Prevention is better than cure.
Here are some examples of autorun viruses which rely on the autorun function of Windows to infect PC’s and flash drives.
Funny UST Scandal.avi.exe (latest one in the Philippines)
Autorun.vbs
win32.autorun.k
copy.exe
imgkulot
taga lipa are
autorun.vbs
recycler
FS6519.dll.vbs
strawberry from baguio
W32/Perlovga (copy.exe | host.exe)
VBS_RESULOWS.A (Hacked by Godzilla, Hacked by Moozilla)
Bha.dll.vbs
w32automa worm (Autorun.vbs)
Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe)
W32/RJump.worm (RavMonE)
Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe)
W32.Fujacks.BH (Fucker.vbs)
WORM_AGENT.PGV (soundmix.exe)
W32/Hakaglan.worm (RVHost.exe)
Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe)
Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs)
etc.
To prevent these kinds of viruses on infecting your PC, you need to disable autorun function in your computer, unfortunately, just shutting down autoplay is not a fix. You might think that you could protect yourself from AutoRun by adding two (2) keys to your Registry (NoDriveAutoRun and NoDriveTypeAutoRun) but these keys can be overridden by some programs.
Solution is here:
1. Start Notepad [Start Menu-All Programs-Accessories-Notepad] or right-click any empty space in your desktop then select New-Text Document
2. Copy the following text. (note: Everything in between the square brackets should be in one line)
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
3. Save the file with a name (anything) like DisableAutoRun.reg (The extension .reg is the important part)
4. Double Click your newly created registry file. Choose yes or continue to the warning that will appear.
Credits goes to: OverBurned Thanx man
Tuesday, December 4, 2007
Tuesday, November 27, 2007
Saturday, November 24, 2007
Funny UST Scandal, smss Virus
What a lame virus......peace...!!!!! MABUHAY ANG LIPA(Lipa City Public College)F.E.S
Before I teach you how to remove this... first... this is the information
of that virus....
Software used to build the virus= AutoIt V3
drop Files- killer.exe(4084 kb) in c:\windows\
lsass.exe(3920kb) in c:\documents and settings\all users\start menu\programs\startup
smss.exe(4088kb) in all root drives and in c:\windows
autorun.inf(1kb) in all root drives with a script
[autorun]
open=smss.exe
shell\Open\Command=smss.exe
shell\open\Default=1
shell\Explore\Command=smss.exe
shell\Autoplay\command=smss.exe
Funny UST Scandal.avi.exe(228kb) in all root drives
Registry Entries-HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon=shell(killer.exe)
HKCU\Software\Microsoft\windows\Currentversion\Run=runonce(c:\windows\smss.exe)
HOw to remove this lame virus????
-first download taskiller in http://www.rsdsoft.com/task_killer/index.php4 and install it to
your computer because you cant use taskmanager to terminate the virus(the virus automatically close taskmanager).
-run taskiller and left click it on the system tray(the one with a skull icon)
-click processes
-to close the virus, select process and click yes to the question
(process to close)
1.killer.exe
2.lsass.exe
3.smss.exe
note: close only file that have the same icon of Funny UST Scandal.avi.exe
CMD STEPS
1-now, click "start" then "run"
2-type "cmd" without quotes
3-type "cd\" without quotes
4-type "attrib -h -s smss.exe" without quotes
5-type "attrib -h -s autorun.inf" without quotes
6-type "start c:" without quotes(a new window will open)
7-select smss.exe,autorun.inf,Funny UST Scandal.avi.exe and delete it
-if theres any drive or a partition type "d:" in command prompt without quotes
"d" is the drive letter then repeat the CMD STEPS number 4-7 above.......
-now type this on the command prompt "cd windows" without quotes(na naman!)
-type "attrib -h -s smss.exe" without quotes(uli)
-type "start c:\windows" without quotes(hay naku!)
-delete the file smss.exe
-now, goto c:\documents and settings\all users\startmenu\programs\startup
-delete lsass.exe
-click "start" then "run"
-type "regedit" without quotes then delete the registry entries above....
-thats all!!!!!! MABUHAY ANG LIPA(6519)
Note:
Magtatagalog na ako.. hirap na akong mag english......
Kapag nagkaproblema kau sa pagoopen ng drives sa mycomputer open
nyo lang uli ang regedit tpos find nyo lang ang "smss.exe"
tpos burahin nyo ung mga value na katulad nito--->>"c:\smss.exe","d:\smss.exe" etc.....
ok?????
Credits to :fs6519 thanx Man
Wednesday, November 14, 2007
jaymyka.wen9.com new virus spread by usb Heres a way to remove it
if you are infected by this virus just do the following to delete it manually;
1. open my computer then click tools, go to folder options, click view, select show hidden files and folders then uncheck "hide extensions for known file types" and uncheck also "hide protected operating system files" then click apply and ok.
2. now open your drive(s) using the address bar (you cannot double click your drives if you are infected) then click C: there you will see "jay.exe" and "autorun.inf", delete both of them, then go to address bar again and choose the other drives (depends on how many partition you have) TAKE NOTE: never click the "back" button, always go to address bar to select the drives,do the same procedure (like in Drive C:)
3. now go to registry editor, highlight my computer then click edit and search "jaymyka.wen9.com" also "jay.exe" and "mveo.exe", if you see them DELETE them all, be sure you deleted all of them then restart your pc.
4. after you restart, try to open my computer and double click your drive(s), check if "jay.exe" and "autorun.inf" totally gone, and you're done.
gud luck guys
1. open my computer then click tools, go to folder options, click view, select show hidden files and folders then uncheck "hide extensions for known file types" and uncheck also "hide protected operating system files" then click apply and ok.
2. now open your drive(s) using the address bar (you cannot double click your drives if you are infected) then click C: there you will see "jay.exe" and "autorun.inf", delete both of them, then go to address bar again and choose the other drives (depends on how many partition you have) TAKE NOTE: never click the "back" button, always go to address bar to select the drives,do the same procedure (like in Drive C:)
3. now go to registry editor, highlight my computer then click edit and search "jaymyka.wen9.com" also "jay.exe" and "mveo.exe", if you see them DELETE them all, be sure you deleted all of them then restart your pc.
4. after you restart, try to open my computer and double click your drive(s), check if "jay.exe" and "autorun.inf" totally gone, and you're done.
gud luck guys
Monday, October 29, 2007
Heres Something funny try it your self
Face Morphing another very interesting face recognition feature of My Heritage website. Forgive me but i think its really close bwahahahahhah....
Sunday, October 28, 2007
Who do you look like
well it's been a long time since i last updated my blog, well it was a very busy week. what did i find from the net that i can share with you, a site that will try to recognize your face and match it up with celebrities. its fun and very entertaining, try it, its very simple just upload a picture and let the site match your face with other faces and get the result. Heres mine..hehehehe Dean Cain Eat your heart out!!!!
Find out yours at My Heritage
Find out yours at My Heritage
Saturday, October 20, 2007
Ways to Entertain yourself Online
i was bored while browsing the net, and i started looking for site to entertain me. i came upon free game site like miniclip, and albinoblacksheep they had games that would truly entertain you.try them their free, but don't over do it like what i did and forget things you would do for the day.
Free Music you can listen directly to music online just by going to Imeem, Esnips, and for OPM's Tristancafe. I'm sure you'll have your music fix Fast : )
For Clips, TV shows, Movies, & Funny Videos Try Stupidvideos, HolyLemon, Metacafe, Veoh, DAILYMOTION, and of course every ones favorite the Youtube. just one reminder some site may have adult contents so enjoy ; ) hehehehhe
Free Music you can listen directly to music online just by going to Imeem, Esnips, and for OPM's Tristancafe. I'm sure you'll have your music fix Fast : )
For Clips, TV shows, Movies, & Funny Videos Try Stupidvideos, HolyLemon, Metacafe, Veoh, DAILYMOTION, and of course every ones favorite the Youtube. just one reminder some site may have adult contents so enjoy ; ) hehehehhe
Wednesday, October 17, 2007
Buying A Laptop
i was looking for a laptop for my personal use and i didn't see anything close to my standards. i want my laptop to be top of the line at the same time the price must be right hehehhehe....
then i saw the laptop of my cousin and OMG!!! i was so stunned!! the looks, the power, and best of all the price. only one problem he bought it online. where did you buy it? i ask. and he told me to go to http://www.alienware.com/ and and look for your dream laptop. so my suggestion right now is don't buy your laptop here in stores but online and have it shipped, it cost less and it is very high in quality, and don't forget to ask for an international warranty, just in case something might happen alienware one day I'll order my own.... Try and customize you own laptop and check its price here <--------
then i saw the laptop of my cousin and OMG!!! i was so stunned!! the looks, the power, and best of all the price. only one problem he bought it online. where did you buy it? i ask. and he told me to go to http://www.alienware.com/ and and look for your dream laptop. so my suggestion right now is don't buy your laptop here in stores but online and have it shipped, it cost less and it is very high in quality, and don't forget to ask for an international warranty, just in case something might happen alienware one day I'll order my own.... Try and customize you own laptop and check its price here <--------
Saturday, October 13, 2007
Amzing French Beatboxer
His name is Joseph and he is the best beatbox talent i have ever seen, try and listen as he tries to put 3 sounds at the same time with the song billy jeans, people watching him were amazed by this talented young man, hope i can do what he does and be famous lolz!! Enjoy: ) [How does he do it]
Philippines Beware of Dengue
My aunt is a pediatrician and she told us that we should take cake of ourselves and our young ones cause dengue today is different from before, it is detected at a late stage and the symptoms start with fever, colds flu and coughing or pneumonia. Dengue is very dangerous at a late stage it causes internal bleeding and it is very painful (how painful? it had the name break-bone fever or bonecrusher disease). so if your having fever, flu, coughing for longer than 3 days have yourself or your children tested for this disease (Blood Test) its always good to be sure, remember regrets always happens at the end.
Friday, October 12, 2007
Granado Espada 2006 Game Of the Year
I just recently played Granado Espada an MMORPG made By Koreans same Makers Of Ragnarok and i was amazed by the game! its like wow!!! a new feeling brought by an MMORPG a game worthy to call a WINNER, imagine controlling 3 character at once and not have a hard time. The AI of the game is so high and you can play solo, Healer, Front Warrior, and a nuker. If you tried the game you'll see what im saying so if your looking for a new MMORPG to try, try this one Its no game of the year for nothing
Wednesday, October 10, 2007
I now pronounce you chuck and larry
hilarious movie I just watched it a while ago and i truly enjoyed it... its full of crazy stuff and my god jessica biel is so hot, truly one of a kind body. watch it....
Nhatquanglan & Pooh.vbs(W32/DKR.worm) Malwares virus spywares
The Two spywares/malwares/virus i have stumbled upon. Nhatquanglan slows down your pc and disable some fuctions like folder option, taskmanager, regedit etc. while (W32/DKR.worm) pooh.vbs slow pc and spreads it self through USB Drives. i use nod32 anti virus and they by passed it, but i know nod32 will have an update soon to detect this 2 threats...
Ways to remove them you can use system restore and remove the 2 malwares or use a script command to clean them up. i have the script command for the nhatquanglan, but for the pooh.vbs i just used my system restore. here are some instructions and futher information about the 2 new malwares virus or spywares i encountered credit goes to the person who wrote it.
credit goes to: Shrinked Immaculate
Chandigarh, Punjab, India
Nhatquanglan
I recently noticed a spurt in the traffic to my blog which is apparently caused by people looking for answers to the Nhatquanghlan worm. Well, over here in Chandigarh, it seems that this virus is just about in all computers and is being spread by the ubiquitous pen/usb/zip/thumb drive. From my ruminations on the net and frequent tinkering around the ward computer that gets reinfected almost every day, I have made certain observations that seem to make some conclusions about this worm.
1. This worm spreads by USB drives though it is possible that other portable media may be involved too.
2. It causes the task manager, the folder options, registry files to be altered.
3. It can be diagnosed by the above symptoms.
4. There is a crappy looking folder icon that is seen (with same name as the original folder), the file size of which is 282 kb.
5. It makes the computer slow down, and no anti-virus as of now seems to catch hold of it.
6. Inability to stop the USB drive from remove hardware safely option.
7. Inability to format the USB drive.
8. The worm is an autorun .exe file and executes and infects every time a USB drive is plugged in.Cure:
1. Download Hijack this(free), and the task manager fix of the interra group (also free), and a program called spybot killer.
2. Run the hijack this (rename it first or it wont start), and fix all files with scvhost.exe (not svchost.exe), run spybot, and then task manager fix. This should cure it. As u learn more about viruses, hijack this is probably the most useful program to have.
3. Reboot, and should run ok.Prevention:
1. USB hygiene is paramount. Disable autorun (wont happen unless infection is cleared first) using administrative tools.
2. Do not run any program from the USB drive, copy paste on to computer first.
3. Scan USB drive all the times.
4. Format USB drive often.
5. Read about hakaglan on the web.
Pooh.vbs
W32/DKR.worm is a worm that spreads over network or removable drives. Earlier non-propagating variants may be be detected as Backdoor-DKR trojan.
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infecteWhile many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.d systems spread the virus to other systems, which then propagate the virus further.
Ways to remove it
Download startup control Panel at mlin.net (You're going to use this later)
Go to your Task Manager (Ctrl+Alt+Del)
Terminate the Wscipt.exe process
Terminate the Explorer.exe process
Click New Task and Type "cmd" (without the quotes)
type the following in your command prompt
del c:\pooh.vbs /f/s/q/a
del d:\pooh.vbs /f/s/q/a
(include your other drives and USB drives that have been infected)
del c:\windows\system32\kernell.dll.vbs
del c:\aikelyu.html /f/s/q/a
Use the start-up program from mlin.net to remove aikelyu.html on windows startup
Go to New Task and type "regedit" (without the quotes)
Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and modify it to make the value in Shell to only contain "explorer.exe"
your done
Credits tyo the one who wrote this Peace all
Ways to remove them you can use system restore and remove the 2 malwares or use a script command to clean them up. i have the script command for the nhatquanglan, but for the pooh.vbs i just used my system restore. here are some instructions and futher information about the 2 new malwares virus or spywares i encountered credit goes to the person who wrote it.
credit goes to: Shrinked Immaculate
Chandigarh, Punjab, India
Nhatquanglan
I recently noticed a spurt in the traffic to my blog which is apparently caused by people looking for answers to the Nhatquanghlan worm. Well, over here in Chandigarh, it seems that this virus is just about in all computers and is being spread by the ubiquitous pen/usb/zip/thumb drive. From my ruminations on the net and frequent tinkering around the ward computer that gets reinfected almost every day, I have made certain observations that seem to make some conclusions about this worm.
1. This worm spreads by USB drives though it is possible that other portable media may be involved too.
2. It causes the task manager, the folder options, registry files to be altered.
3. It can be diagnosed by the above symptoms.
4. There is a crappy looking folder icon that is seen (with same name as the original folder), the file size of which is 282 kb.
5. It makes the computer slow down, and no anti-virus as of now seems to catch hold of it.
6. Inability to stop the USB drive from remove hardware safely option.
7. Inability to format the USB drive.
8. The worm is an autorun .exe file and executes and infects every time a USB drive is plugged in.Cure:
1. Download Hijack this(free), and the task manager fix of the interra group (also free), and a program called spybot killer.
2. Run the hijack this (rename it first or it wont start), and fix all files with scvhost.exe (not svchost.exe), run spybot, and then task manager fix. This should cure it. As u learn more about viruses, hijack this is probably the most useful program to have.
3. Reboot, and should run ok.Prevention:
1. USB hygiene is paramount. Disable autorun (wont happen unless infection is cleared first) using administrative tools.
2. Do not run any program from the USB drive, copy paste on to computer first.
3. Scan USB drive all the times.
4. Format USB drive often.
5. Read about hakaglan on the web.
Pooh.vbs
W32/DKR.worm is a worm that spreads over network or removable drives. Earlier non-propagating variants may be be detected as Backdoor-DKR trojan.
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infecteWhile many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.d systems spread the virus to other systems, which then propagate the virus further.
Ways to remove it
Download startup control Panel at mlin.net (You're going to use this later)
Go to your Task Manager (Ctrl+Alt+Del)
Terminate the Wscipt.exe process
Terminate the Explorer.exe process
Click New Task and Type "cmd" (without the quotes)
type the following in your command prompt
del c:\pooh.vbs /f/s/q/a
del d:\pooh.vbs /f/s/q/a
(include your other drives and USB drives that have been infected)
del c:\windows\system32\kernell.dll.vbs
del c:\aikelyu.html /f/s/q/a
Use the start-up program from mlin.net to remove aikelyu.html on windows startup
Go to New Task and type "regedit" (without the quotes)
Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and modify it to make the value in Shell to only contain "explorer.exe"
your done
Credits tyo the one who wrote this Peace all
Monday, October 8, 2007
Remote control your pc
Manage your computer when your away www.logmein.com the website helps you control your computer via another computer as long as both have internet connection, just by using a internet browser or explorer its safe fast and best of all they offer free service try it and monitor your computer even when your away...
Computer Security Combination
The tested anti-virus & spy ware remover i know
Eset Nod32
Pros:superior comprehensive protection, Easy to use, low resource consumption, up to date virus signatures, auto updates
Cons: Not Free
SpyBot Search & destroy
Pros: Free, Easy to use, auto Updates, immunization option
Cons: resource consumption a little bit strong
If you have any comments and suggestion feel Free to do so.... Peace!
Eset Nod32
Pros:superior comprehensive protection, Easy to use, low resource consumption, up to date virus signatures, auto updates
Cons: Not Free
SpyBot Search & destroy
Pros: Free, Easy to use, auto Updates, immunization option
Cons: resource consumption a little bit strong
If you have any comments and suggestion feel Free to do so.... Peace!
What is it all about
Hi all, my blog is about everything i can help you with about computers, movies, music, and other stuffs. Feel free to ask and ill do my best to help you.
Subscribe to:
Posts (Atom)