MORE ABOUT COMPUTER VIRUSES

Discussion in 'DELETED POSTS' started by Babadinho, Oct 16, 2010.

Users Viewing Thread (Users: 0, Guests: 0)

    • Administrator
    • GL Senior Member
    • GL Legend
    • Guru Member

    Babadinho Administrator

    Member Since:
    Sep 19, 2010
    Message Count:
    5,083
    Likes Received:
    448
                                                                                          COMPUTER VIRUS
    VIRUS ABCs

    One of the biggest fears of having computers are viruses, viruses are malicious programs designed entirely for destruction and havoc. Viruses are created by people who either know a lot about programming or know a lot about computers.
    Once the virus is made it will generally be distributed through shareware, pirated software, e-mail or other various ways of transporting data, once the virus infects someone's computer it will either start infecting other data, destroying data, overwriting data, or corrupting software.
    The reason that these programs are called viruses is because it is spreads like a human virus, once you have become infected either by downloading something off of the Internet or sharing software any disks or write able media that you placed into the computer will then be infected. When that disk is put into another computer their computer is then infected, and then if that person puts files on the Internet and hundreds of people download that file they are all infected and then the process continues infecting thousands if not millions of people.


    HOW VIRUSES ARE CONTRACTED

    The majority of viruses are contract by floppy's by bringing information from one source and then put onto your computer. VIRUSES can infect disks and when that disk is put into your computer your computer will then become infected with that virus, a recent survey done in 1997 by NCSA given to 80 percent of PC users showed that 90% of PC users contract viruses by floppy diskettes.
    In the survey done above it showed that the other 20% of viruses were contracted by email attachments and over the Internet. This means that you received an email with an attached file and opened the file. Or downloaded a file over the Internet.


    VIRUS PROPERTIES

    Your computer can be infected even if files are just copied. Because some viruses are memory resident as soon as a diskette or program is loaded into memory the virus then attaches itself into memory.
    Can be Polymorphic. Some viruses have the capability of modifying their code which means one virus could have various amounts of similar variants.
    Can be memory / Non memory resident. Depending on the virus can be memory resident virus which first attaches itself into memory and then infects the computer. The virus can also be Non memory resident which means a program must be ran in order to infect the computer.
    Can be a stealth virus. Stealth viruses will first attach itself to files on the computer and then attack the computer this causes the virus to spread more rapidly.
    Viruses can carry other viruses and infect that system and also infect with the other virus as well. Because viruses are generally written by different individuals and do not infect the same locations of memory and or files this could mean multiple viruses can be stored in one file, diskette or computer.
    Can make the system never show outward signs. Some viruses will hide changes made such as when infecting a file the file will stay the same size.
    Can stay on the computer even if the computer is formatted. Viruses have the capability of infecting different portions of the computer such as the CMOS battery or master


    HOW VIRUSES MAY EFFECT FILES

    VIRUSES can effect any files however usually attack .com, .exe, .sys, .bin, .pif or any data files. Viruses have the capability of infecting any file however will generally infect executable files or data files such as word or excel documents which are open frequently.
    It can increase the files size, however this can be hidden. When infecting files virtues will generally increase the size of the file however with more sophisticated viruses these changes can be hidden.
    It can delete files as the file is ran. Because most files are loaded into memory and then ran once the program is in memory the Virus can delete the file.
    It can corrupt files randomly. Some destructive viruses are not designed to destroy random data but instead randomly delete or corrupt files.
    It can cause write protect errors when executing .exe files from a write protected disk. Viruses may need to write themselves to files which are executed because of this if a diskette is write protected you may receive a write protection error.
    It can convert .exe files to .com files. Viruses may use a separate file to run the program and rename the original file to another extension so the exe is ran before the com.
    It can reboot the computer when a files is ran. Various computers may be designed to reboot the computer when ran.


    WHAT VIRUSES MAY DO

    The following are possibilities you may experience when you are infected with a virus. Remember that you also may be experiencing any of the following issues and not have a virus.
    Once the hard drive is infected any disk that is non-write protected disk that is accessed can be infected.
    Deleted files
    Various messages in files or on programs.
    Changes volume label.
    Marks clusters as bad in the FAT.
    Randomly overwrites sectors on the hard disk.
    Replaces the MBR with own code.
    Create more then one partitions.
    Attempts to access the hard disk drive can result in error messages such as invalid drive specification.
    Causes cross linked files.
    Causes a "sector not found" error.
    Cause the system to run slow.
    Logical partitions created, partitions decrease in size.
    A directory may be displayed as garbage.
    Directory order may be modified so files such as COM files will start at the beginning of the directory.
    Cause Hardware problems such as keyboard keys not working, printer issues, modem issues etc.
    Disable ports such as LPT or COM ports
    Caused keyboard keys to be remapped
    Alter the system time / date
    Cause system to hang or freeze randomly.
    Cause activity on HDD or FDD randomly.
    Increase file size.
    Increase or decrease memory size.
    Randomly change file or memory size.
    Extended boot times
    Increase disk access times
    Cause computer to make strange noises, make music, clicking noises or beeps.
    Display pictures
    Different types of error messages


    DETECTING VIRUSES

    The most commonly used method of protecting against and detecting viruses is to purchase a third party application designed to scan for all types of viruses. A list of these protection programs are listed above.
    Alternatively a user can look at various aspects of the computer and detect possible signs indicating a virus is on the computer. While this method can be used to determine some viruses it cannot clean or determine the exact virus you may or may not have.
    If you have Windows95 / Windows 98 you can click on start, settings, control panel, system, and under system go to performance and determine if the file system is 32-bit. If the file system is running in MS-DOS compatibility mode check the box indicating what is running in MS-DOS compatibility mode to determine if the master boot record has been modified. If the Master boot record has been modified its a good possibility that you may have a virus on the computer.
    Another method is to check fdisk. In fdisk choose four to display the partition information if you have multiple partitions such which have scrambled text such as % or strange characters this can be another indication of a virus on the computer.


    VIRUS MYTHS

    The following text is comments we have heard that are absolutely not true or are false spreading rumors.
    "If I download a file onto a disk I don't have to worry about a viruses." - This is not true, just because you place a file on a disk does not mean that your hard drive cannot be infected. Because around half of the computer viruses are memory resident the virus will load itself into memory and will then infect your hard drive and data on the diskette.
    "If I buy sealed software I don't have to worry about viruses." - This is not always true just because the program may be surrounded in plastic doesn't mean that it cannot be infected with a virus. When the software is written to the diskette is when the virus will be attached to the diskette. While this does not happen frequently it is still a possibility.
    "If I just by registered software I don't have to worry about viruses." - This is not always true because there have been cases were company's did not know that there was a virus on there software and accidentally shipped software that had viruses on it. While this does not happen frequently it is still a possibility.
    "If I don't download anything off of the Internet I don't have to worry about viruses." - This is not always true while you may not be on the Internet you still can be infected by viruses on diskettes and or CDs.
    "If I just read my E-mail, I will not have to worry about viruses." - Not true there are viruses out there that are distributed through e-mail also files can be attached with e-mail.
    "If I don't get on the Internet I don't have to worry about viruses." - This unfortunately is not the case over 90% of users contract viruses with floppy diskettes the other percentage is over the Internet.
    "You can contact viruses from just looking at web pages." - Another rumor that is spreading around. You cannot contract a virus just by looking at a web page however can contact a virus if you were to download a file from that web page.
    "You can contact a virus by reading your e-mail." - Not fully true, by just opening an e-mail message to read its contents you can not contract a virus, unless that e-mail message contains an attachment and you were to save that attachment to your hard drive or another storage media. Our recommendation to help prevent virus through e-mail would be to not open files that contain attachments from individuals you do not trust / know. Extra Note: A new virus called the Bubble boy can infect computers by a user just opening their mail however requires the user be using Internet Explorer 5.0, Windows 98, and Microsoft Outlook.


    MACRO VIRUSES

    Macro viruses are becoming a big threat to the computer community, a macro virus is a virus designed in a word processor, which is just a macro designed to destroy, corrupt, infect, erase files or delete files or data on the hard disk drive. These viruses are fast becoming a threat, because they are so easily created and capable of transmitting extremely fast and with a lot of older virus scanners not being able to detect them these are growing fast there are now over 1000 different macro viruses. Because these are becoming such a threat virus companies are becoming aware of this and with new virus scanners are also having the capability of scanning for macro viruses.
    • Administrator
    • GL Senior Member
    • GL Legend
    • Guru Member

    Babadinho Administrator

    Member Since:
    Sep 19, 2010
    Message Count:
    5,083
    Likes Received:
    448
    COMMON VIRUSES

    The following is a listing of some of the more commonly found computer viruses and information about each of those viruses.
    AnnaKournikova.jpg.vbs
    CAP
    CIH
    I Love You Worm
    KAK
    Resume
    NYB
    Stoned Empire Monkey Virus

     
    Annakournikova.jpg.vbs Virus
    VIRUS INFORMATION

    02/12/2001 - This script was created by a worm generating tool. When ran, the script copies itself to the Windows directory  as "AnnaKournikova.jpg.vbs" and attempts to mail separate email messages using MAPI messaging, to all recipients in the Windows Address book.


    SYMPTOMS

    E-mails all individuals in the Windows Address book.
    Infects the registry adding the following two keys
    HKEY_USERS\.DEFAULT\Software\OnTheFly
    HKEY_USERS\.DEFAULT\Software\OnTheFly\mailed=1 or 0
    On January 26th, the script attempts to connect to the web site http://www.dynabyte.nl


    HOW TO DETECT VIRUS

    The virus is sent through mail with the following:
    Subject: Here you have, :eek:)
    Body: 
    Hi:
    Check This!
    Attachment: AnnaKournikova.jpg.vbs


    METHOD OF REMOVAL

    If you believe you have been infected by this virus or you have the file AnnaKournikova.jpg.vbs file in your Windows directory to remove this virus obtain the latest update or DAT file from the virus protection software you have installed on your computer.


    CAP Virus
    INFORMATION ABOUT THE CAP VIRUS

    The CAP virus is contracted through Microsoft Word documents consisting of several encrypted macros and generally will leave the following message within the comments:
    'C.A.P: Un virus social.. y ahora digital..
    '"j4cKy Qw3rTy" (jqw3rty@hotmail.com).
    'Venezuela, Maracay, Dic 1996.
    'P.D. Que haces gochito ? Nunca seras Simon Bolivar.. Bolsa !
    One of the noticeable effect that CAP has is that when saving your document no matter what type of format you are attempting to save your documents in it will always save the documents in the DOC extension even if you save as a different format.
    When infecting your computer CAP will delete all currently installed macro's on your computer and will modify up to five already-existing menus, redirecting the menus to the virus code. Fortunately most latest virus scanners can detect and clean the CAP virus however unfortunately all of the macros that have been deleted cannot be recovered from your computer.

    CIH Virus
    INFORMATION ABOUT CIH VIRUS

    The CIH which was first located in Taiwan is a virus which infects Windows 95 and Windows 98 EXE files. After an infected EXE is executed, the virus will stay in memory and will infect other programs as they are accessed. and overwrites most of the data on the computers hard disk drive. This virus also includes another unique feature which will attempted to overwrite the Flash BIOS chip of the machine. If the Virus is successful at doing this, the machine will be unable to boot at all unless the chip is reprogrammed. Another feature that this virus includes is the capability of not increasing the size of the EXE file which infects, therefore would not be noticed by any user unless an virus scanner detects it.
    Later on, CIH was available by accident from several commercial web sites, including the Origin Systems website where a download related to the popular Wing Commander game was infected. This issue has been contained.

    CIH VARIANTS

    CIH v1.2 TTIT (CIH 1003) which activates on April 26th of any year, and is the most common CIH variant.
    CIH v1.3 TTIT (CIH 1010) which activates on Jun 26th of any year.
    CIH v1.3 TTIT (CIH 1010.B) which activates on Jun 26th of any year.
    CIH v1.4 TATUNG (CIH 1019) which activates on the 26th of every month.




    I love you Worm Virus
    INTRODUCTION

    The Love Bug was first reported Thursday (05/04/2000) afternoon Hong Kong time and early morning in Europe and sense then it has been duplicated by several copycats causing several more additional similar variants to appear. The virus has caused companies, governments and end-users extreme grief shutting down mail systems, mail servers, bank systems and even causing issues with pagers. The worm has been reported to have come from a 27 and 23 year old couple in the Philippines after a raid of their Apartment on Monday (05/08/2000).
    The Love Bug infects all users who are using Microsoft Windows and Microsoft Outlook. The following is what will be the subject, message and the actual attachment for each of the currently known wild viruses. If you see this mail do not attempt to open the attachment and simply instead delete the mail even if the message is from someone you know well.


    LOVE BUG VARIANTS

    Variant A (Original Virus)
    Subject: ILOVEYOU
    Message: kindly check the attached LOVELETTER coming from me."
    Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
    Special Notes: The virus begins by copying itself into the Windows directory placing Win32dll.vbs and LOVE-LETTER-FOR-YOU.TXT.vbs. Once these files have been placed on the hard disk drive the virus will then place it self into the computer registry making the virus initiate on each of the following boots. The virus will also attempt to delete the HideSharePwds, DisablePwdCaching and DisablePwdCaching from the computer registry. Once these modifications have been made to the computer it will then send it self to each of the individuals in the address book with the Subject ILOVEYOU. To complete the destruction the destruction the virus will search out .js, .jse, .css, .wsh, .sct and .hta creating a duplicate of each of the files found with the .vbs extension. Finally it will search and delete all files with the ".jpg" and ".jpeg" (these are the most commonly found image file format on the Internet.) Next the virus will search for ".mp3" and ".mp2" files replacing all files found with ".vbs" extension and hiding the original ".mp3" and ".mp2" files.
    Variant B
    Subject: Susitikim shi vakara kavos puodukui...
    Message: kindly check the attached LOVELETTER coming from me."
    Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
    Variant C
    Subject: fwd: Joke
    Message: *No Message*
    Attachment: VeryFunny.vbs
    Variant D
    Subject: ILOVEYOU
    Message: kindly check the attached LOVELETTER coming from me."
    Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
    Special Notes: Creates registry entries as WIN- -BUGFIX.exe instead of WIN-BUGSFIX.exe.
    Variant E
    Subject: Mothers Day Order Confirmation
    Message: We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep  it in a safe place. Thanks Again and Have a Happy Mothers Day!
    Attachment: Mothersday.vbs
    VariantF
    Subject: Dangerous Virus Warning
    Message: There is a dangerous virus circulating. Please click attached picture to view it and learn to avoid it.
    Attachment: virus_warning.jpg.vbs
    Variant G
    Subject: Virus Alert!!!
    Message: Detailed message containing information about the ILOVEYOU worm.
    Attachment: protect.vbs
    Special Notes: Virus claims to be from support@symantec.com (which is a well known virus protection software company) this mail however of course is not from Symantec. In addition this variant of the worm will delete all files ending with .com and .bat seriously damaging the computer.
    Variant H
    Subject: ILOVEYOU
    Message: kindly check the attached LOVELETTER coming from me."
    Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
    Special Notes: This virus is exactly like Variant A except that the begining comments which give credit to the author of the worm and information about worm have been removed.
    Variant I
    Subject: Important! Read carefully!!
    Message: Check the attached IMPORTANT coming from me!
    Attachment: Imporant.TXT.vbs
    Special Notes: The beginning of the code has been changed giving credit to another author "BrainStorm / @ElectronicSouls"
    Variant J
    Subject: Virus Alert!!!
    Message: Detailed message containing information about the ILOVEYOU worm. Appears to be same as Variant G.
    Attachment: protect.vbs
    Special Notes: Variant J of the ILOVEYOU worm appears to be a slightly modified version of Variant G.
    Variant K
    Subject: How to protect yourself from the ILOVEYOU bug!
    Message: Here's the easy way to fix the love virus.
    Attachment: Virus-Protection-Instructions.vbs.
    Variant L
    Subject: I Cant Believe This!!!
    Message: I Cant Believe I have Just Received This Hate Email .. Take A Look
    Attachment: KillEmAll.TXT.VBS
    Special Notes: Replaces GIF & BMP images instead  of JPG & JPEG images, hides WAV & MID instead of MP3 and MP2 and copies KILER.HTM, KILLER2.VBS, KILLER1.VBS to the hard disk drive.
    Variant M
    Subject: Thank you For Flying with Arab Airlines
    Message: Please check if the bill is correct, by opening the attached file.
    Attachment: ArabAir.TXT.vbs
    Special Notes: Replaces DLL & EXE files instead of JPG & JPEG files. Hides SYS & DLL files instead of MP2 and MP3 files. Copies file onto hard drive no-hate-FOR-YOU.HTM.
    Variant N
    Subject: Variant Test
    Message: This is a Variant to the vbs virus
    Attachment: IMPORTANT.TXT.vbs
    Special Notes: Copies itself as sndvol32.vbs and IEAKDLL.vbs. Internet Explorer start page changes to http://astalavista.box.sk. Overwrites *.mpg, *.mpeg, *.avi, *.qt, *.qtm.
    Variant O
    Subject: ILOVEYOU
    Message: kindly check the attached LOVELETTER coming from me.
    Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
    Special Notes: The script.ini has been modified slightly.
    Variant P
    Subject: Yeah, Yeah another time to DEATH...
    Message: This is the Killer for VBS.LOVE-LETTER.WORM
    Attachment: LOOK.vbs
    Special Notes: Sets the Internet Explorer start page to http://www.yahoo.com/Vir-Killer.exe. Overwrites *.ZIP and *.RAR files and hides *.PAS and *.ASM files.
    Variant Q
    Subject: LOOK!
    Message: hehe...check this out.
    Attachment: LOOK.vbs
    Special Notes: copies itself as MSUser32.vbs and User32DLL.vbs. Overrights *.XLS and *.MDB files. Hides *.EXE and *.LNK files. Creates a LOOK.HTM file.
    Variant R
    Subject: Bewerbung Kreolina
    Message: Sehr geehrte Damen and Herren!
    Attachment: BEWERBUNG.TXT.vbs
    Special Notes: Sends BEWERBUNG.HTM into connected IRC chat rooms.
    Variant S
    Subject: ILOVEYOU
    Message: Kindly check the attached LOVELETTER coming from me.
    Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
    Special Notes: Additional comment lines have been added into the virus.
    Variant T
    Subject: Recent Virus Attacks-Fix
    Message: Attached is a copy of the script that will reverse the effects of the LOVE-LETTER-TO-YOU.TXT.vbs as well as the FW:JOKE, Mother's Day and Lithuanian siblings.
    Attachment: BAND-AID.DOC.VBS
    Special Notes: Sets the Internet Start page to a virus related page. Deletes *.BAT, *.GIF, *.TIF, *.TIFF, *.WAV, *.LNK, *.BAK, *.DOC, *.XLS, *.RTF, *.TXT, *.HTM, *.HTML, *.XML, *.MNY, *.ZIP, *.BMP, *.CAB and *.INF extentions.
    Variant U
    Subject: UOL.TXT.vbs
    Message: O UOL tem um grande presente para voce, e eh exclusivo. Veja o arquivo em anexo. http://www.uol.com.br.
    Attachment: UOL.TXT.vbs
    Special Notes: Sets home page to http://www.uol.com.br and hides *.EXE, *.COM and *.INI files.
    Variant V
    Subject: ILOVEYOU
    Message: kindly check the attached LOVELETTER coming from me."
    Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
    Special Notes: Several comment lines have been modified.
    Variant W
    Subject: IMPORTANT: Official virus and bug fix
    Message: This is an official virus and bug fix. I got it from our system admin. It may take a short while to update your system files after you run the attachment.
    Attachment: Bug and virus fix.vbs
    Special Notes: Sets Internet Explorer Start Page to a virus related page. Overwrites *.EXE, *.COM, *.DLL, *.SYS, *.PWL, *.TXT.
    Variant X
    Subject: NEUE Anti-Virus-Liste
    Message: Hiermit senden wir Ihnen/Dir eine neue Liste mit LOVE-LETTER-VIRUS Namen, die nicht geoeffnet werden sollten, bitte sofort lesen, danke.
    Attachment: ANTI-VIRUS-LISTE.TXT.vbs
    Special Notes: Overwrites *.MDB, *.PDF, *.WSH, *.DOT, *.HTA, *.JS, *.DRV and *.INI files. Hides *.XLS and *.DOC files.
    Variant Y
    Subject: LOOK!
    Message: hehe...check this out.
    Attachment: LOOK.vbs
    Special Notes: Like earlier LOOK various however hides MP3 and MP2 files.
    Variant Z
    Subject: BUG & VIRUS FIX
    Message: I got this from our system admin. Run this to help prevent any recent or future bug & virus attacks. It may take a small while up update your files.
    Attachment: MAJOR BUG & VIRUS FIX.vbs
    Special Notes: Sets home page as virus related page. Overwrites *.COM, *.DLL, *.EXE, *.TXT, *.BAT and *.SYS files.
    Variant "Catolina" or "Postcard" in Italian
    Subject: C’è una cartolina per te! (Here is a postcard for you)
    Message: Ciao, un tuo amico ti ha spedito una cartolina virtuale... mooolto particolare! (Hello my friend, this is a virtual post card ... very special)
    Attachment: CARTOLINA.VBS
    Special Notes: Sets home page as http://www.vije.it an Italian music site.
    Variant "BabyPic" for adults only
    Subject: My baby pic!!!
    Message: Its myanimated baby picture !!
    Attachment: MYBABYPIC.EXE
    Special Notes: Program written in Visual Basic with a explicit graphic animated image. When opened and viewed the virus copies itself to a local file system and sends e-mail to each MS Outlook user in the recipients' address book. The worm creates a set of files and registers them in the startup section of Windows system registry, enabling execution each time the computer starts.
    The virus contains a very dangerous payload that can easily wipe out data on the computer, enable and disable on/off NumLock, CapsLock and ScrollLock keys; send buffer messages ".IM_BESIDES_YOU_" and may send one of various text messages. In addition MyBabyPic also corrupts files with .VBS, .JS, .JSE, .CSS, .WSH, .SCT, .HTA, .PBL, .CPP, .PAS, .C, .H, .JPG, .JPEG, .MP2 and MP3 extensions.


    WAYS TO PROTECT YOURSELF

    Regardless of who sends you the mail if there is an attachment verify before opening it that it does not end with .vbs. VBS (Visual Basic Script). If the attached file ends with .vbs it is recommended that you delete the e-mail.
    In addition the user or system administrator can disable the execution of VBS files by following the below instructions.
    Windows 95 Users
    1. Open My Computer
    2. Click View / Options
    3. Click the "File Types" tab
    4. Locate and "VBScript Script File" in the registered file types listing.
    5. Single click "VBScript Script File" to highlight the file.
    6. Select Remove and confirm the file deletion.
    Windows 98 Users
    1. Click Start / Settings / Control Panel
    2. Double click Add/Remove Programs
    3. Click the "Windows Setup" tab
    4. Double click "Accessories" from the Components listing
    5. Locate "Windows Scripting Host" from the Accessories component list and Uncheck the selection.
    6. Click Ok and then Apply and Windows Scripting Host will be uninstalled from the computer.
    Windows NT Users
    1. Open My Computer
    2. Click View / Options
    3. Click the "File Types" tab
    4. Locate and "VBScript Script File" in the registered file types listing.
    5. Single click "VBScript Script File" to highlight the file.
    6. Select Remove and confirm the file deletion.
    Windows 2000 Users
    1. Open My Computer
    2. Click View / Options
    3. Click the "File Types" tab
    4. Locate and "VBScript Script File" in the registered file types listing.
    5. Single click "VBScript Script File" to highlight the file.
    6. Select Delete and confirm the file deletion.
    TO MANUALLY REMOVE THE VIRUS
    The Love Letter Virus (Variants A, B, C, E, F and H) can be removed manually by following the below steps:
    • Click Start / Find / Files or Folder and search for *.VBS and delete all files found on the hard disk drive.
    • Search for the file LOVE-LETTER-FOR-YOU.HTM generally found in the Windows System directory and delete it.
    • Search for WIN-BUGSFIX.EXE and WINFAT32.EXE generally found in the Internet Explorer download directory and delete these files.
    • Once these files have been deleted empty the recycle bin and restart the computer and the Virus should be effectively removed from the computer.
    It is also recommended if you are currently running a Virus protection software program that you update it with the latest virus update. Generally doing this will also remove all traces of this virus as all major virus companies have updates on their pages. 
    INFORMATION ABOUT THE NEWLOVE VIRUS
    Announced to be Wild 05/18/2000 the NEWLOVE virus was first reported at Israel. When ran the virus copies itself into the Windows folder and gives itself either a name from the recent document folder or gives itself a random name and extension. Once copied into this directory the virus will then send itself to all the individuals in your address book. It will then search all drives connected to the host system and replace each file with copies of itself and adds the extension .VBS to the original filename.
    This virus has more damage potential then the original LoveLetter virus in addition will rename the subject line to random quires therefore cannot easily be detected as the Subject Line could be anything. It is recommended that all PC users and
    NewLove Virus
    Subject: Begins with FW and then will be named from the Recent Documents folder or a random name.
    Message: Message is empty
    Attachment: The attachment is a Randomly-selected VBS filename from the Windows Folder.
    Special Notes: When ran the virus copies itself into the Windows folder and gives itself either a name from the recent document folder or gives itself a random name and extension. Once copied into this directory the virus will then send itself to all the individuals in your address book. It will then search all drives connected to the host system and replace each file with copies of itself and adds the extension .VBS to the original filename.


    KAK
    VIRUS INFORMATION

    The KAK virus is a virus written in Javascript that will only work in the French and English versions of Windows 95 and Windows 98 and replicates through e-mail VIA Outlook Express 5.0.
    The Virus activates the first day of each month. If the machine is restarted after 5 PM the computer will display a message:
    Kagou-Anti-Kro$oft say not today!
    • Administrator
    • GL Senior Member
    • GL Legend
    • Guru Member

    Babadinho Administrator

    Member Since:
    Sep 19, 2010
    Message Count:
    5,083
    Likes Received:
    448
    CLEANING THE VIRUS

    To manually clean this virus follow the below steps:
    Delete the following files if present:
    C:\Windows\kak.htm
    C:\Windows\System\*.hta
    C:\Windows\Start Menu\Programs\Startup\kak.hta
    C:\Windows\Menu Demarrer\Programmers\Demarrage\kak.hta
    Rename the following files:
    Before renaming the following, ensure that ae.kak is present at

    the root of C drive by typing the following at a MS-DOS prompt:
    cd\
    dir ae.kak
    If present type:
    del autoexec.bat
    ren ae.kak autoexec.bat
    The hole within Outlook Express can be fixed by disabling Active

    Scripting in Outlook Express preferences or by visiting

    Microsoft's update page for an update to this hole.



    RÉSUMÉ Virus

    W97M.Melissa.BG (Resumé Worm Virus)
    The Resumé Virus was announced to be wild Friday May 26 2000.

    While not expected to be as severe as the ILOVEYOU virus it has

    already spread more the recent NEWLOVE virus. 
    The e-mail will contain the subject:
    Resume - Janet Simons
    Upon opening the e-mail the message body will contain:
    To: Director of Sales/Marketing,
    Attached is my resume with a list of
    references contained within. Please
    feel free to call or email me if you
    have any further questions regarding
    my experience. I am looking forward
    to hearing from you. 
    Sincerely, 
    Janet Simons. 
    Included in the document contains resume.doc, explorer.doc or

    normal.dot. If any of these files are ran the virus will first

    send itself to all users in the computer's e-mail address book

    and copy the following files to the hard disk drive:
    C:\Data\Normal.dot
    C:\Windows\Start Menu\ Programs\Startup\Explorer.doc
    Once these files have been copied successfully onto the computer

    it will then release its destructive pay load attempting to

    delete all drives A-Z.



    NYB Virus

    Information about the NYB Virus
    SIZE: 512 bytes.
    INFECTS: Floppy Boot sectors and Master Boot Records.
    WHAT IT DOES: Simple virus which infects diskettes and Master

    Boot records. After infected each time booting up the computer

    will then load into high memory. Once in high memory the virus

    will then have the capability of infecting all non-write

    protected diskettes used in the computer. Once the diskette is

    infected there is a 1/512 chance that the the virus activates.

    When activated the virus will attempt to access a location on

    the floppy drive that does not exist causing floppy drive

    possibly causing physical damage to the floppy drive. Generally

    this only occurs on older floppy disk drives.
    METHODS OF CLEANING VIRUS: It is recommended that all viruses be

    cleaned utilizing a Virus Protection program. However an

    alternate method of cleaning the virus is booting from a clean

    write protected boot diskette with fdisk.exe on it. Boot from

    the diskette and once at the A:\> type FDISK /MBR
    ADDITIONAL INFORMATION: The FDISK /MBR command by default is a

    non-destructive command. It is not recommended you run this

    command if you have one of the following:
    Any type of advanced security program.
    Boot manager such as partition magic.
    You believe your computer is infected with the Monkey B virus.

    If infected with the Monkey B virus it is a possibility that the

    hard disk drive information could be lost.



    STONED EMPIRE MONKEY VIRUS
    ABOUT STONED EMPIRE MONKEY VIRUS

    The Monkey virus was first discovered in Edmonton, Canada, in

    the year 1991. The virus spread quickly to USA, Australia and UK

    and is now one of the most common boot sector viruses.
    As the name indicates, Monkey is a distant relative of Stoned.

    Its technical properties make it quite a remarkable virus,

    however the virus infects the Master Boot Records of hard disks

    and the DOS boot records of diskettes, just like Stoned. Monkey

    spreads only through diskettes.
    Monkey does not let the original partition table remain in its

    proper place in the Master Boot Record, as Stoned does. Instead

    it moves the whole Master Boot Record to the hard disk's third

    sector, and replaces it with its own code. The hard disk is

    inaccessible after a diskette boot, since the operating system

    cannot find valid partition data in the Master Boot Record -

    attempts to use the hard disk result in the DOS error message

    "Invalid drive specification".
    When the computer is booted from the hard disk, the virus is

    executed first, and the hard disk can thereafter be used

    normally. The virus is not, therefore, easily noticeable, unless

    the computer is booted from a diskette.
    The fact that Monkey encrypts the Master Boot Record besides

    relocating it on the disk makes the virus still more difficult

    to remove. The changes to the Master Boot Record cannot be

    detected while the virus is active, since it reroutes the

    BIOS-level disk calls through its own code. Upon inspection, the

    hard disk seems to be in its original shape.



    DETECTING THE VIRUS

    It is difficult to spot the virus, since it does not activate in

    any way. A one-kilobyte reduction in DOS memory is the only

    obvious sign of its presence. The memory can be checked MS-

    DOS's CHKDSK and MEM programs. However, even if MEM reports that

    the computer has 639 kilobytes of basic memory instead of the

    more common 640 kilobytes, it does not necessarily mean that the

    computer is infected. In many computers, the BIOS allocates one

    kilobyte of basic memory for its own use.
    The Monkey virus is quite compatible with different diskette

    types. It carries a table containing data for the most common

    diskettes. Using this table, the virus is able to move a

    diskette's original boot record and a part of its own code to a

    safe area on the diskette. Monkey does not recognize 2.88

    megabyte ED diskettes, however, and partly overwrites their File

    Allocation Tables. Some revisions are can be spotted by running

    fdisk and displaying the partition information if you see % # or

    any other strange characters as the partition , label, etc its a

    good possibility that you may have the virus, to check this you

    can run FDISK


    INFORMATION ABOUT REMOVAL

    The relocation and encryption of the partition table render two

    often-used methods of removing a MBR Virus unviable. One of

    these is the MS-DOS command FDISK /MBR, capable of removing most

    viruses that infect Master Boot Records. The other is using a

    disk editor to restore the Master Boot Record back on the zero

    track. Although both of these procedures destroy the actual

    virus code, the computer cannot be booted from the hard disk

    afterwards.

    There are six different ways to remove the Monkey virus:
    1. Purchase a Virus protection utility and have it clean

    the Virus, while not all virus protection programs are capable

    of removing this virus generally additional add-ons can be

    installed allowing the virus protection utility to remove the

    virus. 
    2. The original Master Boot Record and partition table can

    be restored from a backup taken before the infection. Such a

    backup can be made by using, for example, the MIRROR /PARTN

    command of MS-DOS
    3. The hard disk can be repartitioned by using the FDISK

    program, after which the logical disks must be formatted. All

    data on the hard disk will consequently be lost, however.
    4. The virus code can be overwritten by using FDISK /MBR,

    and the partition table restored manually. In this case, the

    partition values of the hard disk must be calculated and

    inserted in the partition table with the help of a disk editor.

    The method requires expert knowledge of the disk structure, and

    its success is doubtful. Usually this causes the current

    partitions to double causing more havoc.
    5. It is possible to exploit Monkey's stealth capabilities

    by taking a copy of the zero track while the virus is active.

    Since the virus hides the changes it has made, this copy will

    actually contain the original Master Boot Record. This method is

    not recommendable, because the diskettes used in the copying may

    well get infected.
    6. The original zero track can be located, decrypted and

    moved back to its proper place. As a result, the hard disk is

    restored to its exact original state. Some virus scanners have

    this capability, and can successfully remove the virus.

    technololy Member

    Member Since:
    Oct 1, 2010
    Message Count:
    52
    Likes Received:
    0
    a tip i learnd....when i insert flashdrives onto d system and i cant afford the time to scan it,open it with winrar.u will c all d viruses inside and u can delete manually.by opening it with winrar,d virus is still contained with d aid of winrar
    • GL Legend
    • Guru Member

    eleniyan Eleniyan...

    Member Since:
    Oct 2, 2010
    Message Count:
    1,419
    Likes Received:
    0
    not necesarily winrar u can use any file manager jst lyk blueftp 4 fone
    • GL Legend
    • Guru Member

    Xplora GL Legend

    Member Since:
    Sep 30, 2010
    Message Count:
    2,661
    Likes Received:
    0
    THIS IS SO COOL....

    Alves Member

    Member Since:
    Oct 1, 2010
    Message Count:
    964
    Likes Received:
    0
    NICE info Baba.

    Ice_nazzy Member

    Member Since:
    Dec 5, 2010
    Message Count:
    12
    Likes Received:
    0
    @poster thanks 4 d info.Sometime my p3 lappy caught win32 virut and some other trojans one of which was redbull or something like dat.It faded out my google chrome's browser colour,my battery drains in less than 10 min.Lots of annoying freezes,distorted graphics on web pages and overlapping in switching btwn 2 or more pages,slow performance,unable 2 play dvd in drive,keyboard malfunctioning,hardware failure while using usb stick with blue interface displaying etc.I have issues even till now
    Question:-
    1.could it be am being dealt with by virus?
    2.Could d limitation of d sysm b playing out on it?
    3.How come when i had key board issues-back space key,space bar and enter key non-responsiveness could not b fixed by formating?
    4.I scanned d sysm with driver scanner and high errors were detected abt d functionality,performance and error execution of softwares.15 errors were corrected-evidenced of my keyboard issues gone.this been available 2 free users.Since am contemplating a hard formating can this provide d solution am looking for.
    Thanks,hoping 2 read from u soon.

    siempere boin

    Member Since:
    Dec 2, 2010
    Message Count:
    77
    Likes Received:
    0
    I tink I ve a virus whenever I connect to d internet i cannot open my Mozilla Firefox again even if I click 20 times..but once I end d connection Evey tin will open 20 times..place wot do u tink...

    cl4sh Member

    Member Since:
    Dec 22, 2011
    Message Count:
    10
    Likes Received:
    0

    cl4sh Member

    Member Since:
    Dec 22, 2011
    Message Count:
    10
    Likes Received:
    0
    While a good start, most viruses worth mentioning are "FUD". Information presented here is largely outdated and in the grand scheme of things can be avoided by being sensible.
    • GL Legend
    • Guru Member

    wingsâ„¢ GL Legend

    Member Since:
    Oct 1, 2010
    Message Count:
    892
    Likes Received:
    1

    →Lιl Kιηs0m►cr0tεâ„¢← Member

    Member Since:
    Apr 14, 2011
    Message Count:
    105
    Likes Received:
    0
    we've got AV that can take care of virus...what about keyloggers- can be crypted with any file and downloads automatically as you download the file without displaying at the background. now thats what i call "FUD"!!!!! nice info though..

    Khid Member

    Member Since:
    Dec 11, 2011
    Message Count:
    147
    Likes Received:
    0
    • Super Moderator
    • GL Senior Member
    • GL Legend
    • Guru Member

    Dmedal!on Super Moderator

    Member Since:
    Mar 28, 2011
    Message Count:
    18,877
    Likes Received:
    295
    Current Phone:
    Samsung GT-S7562 / PMP-Ultra ROM + Speed Demon
    GREAT THREAD............................
    • GL Legend
    • Guru Member

    DKRONICLE GL Legend

    Member Since:
    Jul 21, 2011
    Message Count:
    1,327
    Likes Received:
    0



    you re rite bro.

    Alexander_john Member

    Member Since:
    Feb 3, 2012
    Message Count:
    3
    Likes Received:
    0
    Hello,
      When i start my PC, after some time my PC  stop working?
    I install window again and again but problem remain same...
    So is it virus?

    chidenzo Member

    Member Since:
    Oct 6, 2010
    Message Count:
    42
    Likes Received:
    1
    Pls gurus help me pls. I used my external harddesk on a frend's system. Now all the folders in it has turn shortcut and i can't open any. Please gurus help me pls.


Share This Page