W32/VBTroj.AOQB

Remove Nadia Saphira Virus W32/VBTroj.AOQB

This virus has been infected my cybercafe server on 25/05/2009 not sure from where this virus coming from, it’s look like from my users flash disk in my cybercafe. After learn it surely this virus can be removed using manual technique.

This virus scripts almost same with bulubebek I think the creator is same person. Some people in forum said this virus is reincarnation of bulubebek. Badly, mostly antivirus company didn’t detected this virus, the only one can detect it only SMADAV but Norman detect it also as W32/VBTroj.AOQB.

Nadia Saphira virus characteristics:

  • File size 17kb and 69kb
  • File type “Application”
  • File extension .exe and .ini
  • Using folder icon
  • Created duplicated folder base on folder name and hiding the real folder
  • Remove folder options
  • Can’t used CD-rom
  • Can’t access command prompt
  • Can’t open registry editor

Same with bulubebek virus, Nadia Saphira virus has been created using visual basic. If virus success on infected your system it will created some file list:

  • autorun.inf (on all root drive)
  • NadiaSaphira.ini (on all root drive)
  • Documents and Settings\All User\Start Menu\Programs\Startup\lan.exe
  • Documents and Settings\%User%\NadiaSaphira.ini
  • WINDOWS\taskmgr.exe
  • WINDOWS\system32\.exe
  • WINDOWS\system32\allsys.exe
  • WINDOWS\system32\misconfig.exe
  • WINDOWS\system32\MS586.sys
  • WINDOWS\system32\System
  • WINDOWS\system32\wtoolsb.exe
  • WINDOWS\system32\dllcache\.exe
  • WINDOWS\system32\ dllcache\System

Same with bulubebek virus Nadia Saphira virus will hiding all your folder that already changed with “fake” folder to tricky some newbie out there to activate this virus. It also will blocking some windows function such as Folder Options, Registry Editor, Search/Find, and Command Prompt.

To make this virus more hard to removed his creator changed your registry and created autorun files when your computer start-up, the first file is lan.exe then it will calling another files to backup. take a look on picture…

nadia-saphira-virus

Infection Method:

As I said in the top articles this virus will using your flashdisk and hijacked windows autoplay function for infection method. Virus will created some autorun.inf files for make him spreading in your system.

nadia-saphira-virus-1

Alright enough let’s remove this sh*t *lol*

How to Remove Nadia Saphira Virus W32/VBTroj.AOQB

1. Disconnected your computer from networks

2. Turn off system restore when in cleaning process (Don’t forget to turn it on again when you already remove this virus)

3. Because this virus blocking your task manager you can use this 3rd tools CurrProcess Kill this process to stop active virus in your system:

Read More »Remove Nadia Saphira Virus W32/VBTroj.AOQB

RELATED SEARCH TERMS: