Virus in the Top-10 period and then, some still dominate in this month, only the shift in the ranking of some viruses. In addition, there are two new viruses that enter in the top ten big this time, namely Zifoe and Tiara-Alimah. Zifoe virus is still using simple techniques to impersonate himself as a folder. While the virus to Tiara-Alimah, he can file menginfeksi. DOC you. Therefore, always wary of virus attacks, and not easy to be fooled by it. The following list details:
1. GadiHot
GadiHot message from the virus.
If you still remember with the virus at Berkeley, GadiHot use the same technique to produce. Berkeley virus made using a program such Automation scripting, which in the last to become an executable. The icon has a virus similar to this folder when menginfeksi will create several master files in the Windows directory and the directory under the file name as servicess.exe. Sistem320.exe. Like viruses that mimic the folder, it will certainly create a folder bogus. One of them, this virus will create a file with the name GadisHot.SCR and New Folder.SCR on the root drive. In addition, he will make the autorun.inf file on each drive that he met. At the root drive C, also found a file with the name READY TO READ.txt that the file is a message from the virus.
2. Windx-Maxtrox
Display the desktop wallpaper changed after the virus Windx-Maxtrox.
Viruses are created with Visual Basic has a body the size of the original around 77Kb, without in-pack. Virus suspected of originating from the strong North Sulawesi region has a capacity of the executable files infection. Rather, it will menginfeksi program in the Program Files directory. Technical infection that he applied canny enough to avoid pendeteksian of heuristic antivirus engine. Characteristics that can be detected in the infected computer is the change from the desktop wallpaper image to be animated images, Maxtrox.
3. Virgear
Virgear caption display messages on Internet Explorer.
He attended the icon similar to multimedia files belong not. Variant B has a file size of 49,152 bytes, without in-pack. Meanwhile, the C variants that we discover, has a file size of 19,968 bytes, and in-pack using UPX. As then, it will replace all the multimedia files that he found such as MP3, 3GP, AVI, WMV, asf, MPG, MPEG, MP4, on the computer with the victims themselves, using almost the same name, only added extensions. EXE in eventually. This virus will also change the settings in the registry to support their life, such as hide the Folder Options, mem-block Regedit, System Restore, and others. Known, Virgear also try to block mem-antivirus and other viruses. For that, rename (name change) from PCMAV-CLN.exe before you use them, such as a 123456.exe. And, on the infected computer, it will display the word "Its open handak · M-Series, ja, it rasain oleh2 from amang hacker" in the caption of Internet Explorer.Read More.....
4. Koplax
Fill one of the messages the virus creator.
Virus-sized 31,232 bytes of this icon like the use multimedia files, exactly the ownership of Media Player Classic. He made use Visual Basic, and in-use pack ASPack. If the computer is infected with the virus, will be a lot of duplicate files that the virus can you find in every corner of the directory and bring your hard disk. In addition, there will be some message from the creator of the virus, one of which there are at the root drive with the name of "A Letter Ghe @ 4. Txt".
5. HelloBaby
Files created HelloBaby when the virus spread.
When spread, it will create a Desktop.ini file and autorun.inf with hidden and system attributes. The file will disebarnya to each drive, he found on the infected computer. He will also try to spread themselves on the local network with the previous facilities have been shut off the Windows firewall property. In the computer is infected, there will be some files parent virus. Among them, in the system32 directory, there will be a file with the name wmiprvse.exe and mgrShell.exe, and the core of this file will drop a file from the other body in the Temp directory with the name ctfmon.exe and the Windows directory with the name svchost.exe. And to accelerate action spreads, the virus is also set to support NoDriveTypeAutoRun registry autorun on the floppy disk.
6. Zifoe
Zifoe message from the virus.
Another local virus that utilize the folder icon as the media penyamarannya. Zifoe, PCMAV know it's a virus. He made use Visual Basic with the body size of 40,960 bytes, without in-pack. This virus will create some spurious folder. In the computer is infected, there will be a new directory, which he named indomuzic that contains a message from the creator of the virus, which is about saya.txt.
7. Tiara-Alimah
File virus that resembles Microsoft Word document, but has SCR extension.
The virus has a similar icon with a Microsoft Word document. He has a size of about 107KB, in the condition in-use pack tElock. The virus is known to menginfeksi or Word documents. DOC. And files. DOC, which he has been infection will have an extension. SCR, which is the actual executable files.
8. Autorunme
Autorunme viruses hide in a folder in the recycle bin.
Virus programmers who are not local production of this size is 26,835 bytes, and is estimated to be in use PECompact-pack. He does not have an icon, use only the icon from the Windows standard applications. Menginfeksi time, he tries to instill in the parent directory of the file C: \ Windows \ System with the name msvc32s.exe and with the system and hidden attributes, and create new autorun in the registry with the name "Windows msvc Control Centers." The virus can spread through the media such as flash data storage disks can also be spread through Instant Messaging application. In a flash disk, it will create spurious recycle bin folder that contains files with the name autorunme.exe, and directs the autorun.inf file to run the virus. So, when the user is mencolokan flash disk drive and access is, the virus will be active.
9. Microso
Microso file virus.
The virus is present with 3 files, namely MicroSoft.pif, MicroSoft.bat, and MicroSoft.vbs. The third file related to each other. However, there is a file that is the parent of three, namely, MicroSoft.pif. He has a file size of 18,432 bytes. The virus outside of this issue will be explored at some files. DLL from the body that is Jview.dll and AcXtrnel.dll that will be active with an attempt on explorer.exe or run through Rundll32.exe.
10. Allya.vbs
The top of the virus body Allya.VBS from.
This type of virus has a VBScript file size is 6,030 bytes. Menginfeksi time, he will file its mother in the Windows directory with the name Thumbs.vbs. And he will make in the autorun registry in the HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ avctrl. This virus will also try to copy-and-a drive to bring on himself with the file name Thumbs.vbs and autorun.inf. If users try to view the contents of the file vbs virus, at the top of the paper will only be visible " 'Microsoft Windows SYSTEM DRIVER," which accompanied many enter. However, if the scroll-down continues, the new code will be seen the actual virus.
Source : http://pcmav.biz/top-10-virus-oktober-2008.html
No comments:
Post a Comment