Tuesday, December 4, 2007
Prevent autorun.inf Viruses from Infecting Your Pc
Here are some examples of autorun viruses which rely on the autorun function of Windows to infect PC’s and flash drives.
Funny UST Scandal.avi.exe (latest one in the Philippines)
Autorun.vbs
win32.autorun.k
copy.exe
imgkulot
taga lipa are
autorun.vbs
recycler
FS6519.dll.vbs
strawberry from baguio
W32/Perlovga (copy.exe | host.exe)
VBS_RESULOWS.A (Hacked by Godzilla, Hacked by Moozilla)
Bha.dll.vbs
w32automa worm (Autorun.vbs)
Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe)
W32/RJump.worm (RavMonE)
Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe)
W32.Fujacks.BH (Fucker.vbs)
WORM_AGENT.PGV (soundmix.exe)
W32/Hakaglan.worm (RVHost.exe)
Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe)
Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs)
etc.
To prevent these kinds of viruses on infecting your PC, you need to disable autorun function in your computer, unfortunately, just shutting down autoplay is not a fix. You might think that you could protect yourself from AutoRun by adding two (2) keys to your Registry (NoDriveAutoRun and NoDriveTypeAutoRun) but these keys can be overridden by some programs.
Solution is here:
1. Start Notepad [Start Menu-All Programs-Accessories-Notepad] or right-click any empty space in your desktop then select New-Text Document
2. Copy the following text. (note: Everything in between the square brackets should be in one line)
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
3. Save the file with a name (anything) like DisableAutoRun.reg (The extension .reg is the important part)
4. Double Click your newly created registry file. Choose yes or continue to the warning that will appear.
Credits goes to: OverBurned Thanx man
Tuesday, November 27, 2007
Saturday, November 24, 2007
Funny UST Scandal, smss Virus
What a lame virus......peace...!!!!! MABUHAY ANG LIPA(Lipa City Public College)F.E.S
Before I teach you how to remove this... first... this is the information
of that virus....
Software used to build the virus= AutoIt V3
drop Files- killer.exe(4084 kb) in c:\windows\
lsass.exe(3920kb) in c:\documents and settings\all users\start menu\programs\startup
smss.exe(4088kb) in all root drives and in c:\windows
autorun.inf(1kb) in all root drives with a script
[autorun]
open=smss.exe
shell\Open\Command=smss.exe
shell\open\Default=1
shell\Explore\Command=smss.exe
shell\Autoplay\command=smss.exe
Funny UST Scandal.avi.exe(228kb) in all root drives
Registry Entries-HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon=shell(killer.exe)
HKCU\Software\Microsoft\windows\Currentversion\Run=runonce(c:\windows\smss.exe)
HOw to remove this lame virus????
-first download taskiller in http://www.rsdsoft.com/task_killer/index.php4 and install it to
your computer because you cant use taskmanager to terminate the virus(the virus automatically close taskmanager).
-run taskiller and left click it on the system tray(the one with a skull icon)
-click processes
-to close the virus, select process and click yes to the question
(process to close)
1.killer.exe
2.lsass.exe
3.smss.exe
note: close only file that have the same icon of Funny UST Scandal.avi.exe
CMD STEPS
1-now, click "start" then "run"
2-type "cmd" without quotes
3-type "cd\" without quotes
4-type "attrib -h -s smss.exe" without quotes
5-type "attrib -h -s autorun.inf" without quotes
6-type "start c:" without quotes(a new window will open)
7-select smss.exe,autorun.inf,Funny UST Scandal.avi.exe and delete it
-if theres any drive or a partition type "d:" in command prompt without quotes
"d" is the drive letter then repeat the CMD STEPS number 4-7 above.......
-now type this on the command prompt "cd windows" without quotes(na naman!)
-type "attrib -h -s smss.exe" without quotes(uli)
-type "start c:\windows" without quotes(hay naku!)
-delete the file smss.exe
-now, goto c:\documents and settings\all users\startmenu\programs\startup
-delete lsass.exe
-click "start" then "run"
-type "regedit" without quotes then delete the registry entries above....
-thats all!!!!!! MABUHAY ANG LIPA(6519)
Note:
Magtatagalog na ako.. hirap na akong mag english......
Kapag nagkaproblema kau sa pagoopen ng drives sa mycomputer open
nyo lang uli ang regedit tpos find nyo lang ang "smss.exe"
tpos burahin nyo ung mga value na katulad nito--->>"c:\smss.exe","d:\smss.exe" etc.....
ok?????
Credits to :fs6519 thanx Man
Wednesday, November 14, 2007
jaymyka.wen9.com new virus spread by usb Heres a way to remove it
1. open my computer then click tools, go to folder options, click view, select show hidden files and folders then uncheck "hide extensions for known file types" and uncheck also "hide protected operating system files" then click apply and ok.
2. now open your drive(s) using the address bar (you cannot double click your drives if you are infected) then click C: there you will see "jay.exe" and "autorun.inf", delete both of them, then go to address bar again and choose the other drives (depends on how many partition you have) TAKE NOTE: never click the "back" button, always go to address bar to select the drives,do the same procedure (like in Drive C:)
3. now go to registry editor, highlight my computer then click edit and search "jaymyka.wen9.com" also "jay.exe" and "mveo.exe", if you see them DELETE them all, be sure you deleted all of them then restart your pc.
4. after you restart, try to open my computer and double click your drive(s), check if "jay.exe" and "autorun.inf" totally gone, and you're done.
gud luck guys
Monday, October 29, 2007
Heres Something funny try it your self
Sunday, October 28, 2007
Who do you look like
Find out yours at My Heritage
Saturday, October 20, 2007
Ways to Entertain yourself Online
Free Music you can listen directly to music online just by going to Imeem, Esnips, and for OPM's Tristancafe. I'm sure you'll have your music fix Fast : )
For Clips, TV shows, Movies, & Funny Videos Try Stupidvideos, HolyLemon, Metacafe, Veoh, DAILYMOTION, and of course every ones favorite the Youtube. just one reminder some site may have adult contents so enjoy ; ) hehehehhe
Wednesday, October 17, 2007
Buying A Laptop
then i saw the laptop of my cousin and OMG!!! i was so stunned!! the looks, the power, and best of all the price. only one problem he bought it online. where did you buy it? i ask. and he told me to go to http://www.alienware.com/ and and look for your dream laptop. so my suggestion right now is don't buy your laptop here in stores but online and have it shipped, it cost less and it is very high in quality, and don't forget to ask for an international warranty, just in case something might happen alienware one day I'll order my own.... Try and customize you own laptop and check its price here <--------
Saturday, October 13, 2007
Amzing French Beatboxer
His name is Joseph and he is the best beatbox talent i have ever seen, try and listen as he tries to put 3 sounds at the same time with the song billy jeans, people watching him were amazed by this talented young man, hope i can do what he does and be famous lolz!! Enjoy: ) [How does he do it]
Philippines Beware of Dengue
Friday, October 12, 2007
Granado Espada 2006 Game Of the Year
Wednesday, October 10, 2007
I now pronounce you chuck and larry
Nhatquanglan & Pooh.vbs(W32/DKR.worm) Malwares virus spywares
Ways to remove them you can use system restore and remove the 2 malwares or use a script command to clean them up. i have the script command for the nhatquanglan, but for the pooh.vbs i just used my system restore. here are some instructions and futher information about the 2 new malwares virus or spywares i encountered credit goes to the person who wrote it.
credit goes to: Shrinked Immaculate
Chandigarh, Punjab, India
Nhatquanglan
I recently noticed a spurt in the traffic to my blog which is apparently caused by people looking for answers to the Nhatquanghlan worm. Well, over here in Chandigarh, it seems that this virus is just about in all computers and is being spread by the ubiquitous pen/usb/zip/thumb drive. From my ruminations on the net and frequent tinkering around the ward computer that gets reinfected almost every day, I have made certain observations that seem to make some conclusions about this worm.
1. This worm spreads by USB drives though it is possible that other portable media may be involved too.
2. It causes the task manager, the folder options, registry files to be altered.
3. It can be diagnosed by the above symptoms.
4. There is a crappy looking folder icon that is seen (with same name as the original folder), the file size of which is 282 kb.
5. It makes the computer slow down, and no anti-virus as of now seems to catch hold of it.
6. Inability to stop the USB drive from remove hardware safely option.
7. Inability to format the USB drive.
8. The worm is an autorun .exe file and executes and infects every time a USB drive is plugged in.Cure:
1. Download Hijack this(free), and the task manager fix of the interra group (also free), and a program called spybot killer.
2. Run the hijack this (rename it first or it wont start), and fix all files with scvhost.exe (not svchost.exe), run spybot, and then task manager fix. This should cure it. As u learn more about viruses, hijack this is probably the most useful program to have.
3. Reboot, and should run ok.Prevention:
1. USB hygiene is paramount. Disable autorun (wont happen unless infection is cleared first) using administrative tools.
2. Do not run any program from the USB drive, copy paste on to computer first.
3. Scan USB drive all the times.
4. Format USB drive often.
5. Read about hakaglan on the web.
Pooh.vbs
W32/DKR.worm is a worm that spreads over network or removable drives. Earlier non-propagating variants may be be detected as Backdoor-DKR trojan.
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infecteWhile many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.d systems spread the virus to other systems, which then propagate the virus further.
Ways to remove it
Download startup control Panel at mlin.net (You're going to use this later)
Go to your Task Manager (Ctrl+Alt+Del)
Terminate the Wscipt.exe process
Terminate the Explorer.exe process
Click New Task and Type "cmd" (without the quotes)
type the following in your command prompt
del c:\pooh.vbs /f/s/q/a
del d:\pooh.vbs /f/s/q/a
(include your other drives and USB drives that have been infected)
del c:\windows\system32\kernell.dll.vbs
del c:\aikelyu.html /f/s/q/a
Use the start-up program from mlin.net to remove aikelyu.html on windows startup
Go to New Task and type "regedit" (without the quotes)
Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and modify it to make the value in Shell to only contain "explorer.exe"
your done
Credits tyo the one who wrote this Peace all
Monday, October 8, 2007
Remote control your pc
Computer Security Combination
Eset Nod32
Pros:superior comprehensive protection, Easy to use, low resource consumption, up to date virus signatures, auto updates
Cons: Not Free
SpyBot Search & destroy
Pros: Free, Easy to use, auto Updates, immunization option
Cons: resource consumption a little bit strong
If you have any comments and suggestion feel Free to do so.... Peace!