Thursday, March 18, 2010

virus soloution

Virus File
————
File Name: New Folder.exe (inside all folders)
File Name: Top Pictures.exe (shared documents)
File Name: Windows Explorer.exe (c:\windows\)

Icon: Looks like a Folder
Type: Application
Size: 104KB/112KB
FileVersion: 1.0.0.0
Internal Name: Mahsa
OriginalFileName: Mahsa.exe
Product Version: 1.00

Recognized by antivirus
—————————-
Trojan.Win32.VB.aol
Worm.P2P.Generic

Symptoms
————-
You wil find New Folder.exe inside every folders.
You cannot open system utilities like Task Manager, Regedit, Msconfig; it opens and suddenly closes.
You cannot open folders with names like antivirus, .exe, etc. it opens and suddenly closes.

Behind the Screen
———————
Creates a file: C:\windows\Windows Explorer.exe
Creates a file: C:\Documents and Settings\All Users\Documents\Top Pictures.exe
Creates New Folder.exe in every folder you open

ModifyRegValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer
ModifyRegValue: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState\FullPath
ModifyRegValue: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt

Adds to the startup item
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer
Value: C:\WINDOWS\Windows Explorer.exe

Solution
———-
Thank god it doesnt disables the command prompt ;)

END TASK::
1. Start>Run
taskkill /f /t /im “New Folder.exe”
2. Start>Run
taskkill /f /t /im “Windows Explorer.exe”
3. Start>Run
taskkill /f /t /im “Top Pictures.exe”
(if you get some error like windows cannot find taskkill,.. blah blah…, copy the file taskkill to your X:\windows\system32\ directory)

REGISTRIES::
1. Start>Run
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Explorer
2. Start>Run
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v HideFileExt /t REG_DWORD /d 0

DELETE FILES::
1. Start>Run>cmd
del /a /f C:\windows\Windows Explorer.exe
2. Start>Run>cmd
del /a /f C:\Documents and Settings\All Users\Documents\Top Pictures.exe

DELETE New Folder.exe

del “C:\New Folder.exe” /a /s /f /p.....................@nuj

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)