virus

Remove W32/VBWorm.QXE (bulubebek)

Bulubebek virus has been made using visual basic with size 53kb. Bulubebek Virus very easy to removed using some manual technique. Once virus active it will created master files:

  • \Windows\Script.exe
  • \Windows\LSASS.exe
  • \Documents and Settings\%user%\autorun.inf
  • \Documents and Settings\%user%\bulubebek.ini
  • \bulubebek.ini
  • \autorun.inf

When virus active it will blocking some windows functions such as task manager, folder option, command prompt and more… This virus spreading (usually because it was designed) using flashdisk media by creating autorun.inf files.

bulubebek_autorun.JPG

Hidden folder and duplicate folder

Bulubebek has been designed and working almost same with older brontox varian, it will hidden your real folder and make duplicate .exe files with folder icon to tricky some newbie out there.

Step to cleaning bulubebek virus

1. I recommended to unplug your computers from your network, not really necessary but I think it’s gonna be safe.
2. Disable “System Restore” when in cleaning process.Read More »Remove W32/VBWorm.QXE (bulubebek)

RELATED SEARCH TERMS:

Remove GoldenGhost Virus W32/Agent.GYMR

Damn those all virus maker, they will never stop make our world better. Hey for you all virus maker out there get a job and stop harassing people! 😛 To detect if your computer has been infected by this virus:

1. You will get error message “16 bit MS-DOS Subsystem” when you start up your computer.

16-bit-ms-dos.JPG

2. Virus will change computer owner and organization become:

RegisteredOrganization = GoldenGhost.Inc
RegisteredOwner = GoldenGhost

computer-properties.JPG

3. When you booting you will see option -= GoldenGhost Was Here =-

xp-booting.JPG

This virus has been made and compiled using visual basic, compressed with UPX, virus size around 1,312 KB. To trick some newbie out there this virus will associated as windows media player files, Actually… with .exe extension.

Master Files
Virus will create master files on
%SystemRoot%\%folder%\%file%.exe (random)
%SystemRoot%\system32\%folder%\%file%.exe (random)
Blocking Windows Function
Disable function “pasteâ€
Disable run
Disable Searh
Disable FolderOptions
Disable menu Recent Documents
Disable right click
Disable CMD
Disable RegistryTools
Disable TaskMgr
Cannot show hidden files
Deleted antivirus Programs

This virus will try to deleted some antivirus programs like Norman Virus Control, kaspersky dan McAfee.

Read More »Remove GoldenGhost Virus W32/Agent.GYMR

RELATED SEARCH TERMS:

Remove Gadis Desa W32/Wayrip.A

This virus categorized as low class because actually this virus not really hard to removed and not really annoyed. Carefully when you received this messages/pop up:

1Â nikmatnya_gadis_desa
2Â saat pertama berkenalan dengannya aku merasa senang
3Â dia hanya seorang gadis desa
4Â dengan cahaya pada bola matanya
5Â yang mampu membawaku terbang
6Â dengan keluguannya
7Â yang selalu membuatku membimbingnya
8Â dia adalam matahariku
9Â yang mencairkan kebekuan hatiku
10 dari :rieysha

To know if your computer infected by this virus is you will see many multimedia files with size around 148KB This virus will generate lot of this files type so it will take enough your disk-space.

Norman antivirus can detect this virus as W32/Wayrip.A

wayrip_norman.JPG

Virus Master

After success to active this virus will creating his master file and also copied it into another drive like d: e: etc.

3gp.exe
dari_rieysha_anak_jogja.exe
dokumenPenting.exe
film.exe
gambar.exe
musik.exe
puisi.txt

Virus will change registry value in HKLM to make it active each time computer reboot:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nikmatnya_gadis_desa = C:\nikmatnya_gadis_desa.exe

To protect himself from people( like me 😛 ) this Virus will try to blocking some windows function like:

– Folder Option
– Run
– Find
– Menu Shutdown
– Drive C:\
– Registry Editor
– Task Manager
– CMD

Virus will change your browser start page redirected to https://h1.ripway.com/anharku (Account already deleted by ripway company) This is the virus creator homepage he try to get lot of people come to his website maybe just for click him adsense ads *LOL*

Virus will change your time AM PM value into riesyha

wayrip-2.JPG

Virus will change your windows information

wayrip-3.JPG

Virus will hiding your drive C:

wayrip-4.JPG

The best part of this virus he will try to kill all security/antivirus programs with caption:
Read More »Remove Gadis Desa W32/Wayrip.A

RELATED SEARCH TERMS: