Feel your computer runs slow as a snail alias? Do not take for granted because it could be your computer is infected with a virus / trojan and network worm dangerous this one.By Norman Antivirus, which is a variant virus viruses LNK (shortcut) is detected as W32/Agent.VARB.
The worm itself is one group of worms that can disrupt computer systems in the network and try to manipulate the system on the network. The main capabilities of this worm is to broadcast the internet and make the computer becomes slow.
This type of worm is also known as Rorpian (Microsoft) or SillyFDC (Symantec, Eset / NOD), and TDSS (TrendMicro, Sophos) are commonly found on server computers that often used to exchange data or sharing files, especially users of Windows Server 2003. The worm capable of
deployment using slit the shortcut (LNK) or MS10-046, can also spread through the other slit is Windows Print Spooler or MS10-061 and Microsoft OpenType Font Driver or MS10-091.
Here are symptoms that occurs when your computer get infected:
1. Active by infecting Windows Explorer file and Print Spooler Active worm file on the computer memory by injecting or ride the Windows Explorer file and Print Spooler. By doing things like that, it would avoid the anticipation of the Antivirus making it very difficult
to clean. The attack will occur on the server computer that uses Windows Server 2003.
2. Windows Explorer Error
When the computer first turned on and logged in, Windows Explorer will seem slow (hang) due to the activity of the worm that tries to intrudes the Windows Explorer. By doing so, computer users will feel disturbed and uncomfortable using computers..
3. Connect to the Remote Server
Worm W32/Agent.VARB also attempt to connect to the Remote Server to perform the necessary delivery information on the Remote Server.
Connections to multiple remote servers done using a random port.
4. Downloading files in order to stay updated
Trojan W32/Agent.VARB also to download some specific files from remote servers that aims to keep updated and worms are not easily recognizable by the antivirus. Here are the W32/Agent.VARB trojan files characteristics you should know:
Measuring size : 63 kb (depending on the variant who are found)
File type : Font file
Icon file : Fonts
Extension type : Font
W32/Agent.VARB trojan file itself distibutes thru removable drive or other media files. This method is commonly done by computer users.
Worm (use crack autoplay) will create some files in order to infect computers. In addition, by exploiting security holes MS10-046 (Windows Icon handler) then the shortcut file / LNK will be directly executed at the time the drive is accessed. Another way is through the
deployment of a LAN network. By leveraging the open file sharing (full), worms make the distribution file. So that the computer that will access the file sharing will be infected easily (also use crack MS10-046). In addition, by exploiting security holes MS10-061 (Windows
Print Spooler) in a computer that accesses the Print Server computers that have been infected with this worm species.
To deal with the shorcut virus, here are some steps you can try on and protect your computer.
• Previously turn off system restore process.
• Turn off the process of Wscript file located in C: \ Windows \ System32, by using tools such as CProcess, HijackThis or can also use the Task Manager of Windows.
• Once off the process of Wscript, we need to delete or rename the file so is not used for awhile by the virus.
• For you to notice, if we rename the file with an automatic Wscript.exe, it will be copied again in the folder. Therefore, we must find where the other Wscript.exe located, usually in C: \ Windows \ $ NtServicePackUninstall $, C: \ Windows \ ServicePackFiles \ i386.
• Unlike other VBS viruses, we can change the Open With from the vbs file into Notepad, the virus that has MDB Microsoft Access file extention. So Wscript database.mdb will run the file as the vbs file.
• Delete an existing parent file in C: \ Documents and Settings \ \ My Documents \ database.mdb, so that every time the computer starts up will not load the file. And don’t forget to open MSCONFIG and disable the run command.
• Now delete the files autorun.inf. Microsoft.inf and Thumb.db. The trick, click the START button, type CMD, moved to the drive to be cleaned, such as drive C: \, then we have do these steps below:
1. Type C: \ del Microsoft.inf / s, this command will delete all files microsoft.inf in all folders on drive C:. Meanwhile if you want to move the drive to live alone drive renamed example: D: \ del Microsoft.inf / s
2. For the autorun.inf file, type C: \ autorun.inf del / s / ah / f, the command will delete the autorun.inf file (syntax / ah / f) is used as the file is taking attrib RSHA, as well as to file Thumb . db also do the same thing.
• To delete the files earlier, we must find a way search files with extensions. Common Lnk size is 1 kb. In the ‘More advanced options’ make sure the option ‘Search system folders’ and ‘Search hidden files and folders’ are both checked.
• Please be careful, not all files shortcut / LNK file size of 1 kb is a virus, we can distinguish it from an icon, size and type. For the shortcut icon created the virus always uses icons ‘folder’, size 1 kb and type ‘shortcut’. While the correct folder should not have ‘size’ and the type is ‘File Folder’.
• Fix the registry has been intruded by the virus. To speed up the process of repair registry copy the script below on the program ‘notepad’ and save it with the name ‘repair.inf’. Execute the following ways:
- Right click repair.inf
- Click Install
[Version]
Signature = “$ Chicago $”
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,,
“regedit.exe”% 1 “”
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon,
Shell, 0, “Explorer.exe”
HKLM, SYSTEM \ ControlSet001 \ Control \ safeboot, AlternateShell, 0, “cmd.exe”
HKLM, SYSTEM \ ControlSet002 \ Control \ safeboot, AlternateShell, 0, “cmd.exe”
[Del]
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Winupdate
HKCU, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, explorer
• The virus cleaning process are done now
• To stayleaning the registry, just Go to Run, type Regedit. Find and delete “database.mdb”
• Or enter the Run, type msconfig, click sevices. Uncheck the option “shell hardware detection.
• Done
Incoming Computer Tutorial Search:
Related Computer Tutorial:
- Useful Tips How to Handle Computer Get Infected By Autorun.inf Virus There is a much simple way to remove the Autorun.inf file. Generally when you refresh the windows explorer view a bounded virus process recreates this file. This file is attached...
- 25 Useful Tips On How To Improve Computer Performance With Registry Edit Try to get you started exploring the application of the Control Panel and find some useful techniques. And there’s more applications folder Command Line in Windows’ System32. But, none can...
- Knowing The Types Of Files That Can Be Infected And Spreadout The Virus To Your Computer There are thousands of viruses today. More and more viruses are discovered nowadays. So its becoming difficult to detect and destroy new viruses. The new viruses are programmed in such...
- 3 Steps to Restore Data Lost Due to Virus Attack Every computer user knows what a virus is. But, for those who are not aware of this term, virus is a program that replicates and spreads in your computer, thereby...
- 20 Hack Registry to Improve PC Performance Registry is equipped with a variety of settings that are useful to enhance performance, improve security holes, and even change the fundamental basis of Windows to work better. There’s nothing...
