techian.com

Computer virus is nothing but a software program that has the ability to reproduce itself and affect the application program in the system. This spreads from one system to another through network files or through memory devices like floppy disks, pen drives and DVD discs. Most of systems are attacked by the types of virus like Trojan horse and other computer worms. These programs are unnecessary and should be detected and removed so that it does not crash the whole hard disk memory. These virus programs can break the security maintained and spreads easily. The virus programs targets the application program and executes their source code when user tries to run the infected application. Thus the virus program takes the full control of the application program.

There are many anti virus programs that can be used to detect the virus programs residing in system. But virus programs uses various methods to hide itself from being detected by the anti virus software. Some virus programs interrupts the request of the anti virus request and diverts to itself instead of OS. Some virus programs make use of encrypted codes to hide itself from the view of anti virus software. If the virus programs are left undetected it affects the operating system files which result in failure of booting process. This is the worst effect produced by the virus program. This makes computer trouble shooting as a difficult task to be carried out.

There is much software available for virus removal and also malware removal. System restore is one of the options that are available in windows OS and this option can be used for removing the virus program. Some virus programs can be removed by reinstalling the operating system which is the trivial solution for the virus affected systems. There also anti virus software like MacAfee, Avira anti virus etc that can be used to safe guard systems. In order to make the best use of these anti virus programs it is necessary to download these from a clean computer. It is also mandatory to remove the internet connection of the affected system. Thus by following these computer tips one can safeguard and if affected can take the best action against the virus.   

Exploiting cross-site scripting flaw on Orkut, “Bom Sabado” worm is spreading like a plague on Orkut. Bom Sabado means ““Good Saturday” in Portuguese. It sends “Bom Sabado ” scraps to your friends and automatically joins your profile on some adult communities. It’s a cookie stealing script in action.

Am I infected?

If you have seen “ Bom Sabado! “ scrap on orkut, on your scrapbook or your friends scrapbook, or seen this scrap on Gmail’s web interface, you are infected.

Don’t panic !

What should you do?

• Clear your cookies and cache.
• Change your Google account password immediately by visiting the following link and don’t login to Orkut till Google engineers fix this issue.

https://www.google.com/accounts/EditPasswd?hl=en

• Change the security question too

• Keep your Mobile phone no. updated for getting password reset code.
• Don’t try to open Orkut or messages from Orkut by e-mail. (SMTP & POP users may view the message in plain text)
• Stop visiting the scrapbooks of others till they fix this issue.

How can you help to avoid its spreading?

• Login to mobile version of Orkut http://m.orkut.com from Opera Mobile and delete all “ Bom Sabado! “ scraps

Alternatively,

• Disable Javascript on your browser
• Login to mobile version http://m.orkut.com

Pass this information to your friends. Stay tuned for further updates.

UPDATE from Google:

Hi all,

This is to inform you all that we've contained the "Bom Sabado" virus and have identified the bug that allowed this and have fixed it.

We're currently working on restoring the affected profiles.

Thanks a ton to each of you who's made an effort to alert everyone else about this.

“Thayet Myo Hacking Day!” virus/trojan, then <Windows root>\system32\hal.dll missing? Or how to remove Hacking day virus?

There are lot of PC users who know only little about “Spyware”, “Malware”, “hijackers”, “Dialers” & many more. This article will help you avoid pop-ups, spammers and all those baddies.

What is spy-ware?
Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user’s interaction with the computer, without the user’s informed consent.The term spyware suggests software that secretly monitors the user’s behavior.Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited etc.

How to check if a program has spyware?
It is this little site that keeps a database of programs that are known to install spyware.

Check Out: SpywareGuide

How To Block Pop-Ups?
If you would like to block pop-ups (IE Pop-ups) there are tons of different tools out there, but these are the two best, I think.

Try: Google Toolbar - This tool is a Freeware.
Try: AdMuncher – This tool is a Shareware.

How To Remove Spywares?
If you want to remove spwares then you may try the following tools/programs

Try: Lavasoft Ad-Aware - This tool is a freeware.
Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.

Try: Spybot-S&D – This tool is a freeware.
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

Try: Spy Sweeper - This tool is a shareware.
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.The best scanner out there, and updated all the time.

Try: BPS Spyware and Adware Remover – This tool is a shareware.
Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you’d like to remove.

How To Prevent Spyware?
To prevent spyware attack you can try the following tools.

Try: SpywareBlaster - This tool is a freeware.
Info: SpywareBlaster doesn’t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Try: XP-AntiSpy - This tool is a freeware.
Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people

download:

http://www.getupload.org/en/file/12545/Virus-Removal-Tools-159-in-1-rar.html 

The Complete Database to the virus has been uploaded.

Solution also provided within.

http://ankit-cracker.zoomshare.com/files/VM/ino6.zip

Please do leave a comment, and if there are any further queries or bugs then contact us.

The Complete Database to the virus has been uploaded, open the link to download the zipped file

The Set includes a complete information on the Virus,

how it works, how it spreads, how to stop it.

http://ankit-cracker.zoomshare.com/files/VM/amvo.exe.zip

Please do leave a comment, and if there are any further queries or bugs then contact us.

Drivemonitor.exe flashguard.exe driveguard.exe
all are same..invariants of Win32.Worm.Autoit.AL

The presence of

%programfiles%\FlashGuard\FlashGuard.exe
%windrive%\FlashGuard\ReadMe.txt
%windrive%\FlashGuard\FlashGuard.exe

The presence of autorun.inf on removable drives that contains

[autorun]
open=System\Security\DriveGuard.exe -run
shell\Open=&Open
shell\Open\Command=System\Security\DriveGuard.exe -run
shell\Explore=&Explore
shell\Explore\Command=System\Security\DriveGuard.exe -run

technical description:
This worm tries to impersonate a friendly application one that wants to protect your removable drives from other pieces of malware.

The malicious file would copy itself to %programfiles%\FlashGuard\FlashGuard.exe

It also includes a readme file that reads:
“This tiny software is used to protect removable storage devices from
worms that are spread from one PC to another. ”

It creates the following registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FlashGuard
with the value “%windrive%\FlashGuard\FlashGuard.exe” -run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\FlashGuard
with the value “%windrive%\FlashGuard\FlashGuard.exe” -run

Copies the readme file to %windrive%\FlashGuard\ReadMe.txt

It checks if any of the following processes are running,
iexplore.exe,alg.exe,csrss.exe,cssrs.exe,cssrss.exe,explore.exe,
expIorer.exe,csrss.exe,iexplorer.exe,lexplore.exe,lsass.exe,lssas.exe,
lssass.exe,scshost.exe,scvhost.exe,scvhsot.exe,smss.exe,smsss.exe,
spoolss.exe,spoolsv.exe,spoolvs.exe,ssms.exe,sssms.exe,ssvhost.exe,
svchost.exe,svchsot.exe,serivces.exe,taskmgr.exe,wilnogon.exe,winl0g0n.exe,
winlgoon.exe,winlogno.exe,winlogon.exe,wlnlogon.exe
and if is not one of:
\Program Files\Internet Explorer\iexplore.exe,
\system32\svchost.exe,
\system32\lsass.exe,
\system32\csrss.exe,
\system32\alg.exe,
\system32\winlogon.exe,
\system32\smss.exe,
\system32\spoolsv.exe,
\system32\taskmgr.exe
the process would terminated and the file would get renamed with a “.bak” extension

this worm will remove all files from C:\heap41a that are related to other malicious programs

it enables TaskManager if is disabled

will infect any removable drive writing autorun.inf and a copy of itself
in %drv%\System\Security\DriveGuard.exe with hidden attribute

payload:

will download from http://[removed]/lndexnew.jpg
and http://[removed]/lndexnew.txt
executable files that will be copied to temporary directory with a random name
and reg key HKLM\software\microsoft\windows\currentversion\RunOnce\temp_cleanup
with value “%temp_path%\[random].exe” will be created
All downloaded files are backdoors