If long time ago i has posted about Shortcut Virus[Part 1] today I will share the second part, Check It Out!
Click for Identifying :
1. At the first this virus will create main file database.mdb in My Documents 2. Will create autorun.inf in all drives (Hard Disk, Flash Disk, Folder, etc) without exception 3. Will create file Thumb.db (Watch out! This file is without ' s ' if the real file of thumbnail catch in our computer is using ' s ' is it like Thumbs.db) in every folder 4, To make this virus more interesting for the target, this virus will create file Microsoft.lnk & New Harry Potter and….lnk in every folder, that if we click it, this virus will automatically activated. 5. Will made a duplicate file in every folder, but this virus is not with extension .exe but .lnk (Shortcut) 6. Have wscript.exe process that run in task manager, but on normally condition there is nothing
Click for Delete Virus Shortcut :
1. Turn off System Restore
2. End virus process wsrcipt.exe (C:\WINDOWS\System32\wscript.exe) You can use Task manager or misc on Hijack This 3. Delete file database.mdb in my documents 4.Delete duplicate file of virus *You can use Search facility on windows to delete a file, and on 'More advanced search' tick on "Search system folders” and “Search hidden files and folders"
What you must to do:
*Search file with name autorun.inf (Size 8 KB)
*Search file with name Thumb.db (Size 8 KB)
*Search file with extension .lnk (Size 1 KB)
Delete all file that you've found
5. Delete registry autorun using Hijack This
Find in HKCU\..\Run: that related with database.mdb
regedit_run
That's all for this post, and once more big thanks i give to Binus Hacker For all they good post
0 comments:
Post a Comment