JohnDas FunDas & Ideas

Symptoms :
* All hard drive partitions ( C: , D: , E: , …) have an autoplay

* Internet Explorer homepage set to some Thai site . Internet Explorer shows “Hacked by Moozilla” (sic)

on the title bar

* USB drives, and cameras and memory cards and portable hard drives and USB mp3 players and everything

USB shows an autoplay. And windows says it cannot stop the drive safely

* Another one creates copies of itself in every folder, each named as the folder with the folder icon.

USB drive has an extra “folder” disguised virus named “DATA user” or “DATA (computer username)”

Signs :

* Right clicking any drive shows an extra autoplay, auto, or open (each for different USB worms)

* If you enable view hidden files AND system files, you can see the virus files in the rrot folder of

every drive with an autorun file too. Both made system files.

* Using Alt-Ctrl-Del , to get Task Manager or any other task manager software, you can see wscript.exe

running (Other viruses include pfw.exe, br?????.exe, autorun.exe, copy.exe, …)

Investigations :

* If you try to run or download an antivirus and the computer shuts down, it’s probably brontok - very

dangerous

* If you can take Tools -> Folder Options, it’s not very dangerous

* If u can run regedit, u can cure the virus

* If u enable view hidden and system files, and can delete the virus files, u can cure it.

Treatment :

* Enable view hidden and system files, and delete the virus files.

* Open regedit, Go to HKeyCurrentUser>Software>Microsoft>Windows>Current Version>Run and delete the

virus entries

* then Go to HKeyLocalMachine>Software>Microsoft>Windows>Current Version>Run and delete the virus

entries

* After that Go to HKeyCurrentUser>Software>Microsoft>Windows>Current Version>Explorer>Mountpoints2 and

delete the virus entries

* Later that Go to HKeyCurrentUser>Software>Microsoft>Internet Explorer and delete the virus entries

By http://www.fundazone.com

© JohnDa da FunDa