Welcome Guest. Sign in or Signup

27 Answers

new forum for discussion on virus threats

Asked by: 1854 views TechSupportPortal

hello friends,

 

this is a new forum in our site . please be part of ot and contribute what u know and ask what u dont know.

thank u abilash for the sugession to start this session

 

admin

 

 

27 Answers

  1. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    W32/Fujacks.aa
    Type Virus SubType SubType

    Risk Assessment
    Corporate User Low-Profiled
    Home User Low-Profiled Tab Navigation
    Overview –
    W32/Fujacks.aa is a copied variant of the W32/Fujacks worm that infects PE and possibly HTML files with malicious hyperlinks of Windows ANI 0-day exploit; and spreads over floppy drive and possibly other removable devices. It will also download additional malware on the infected machine.

    Aliases
    Trojan-Downloader.Win32.Agent.bky (Kaspersky)
    W32/Fujacks.aa is a copied variant of the W32/Fujacks worm that infects PE and possibly HTM files with malicious hyperlinks of Windows ANI File Format Handling 0-day exploit; and spreads over floppy drive and possibly other removable devices. It will also download additional malware on the infected machine.

    These malicious hyperlinks may be appended as JavaScript, and pointing to these site(s) containing the 0-day exploit:
    Upon execution, it spawns notepad.exe and injects a malicious thread into this process. It also installs itself into %Windir%System32.

    (Where %Windir% is the Windows folder; e.g. C:Windows)

    The worm then contacts hxxp://{hidden}.2007ip.com/{hidde}.css to download a list of files that it can download. At the time of writing, these malware were found to be PWS-LegMir, PWS-Lineage and new variants of W32/Fujacks.aa.

    Instead of the usual W32/Fujacks strings used in earlier variants, inside the virus body of each variant contain one or more of these silly messages:

    “I Hate AVP!!” “Well, Boss will come in !!” “I will by one BMW this year!”The W32/Fujacks.aa thread in notepad.exe then prepends itself to Win32 PE files. It may also create a copy of itself in A:tools.exe and A:autorun.inf to autostart itself.

    It creates the following registry key(s) to start itself at boot up time:

    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
    “System Boot Check”=”%Windir%system32{filename}.exe”

    Symptoms
    ===========
    Presence of the mentioned files. Presence of the mentioned registry keys. PE files increase in file sizes between 10k to 100k or more. HTML files may be appeneded with the mentioned hyperlinks. Unexpected connection to the mentioned server(s).

    Method of Infection
    =======================

    W32/Fujacks.aa is a copied variant of the W32/Fujacks worm that infects PE and possibly HTML files with malicious hyperlinks of Windows ANI 0-day exploit; and spreads over floppy drive and possibly other removable devices. It can also be downloaded through another malware or variant.

    abhilash - Nov 30, -0001 | Reply

  2. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Virus on Orkut

    Hi,
    One of my friend came across a strange issue/virus.
    Whenever she opens the Orkut site, a message ” You dont have right to open this ” plus a laughing sound comes. We tried with virus scan and repaired some. but still the same issue persist. Tried to delete the cookies, but the hidden files are not able to view. That is also virus it seems. But when tried to serach for hidden files, we could delete some “temp” files. Still that does not solve the issue.
    Can anyone help us on this??

    Thanks
    Devi

    Devi - Nov 30, -0001 | Reply

  3. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    hello devi

    it seems mostly someone has installed a prgm on ur machine that shows this mesage…does this occur to more than one machine ..is it ur company machine or home ..what is the av running on it

    harish

    harish - Nov 30, -0001 | Reply

  4. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    hello admin

    my congrats to this new forum….it is the main issue faced by people like me…hope everyone will contribute

    harish

    harish - Nov 30, -0001 | Reply

  5. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Hi Harish,

    No it is not a company machine, personal desktop at home only. I didnt get your qtn, av means? do u want to now abt the OS then it is XP Proessional edition

    Thanks

    Devi

    Devi - Nov 30, -0001 | Reply

  6. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    hello

    sorry…by av i mean anti virus. it is quite normal if u cant delete some of the temp files..if that files are in use.
    if it is a personal desktop there is a greater chance that someone installed a fun prgm that is activated when u enter the orkut site …may be it is just my limited knowledege

    harish

    harish - Nov 30, -0001 | Reply

  7. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    hello
    your machine is infected with a worm named
    w32.USBWorm; which is spreading through usb drives. it really dont like your orkutting habits.
     
    it creates a directory named  heap41 in ur c drive. and add lines to registry to run files from there. the laughing sound u heard from ur machine was from a file named 2.mp3
    do the following to remove the virus from ur system
    1…when u r on ur desktop press ctlr+alt+del and kill the svshost.exefrom memory by end tasking it from task manager
    2 the run regedit and open the following values
    You need to navigate to HKEY_LOCAL_MACHINE,SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced FolderHiddenSHOWALL, checkedvalue And reset the CheckedValue key back to 1. This is to show all the hidden files.
    Then navigate to HKEY_LOCAL_MACHINE,SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun and delete the winlogon key. — This will stop the worm installing at the start up.
    as i said earlier the common directory for this wormis heap41.
    but to make sure search for the file named svhhost.exe throgh windows search option . make sure to search for hidden files.
    open the directory containing the svshost and u can see all the culprits there…delete them including that directory..
    hope this is the solution for u
    shyam

     

    Shyamlal - Nov 30, -0001 | Reply

  8. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    wow… thanks a lot.. let me try and let you know.

    Thanks

    devi..

     

    Devi - Nov 30, -0001 | Reply

  9. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    hello

    thanks for the answer. it was a news for me
    thanks

    harish

    harish - Nov 30, -0001 | Reply

  10. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Hai, Here is a Solution to Kill the Orkut virus Similar as said By Shyamlal sir.
    If your computer is effected by this virus.In this case when you log on to orkut your browser will automatically close…..This is not the case that orkut is really banned……But your computer has got a malware attack.This malware cannot be removed using any antivirus or antispyware softwares.You should remove it manually….

    To Remove

    1. Press CTRL+ALT+DEL and go to the processes tab

    2. Look for svchost.exe under the administrator name. There may be usually three such prosess……..Click on that ……

    3. Press DEL to remove these files. It will give you a warning, Press Yes

    4. Repeat for more svchost.exe files with your username and repeat. Do not remove svchost.exe with system, local service or network service!

    5. Now open My Computer

    6. In the address bar, type C:heap41a and press enter. It is a hidden folder, and is not visible by default. You can see many files here………such as an icon.a 2.mp3 file etc.

    7. Delete all the files here

    9. Now go to Start –> Run and type Regedit

    10. When the regedit window appears,go to the menu Edit –> Find

    11. Type “heap41a” here and press enter. You will get something like this “[winlogon] C:heap41asvchost.exe C:heap(some number)std.txt”

    12. Select that and Press DEL. It will ask “Are you sure you wanna delete this value”, click Yes

    13. Now close the registry editor.

    Now the Malware is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive or floppy from which you got the malware attack.

    **********************BEST OF LUCK*************

    Sooraj Narayanan - Nov 30, -0001 | Reply

  11. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Pls a Correction:-Pls type :- C:heap41a

    Sooraj Narayanan - Nov 30, -0001 | Reply

  12. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Devi

    This Link Will help you.. Click here

     

     

    Albin Sebastian - Nov 30, -0001 | Reply

  13. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Pretty Helpful.. Thanks Sooraj

    Devi - Nov 30, -0001 | Reply

  14. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    It’s good that we’ve a dedicated forum for security.

    Jobin - Nov 30, -0001 | Reply

  15. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    It would be better if we have a forum on ethical hacking as well, and it shouldn’t necessarily be mixed with the security forum…

    Jobin - Nov 30, -0001 | Reply

  16. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Jobin . I support ur suggestion.

    Albin Sebastian - Nov 30, -0001 | Reply

  17. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Thanks Albins

    Devi - Nov 30, -0001 | Reply

  18. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Thax albins…

    Jobin - Nov 30, -0001 | Reply

  19. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    in m.s word in my computer it could not see and select fonts but in m.s excel and m.s powerpoint there is fonts to select .please give me a solution.

    jafar - Nov 30, -0001 | Reply

  20. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Open MS Word

    In View tab Select “tool bars”

    then tick on “formating ”

    It will solve ur issue ..

    Good luck ..

    Albin Sebastian - Nov 30, -0001 | Reply

  21. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    jafar Please try to post problems as new issues under the appropriate sections

    Albin Sebastian - Nov 30, -0001 | Reply

  22. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    jafar,

    Please replay if it is solved.

    Albin Sebastian - Nov 30, -0001 | Reply

  23. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    sir,
    The idea is great.also valueble. I have no knowledge about virus. But great desire to be part with the new Forum.Please accept me.
    Whatever it will be, I will certainly visit you.   

    Vijayan

    vijayan - Nov 30, -0001 | Reply

  24. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    welcome vijayan

    Shyamlal - Nov 30, -0001 | Reply

  25. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Ohh Thanks admin i was in search of removing this virus from ma system..

     

    Thanks a lot for this post …

    Jayakrishnan.C.P - Nov 30, -0001 | Reply

  26. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    i have been facing a virus attack….my control panel is disappeared frm the start pop up. no way to install any spyware removal. i have tried avast pro, but no cure. Heap41 is present, and no orkut tricking in my system. well, let me try wt u told in this page .ok shyam sir.

    felixwings - Nov 30, -0001 | Reply

  27. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Try online virus scan without install a software from following link

    http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

    for Heap41 removel go to

    http://tec-updates.blogspot.com/2007/07/remove-heap41a-win32usbworm-worm.html

    Albin Sebastian - Nov 30, -0001 | Reply


Answer Question