Oct 3, 2007
Virus creation FFE results look simple indeed. Same as Generatornya, he also created using the Visual Basic language in the method-compile Native-Code. Then, in order to compress the tELock the small size. This virus has a body the size of the original 55,296 bytes.
When the virus first executed, it will create several master files in several locations. As in the directory \% WINDOWS% \, there will be files with nama.exe, Win32 exe, activex.exe, and% virusname% (the name of the virus according diisikan by the author on the Generator). In \% WINDOWS% \% system32% \ copy.pif file will be there, _default.pif, and surif.bin. In addition, he also change or create files Oeminfo.ini which are part of the System Properties. So if your computer is infected by the virus results from the FFE generate, then on the System Properties will be any posts "Generated by Fast Firus Engine".
In the directory \% WINDOWS% \% System% \ there will be some files that use the parent of the same name as the property of the Windows file system, such as csrss.exe, winlogon.exe, lsass.exe, smss.exe, svchost. exe, and winlogon.exe.
And do not forget, in the root drive will be there with the file name "read euy.txt" which contains messages from the creator of the virus. So when the virus makes use of generators, then the author will are some of the input box, such as the Author of the virus, Name of the virus, and Messages. Nah, the contents of this message box is displayed later in the file "read euy.txt" is.
After the virus was successful copy-and-a parent to file in the system, it will run the main file before, so will the memory process, there are several viruses, such as csrss.exe, winlogon.exe, lsass. exe, smss.exe, svchost.exe, and winlogon.exe. Name of the process is similar to the process / services belonging to a Windows may deliberately to deceive users. To distinguish them, you can see the path or the location process is executed. Process virus is usually run in the System directory while the process / services are running Windows property usually comes from the System32 directory.
When the virus first executed, it will create several master files in several locations. As in the directory \% WINDOWS% \, there will be files with nama.exe, Win32 exe, activex.exe, and% virusname% (the name of the virus according diisikan by the author on the Generator). In \% WINDOWS% \% system32% \ copy.pif file will be there, _default.pif, and surif.bin. In addition, he also change or create files Oeminfo.ini which are part of the System Properties. So if your computer is infected by the virus results from the FFE generate, then on the System Properties will be any posts "Generated by Fast Firus Engine".
In the directory \% WINDOWS% \% System% \ there will be some files that use the parent of the same name as the property of the Windows file system, such as csrss.exe, winlogon.exe, lsass.exe, smss.exe, svchost. exe, and winlogon.exe.
And do not forget, in the root drive will be there with the file name "read euy.txt" which contains messages from the creator of the virus. So when the virus makes use of generators, then the author will are some of the input box, such as the Author of the virus, Name of the virus, and Messages. Nah, the contents of this message box is displayed later in the file "read euy.txt" is.
After the virus was successful copy-and-a parent to file in the system, it will run the main file before, so will the memory process, there are several viruses, such as csrss.exe, winlogon.exe, lsass. exe, smss.exe, svchost.exe, and winlogon.exe. Name of the process is similar to the process / services belonging to a Windows may deliberately to deceive users. To distinguish them, you can see the path or the location process is executed. Process virus is usually run in the System directory while the process / services are running Windows property usually comes from the System32 directory.
Categories : Anti Virus
0 Comments:
Subscribe to:
Post Comments (Atom)
