Professional Documents
Culture Documents
This is the new version of the old “orkut virus” if u remember … Mu hu ha ha ha ….. but
it doesnt do anything like that now… : )
And i have got the website of the programmer who developed this virus… It’s
http://sapn4.tripod.com/
But PLZ i request, do not go to that site, or else ur comp will be seriously affected.
The virus automatically starts d’loading.
Its quite old virus now. But still Kaspersky doesn’t detect it. Probably no one reported..
he he
VIRUS FILES
SYMPTOMS
DeleteDir C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\
CreateFile
C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\TMP4351$.TMP
CreateFile C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\MsUpdate~1
CreateFile C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\MsUpdate.exe
CreateFile C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\monitor
CreateRegValue
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\we
xtract_cleanup0
CreateRegValue
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\expl
orer\Run\Explorer
Creates a value:
Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
explorer\Run
Value: Explorer
New data(Unicode null-terminated string):Winlogons
SOLUTION
End Task Open Run and paste the following codes one by one.TASKKILL /f /t /fi
“IMAGENAME eq svchost.exe” /fi “USERNAME ne NT AUTHORITY\*”
TASKKILL /f /t /fi “IMAGENAME eq MsUpdate.exe”
TASKKILL /f /t /fi “IMAGENAME eq Winlogons.exe” Enable CMD Open Run and paste
the following codes.reg add
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCmd /t
REG_DWORD /d 0 /freg add
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCmd /t
REG_DWORD /d 0 /f
Delete Open Run>CMD and paste the following codes one by one.
Delete the virus from the pen drives if u use any. (**** replace K with ur the drive
name.. )
del K:\autorun.inf /a /f
del K:\MicrosoftPowerPoint.exe /a /f
Registry Open Run>CMD and paste the following codes one by one.
reg delete
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run
reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v
Shell /t REG_SZ /d Explorer.exe
PRECAUTIONS
Never double click your pen-drives. It spreads through removable drives. Always use
folder view for navigation. And enable the view to see system files n hidden files. And
delete the files in the pendrives.