One day after the W32.Bagle.B virus spread on the Internet, this morning 19 February 2004, the new computer virus W32.SkyNet.B has appeared in Vietnam. We immediately collected samples, analyzed and decoded the virus samples. By 17:00 the preliminary analysis is completed and the processing solution updated by us to the new Bkav498 version. To prevent the widespread spread of the W32.SkyNet.B virus on the Internet, you should take precautions with the letter headers. hello, read it immediately, something for you, warning, information, stolen, fake, unknown Attached files of about 22 Kbyte, and download Bkav version Bkav498 about to handle this virus.
To remove the W32.Bagle.B virus you need to follow these steps:
Download Bkav software version Bkav498 about a folder on the machine.
If you use Windows Me or XP must turn off System Restore of the operating system go.
If your computer has installed other anti-virus programs such as NAV, McAffe must be temporary disable Auto Protect function of those programs.
Run Bkav498, select scan all files, all drives
Restart computer.
Detailed description W32.SkyNet.B virus:
When enabled, W32.SkyNet.B will perform the following tasks: 1. Create a mutex named AdmSkynetJklS003 . This mutex is recognized by the virus so if it opens a second time, the virus will pop up a message box with the contents: The file could not be opened. The virus then copies itself to the Windows directory of the operating system with the filename services.exe 2. Display a Message box with the following content: Tập tin không thể mở. 3. Create the " service "in: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun The virus is automatically activated every time the operating system boots. 4. Correct the Windows registry as follows:
a, Delete the key:5. Scan all drives from C to Z (if any) in the machine. If it detects that the drive is not a CD drive, the virus will scan the folders and subfolders on that drive. If the directory name contains the string "share" or "sharing", the virus copies itself to that directory under the following names:in the following key: HKEY_LOCAL_MACHINESOFTWAREMicrosoft
- Taskmon
- Explorer
WindowsCurrentVersionRun HKEY_CURRENT_USERSOFTWAREMicrosoft
WindowsCurrentVersionRun b, and delete the keys:in key: HKEY_LOCAL_MACHINESOFTWAREMicrosoft
- KasperskyAv
WindowsCurrentVersionRunin the key: HKEY_LOCAL_MACHINESOFTWAREMicrosoft
- System.
WindowsCurrentVersionRun HKEY_LOCAL_MACHINESOFTWAREMicrosoft
WindowsCurrentVersionRunServices This virus also deletes the key InProcServer32 in: HKEY_CLASSES_ROOTCLSID
{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- doom2.doc.pif
- sex sex sex.doc.exe
- rfc compilation.doc.exe
- dictionary.doc.exe
- win longhorn.doc.exe
- e.book.d.d.exe
- programming basics.doc.exe
- how to hack.doc.exe
- max payne 2.crack.exe
- e-book.archive.doc.exe
- virii.scr
- nero.7.exe
- eminem - lick my pussy.mp3.pif
- cool screensaver.scr
- serial.txt.exe
- office_crack.exe
- hardcore porn.jpg.exe
- angels.pif
- porno.scr
- matrix.scr
- photoshop 9 crack.exe
- strippoker.exe
- dolly_buster.jpg.pif
- winxp_crack.exe
- .msg
- .oft
- .sht
- .dbx
- .bb
- .adb
- .doc
- .wab
- .asp
- .in
- .rtf
- .vbs
- .html
- .htm
- .pl
- .php
- .txt
- .eml
7. Send mail to the addresses found on the machine. The letters look like this:
Title (Subject)- hello
- read it immediately
- even Search.S:
- warning
- information
- stolen
- fake
- unknown
- anything ok?
- what does it mean?
- ok
- i'm waiting
- đọc chi tiết.
- đây là tài liệu.
- read it immediately!
- my hero
- here
- is that true?
- is that your name?
- is that your account?
- and wait for a reply!
- is that from you?
- bạn là một danh sách sai
- I have your password!
- something about you!
- kill the writer of this document!
- i hope it is not true!
- your name is wrong
- i found this document about you
- yes, really?
- that is bad
- here it is
- see you
- greetings
- stuff about you?
- something is going wrong!
- information about you
- about me
- from the chatter
- here, the serials
- here, the introduction
- here, the cheats
- that's funny
- do you?
- reply
- take it easy
- why?
- thats wrong
- misc
- you earn money
- you feel the same
- you try to steal
- you are bad
- something is going wrong
- something is fool
- msg
- doc
- talc
- message
- creditcard
- details
- attachment
- me
- stuff
- posting
- textfile
- concert
- information
- note
- bill
- swimmingpool
- product
- .......
Analyst team: Vu Ngoc Son, Dao Van Huy, Ngo Trong Canh
Download URL: & nbsp; Download Bkav2002 (Version 498) & nbsp; 220kb
