Oct 3, 2007
This virus can spread through the data storage media such as flash disks. When you mencolokkan flash disk on the infected computer, then the flash disk there will be some new files, such as explorer.exe,%% virusname. Exe, and msvbvm60.dll. Also, some files such as desktop.ini, autorun.inf so that it can automatically running on the flash disk when you access it.
Virus file stored on any other directory in the new flash disk with the name of the file containing the Recycled Firus.pif and Folder.htt. All files are virus hidden in a condition so that it does not appear.
Virus file stored on any other directory in the new flash disk with the name of the file containing the Recycled Firus.pif and Folder.htt. All files are virus hidden in a condition so that it does not appear.
Categories : Anti Virus
Virus creation FFE results look simple indeed. Same as Generatornya, he also created using the Visual Basic language in the method-compile Native-Code. Then, in order to compress the tELock the small size. This virus has a body the size of the original 55,296 bytes.
When the virus first executed, it will create several master files in several locations. As in the directory \% WINDOWS% \, there will be files with nama.exe, Win32 exe, activex.exe, and% virusname% (the name of the virus according diisikan by the author on the Generator). In \% WINDOWS% \% system32% \ copy.pif file will be there, _default.pif, and surif.bin. In addition, he also change or create files Oeminfo.ini which are part of the System Properties. So if your computer is infected by the virus results from the FFE generate, then on the System Properties will be any posts "Generated by Fast Firus Engine".
In the directory \% WINDOWS% \% System% \ there will be some files that use the parent of the same name as the property of the Windows file system, such as csrss.exe, winlogon.exe, lsass.exe, smss.exe, svchost. exe, and winlogon.exe.
And do not forget, in the root drive will be there with the file name "read euy.txt" which contains messages from the creator of the virus. So when the virus makes use of generators, then the author will are some of the input box, such as the Author of the virus, Name of the virus, and Messages. Nah, the contents of this message box is displayed later in the file "read euy.txt" is.
After the virus was successful copy-and-a parent to file in the system, it will run the main file before, so will the memory process, there are several viruses, such as csrss.exe, winlogon.exe, lsass. exe, smss.exe, svchost.exe, and winlogon.exe. Name of the process is similar to the process / services belonging to a Windows may deliberately to deceive users. To distinguish them, you can see the path or the location process is executed. Process virus is usually run in the System directory while the process / services are running Windows property usually comes from the System32 directory.
When the virus first executed, it will create several master files in several locations. As in the directory \% WINDOWS% \, there will be files with nama.exe, Win32 exe, activex.exe, and% virusname% (the name of the virus according diisikan by the author on the Generator). In \% WINDOWS% \% system32% \ copy.pif file will be there, _default.pif, and surif.bin. In addition, he also change or create files Oeminfo.ini which are part of the System Properties. So if your computer is infected by the virus results from the FFE generate, then on the System Properties will be any posts "Generated by Fast Firus Engine".
In the directory \% WINDOWS% \% System% \ there will be some files that use the parent of the same name as the property of the Windows file system, such as csrss.exe, winlogon.exe, lsass.exe, smss.exe, svchost. exe, and winlogon.exe.
And do not forget, in the root drive will be there with the file name "read euy.txt" which contains messages from the creator of the virus. So when the virus makes use of generators, then the author will are some of the input box, such as the Author of the virus, Name of the virus, and Messages. Nah, the contents of this message box is displayed later in the file "read euy.txt" is.
After the virus was successful copy-and-a parent to file in the system, it will run the main file before, so will the memory process, there are several viruses, such as csrss.exe, winlogon.exe, lsass. exe, smss.exe, svchost.exe, and winlogon.exe. Name of the process is similar to the process / services belonging to a Windows may deliberately to deceive users. To distinguish them, you can see the path or the location process is executed. Process virus is usually run in the System directory while the process / services are running Windows property usually comes from the System32 directory.
Categories : Anti Virus
Subscribe to:
Posts (Atom)
