Top 10 Virus Indonesia: August 2009
Conficker still ranked at the top, followed by a re-entry Recycler in the chart and immediately leapt to a sequence of three large, then followed by AutoIt. Read more, please see the following list:
Out of high-tech virus was indeed remarkable spread. The form is a DLL file (Dynamic Link Library) distinguishes it from most other viruses in the form of EXE. The ability he has also synchronized with the rootkit. And, polymorphic nature had made him a body changing. At the infected computer, the user will not be able to open the site that “smells” antivirius or Microsoft update. The virus is also actively spread in Indonesia by using a removable disk media for example a flash disk. In the flash disk infected, you will find a file autorun.inf and RECYCLER directory that contains the sub-directory with the name eg S-5-3-42-2819952290-8240758988-879315005-3665, and in this directory there are files with a virus Conficker name is usually the truth is jwgkvsq.vmx DLL files.
Like its predecessor, which is characteristic of this virus is how it spread technique. Ie “hide out” in the Recycler directory / Recycler / Recycle Bin. He is also known to apply the technique of code injection so that the virus code can be “stuck” on explorer.exe. This is done to make the user or even the antivirus program to kill him. In Build3 this time, has included a special cleaner engine that can eradicate these variants completely Recycler. Please scan the computer as a whole, Exterminate any viruses found, and do not forget to restart your computer.
Almost most variants of the virus-based import this script uses a folder icon like. This virus has the ability to do auto updates to several sites. He also can take advantage of Yahoo! Messenger as media distribution intermediaries to send a message containing a link to each contact person is in Y! M victims.
Viruses are created by this VB when viewed in Explorer with the Details view mode, it looks like the standard applications with no icon, but viewed with Icons mode, it will appear as a folder. The virus is in-pack use this UPX, as infecting will create a file named Autorun.inf in Paket.exe and every root drive that he had found. These files are given the hidden attribute to avoid being seen with Explorer default settings. In addition, the infected flash disk drive will also find a message file with the name-kenangan.html Kenang containing a message from the maker of the virus.
The virus is believed this is not a local product at the time carried a message will appear false or “fake error” that reads “memory access violation at 0 × 000000EF base address 0 × 000000F0.” As if the program crashes when the virus has been residing in memory. He created two new items in the registry Run with the name avpupdt and ctfmon. Master file of this virus resides in the directory C: \ WINDOWS \ system32 \ 1920622684. At the root drive is the operating system, there will be a file named index.html which is the virus message.
This virus will drain a victim’s computer resources so that was very slow. He uses a folder-like icon in the spread. It was alleged that he came from Vietnam. He will create a master file in the Windows directory with the name of the userinit.exe and System32 with the name system.exe. At the infected computer will have a file with a name in the directory kdcoms.dll Windows.
Bericon virus was created with the folder in C + +. The file name following the name of the parent process / services of Windows such as service.exe, winlogon.exe, lsass.exe and smss.exe. There are also other names that allegedly random. In the body there is a database application that is forbidden to run. If the application is included in the blacklist list is run, it will be directly in-kill.
This virus uses a similar icon as an installation file from the Game House, a manufacturer of gaming. When the virus file is clicked will display a fake error message or a fake error. This virus will create the parent file in System32 directory with the name debuger.exe.
Local virus that wants to follow in the footsteps AutoIt, because using AutoIt scripting application to construct. He uses the folder icon in the spread. File parent is in the directory \ Windows \ System32 \ wbem \ services.exe. This virus also creates files that contain messages hubbun.txt from the maker. He still has many bugs, seen in action several times in the script displays an error.
One example of a simple virus that is only made using a batch file (. BAT). He will copied himself in System32 with the name dirsystem.cmd. Then try to create a new task in Windows Schedule Tasks with VTTimer name that will execute the virus on vulnerable time specified. In the action he will try to spread itself to any drive by creating an autorun.inf file on the drive and dirsystem.cmd he found. The easiest way to find out if your computer is infected with this virus by looking at the Registered Information of Windows, because this virus is known to turn it into “Merlin” and “GINGO”.