefully when you’re using your computers for business, they may stole your credit cards or bank information. Would you get up from your sleep and find out someone stole your money? I don’t think so… no one would that happening including myself. W32/Obfuscated.J (Trojan.Downloader2.25378) created using C language. There is 2 important files for this virus it was .exe and wjdrive32.exe, both of file… Read More »How To Remove W32/Obfuscated.J (Trojan.Downloader2.25378)

How To: Remove SearchQU Virus

After a weeks analyze newest search term keywords coming to my blog I found there is a lot of request for articles about how to removing virus Searchqu (around 5%). In this short articles I will write how to remove SearchQU virus and bring back your computers to normal condition. Searchqu is a highly dangerous trojan which lures users to unknowingly perform corrupt actions on a targeted computer. Searchqu poses as an antispyware application that displays deceptive warnings and misleading scan results. It then asks for users to purchase it. Searchqu record the contents of all the instant messages you… Read More »How To: Remove SearchQU Virus

Simple Way To Protect Your Removable Device From Autorun Virus

If your computers has been infected by virus it’s usually will generate autorun.inf file on your removable device. In most case this file will created with attributes hidden and read-only. Removable device with high possibilities to infected and spreading the virus are flashdisks and memory cards. Sometimes when you’re using removable device on infected computers you will spread it to another computers without know what you’re doing. In this very short tips & trick article I would like to give an simple and easy tips & trick to protect your removable device got infected and spreading the virus. Follow this… Read More »Simple Way To Protect Your Removable Device From Autorun Virus

How To: Remove Hybrid Sality Shortcut Win32.Sector.2x

This is an short tutorial how to remove Hybrid Sality Shortcut Win32.Sector.2x virus. This short articles will cover how to detected your system if infected by this virus, how this virus will spreading on your network and removable device , and what you can do to stop this virus then remove it from your system. This  short articles provided “AS-IS” with no express or implied warranty for accuracy or accessibility. How to detect if your system infected by Hybrid Sality Shortcut Win32.Sector.2x Virus. 1. Like an older sality technique, virus will disabled your registry editors. 2. Virus will change your… Read More »How To: Remove Hybrid Sality Shortcut Win32.Sector.2x

Remove W32/SmallTroj.VPCG

This is a new stupid virus/trojan that will redirected all your traffic to google.com (209.85.225.99) infected my client on 01-01-2010, This virus was made using visual basic with size around 212-233KB. If active it has another supported files with random size. How to know if you’re infected? It’s very easy, if you browsing on internet or opening antivirus website then your page always redirected to google website that mean you’re infected by this virus. Master Files When this virus active it will created some master files and downloading some another supported files from internet. It will spreading files in different… Read More »Remove W32/SmallTroj.VPCG

Remove DeadLock Virus (W32/Tibs.DKKR)

This time-bomb virus will deleted all your data in your hard-disk and flash-disk  including system files for each file founded on date 12-13 around 8-9 AM each month. If you got this message in your computer then you have infected by this Deadlock Virus.

deadlock-1

This virus has strange master files, I don’t know why this virus creator choose apache.exe (popular web server) and mysql.exe (popular database) if users familiar with computer process they will found out this master files easily. Deadlock has been compressed by petite 2.x. with size 80KB, using application icon.

deadlock-2

Spreading Technique:

No autorun.inf, Deadlock using desktop.ini then folder.htt to execute flashguard.exe, so… if you’re infected by this virus each folder will contains this 3 files.

  1. Desktop.ini
  2. Folder.htt
  3. Flashguard.exe

deadlock-4

deadlock-5

Virus Affect:

This virus will deleted all files, not only data or document, virus will removing them all. If this happen to you I really don’t have smart solution for this… You can try using recovery programs, badly this programs not free. Maybe you can try to searching for free recovery programs, Anyway in my experience not all recovery programs working 100% sometimes you can’t get back lost files in 100% if you lost it in long time ago (ex: 1 year ago).

Virus also will deleted system files and make your computers fails to start, consult with your OS vendor how to fix this (In windows XP there is repair tools from CD but don’t know other) if there is no repair tools you have no choice to reinstall your OS then recover back your lost files.

HOW TO:Remove DeadLock Virus Manually:

1. Disable System Restore when in cleaning process.

Read More »Remove DeadLock Virus (W32/Tibs.DKKR)

RELATED SEARCH TERMS:

Remove Worm VBS/Cryf.A, Shemale by CRY

VBS/Cryf.A was created using visual basic scripting (not visual basic), first case happen on my cyber cafe on date 18 July 2009 it spreading from user flash disk and try to infected all PC in my network.

I’m not sure why so much Indonesian virus maker using lot of this  VBS technique (maybe they know without msvbvm.dll VBS can executed on a lot target), Since I write about VBS article long long time ago (I forget maybe around year 2003-2005) in jasakom website with title “VBS sederhana yang berbahaya” many people has try to manipulate that simple code to become advanced code. Now I’m fell really stupid by share that Article to public…

How to know if you’re infected by this worm VBS/Cryf.A:

1.First time your computer turned on it will open web browser and show this pictures.

VBS-Cryf.A-3

2. VBS/Cryf.A will change your web browser start page become:

VBS-Cryf.A-4

3. There is folder “album bokep” (in Indonesian language this mean p**n) in all folder.

4. VBS/Cryf.A will change your system properties become like this:

VBS-Cryf.A-5

5. Change file type .lnk become “movie clip”

VBS-Cryf.A-6

6. It will control your DVD/CD-rom by make it open and close to make you panic.

Read More »Remove Worm VBS/Cryf.A, Shemale by CRY

RELATED SEARCH TERMS:

Remove Sandra Dewi Bugil Virus W32/Sadra.A

Sandra Dewi Bugil….? This is not p**n! this is an computer virus! 😛 but surely this is a noob virus creator *again*

sandra_dewi

Virus characteristic:

  • Virus size 132kb
  • Virus file type “application”
  • Virus extension .exe
  • Using images icon

Sandra Dewi Bugil Virus has been created using visual basic, If virus success on infected your system he will created some files:

  • \Sandra Dewi Bugil.exe (In all root drive)
  • \Documents and Settings\%user%\Start Menu\Programs\Startup\Sandra Dewi Bugil.exe
  • \WINDOWS\Sandra Dewi Bugil.exe
  • \WINDOWS\system32\ Sandra Dewi Bugil.exe
  • Creating duplicate virus on all folder in removable drive/usb.

This virus will show message when your computer active, the easiest way to know is you’re system infected by this virus.

sandradewibugil-virus-1

This virus will blocking some windows function to make him hard to removed.

  • Disable Folder Options
  • Disable Registry Editor
  • Disable Search/Find
  • Disable Command Prompt
  • Disable Task Manager
  • Disable Control Panel
  • Disable Msconfig/System Configuration Utility
  • Disable Right Click on Desktop
  • Disable “All Programs” on Start Menu
  • Disable Log Off/Turn Off

Read More »Remove Sandra Dewi Bugil Virus W32/Sadra.A

RELATED SEARCH TERMS: