Some kind of VIRUS

Malingsi virus included in the new virus, into the first rank in the most virus is reported in this period. Followed by Autoit virus and the old, and the virus Doremi including a new virus. And indeed most of the viruses that enter in a list of ten times this is a new virus. Read the list below:

1. Malingsi

The virus attacks the virus Malingsi other.

Virus gemuk well with the size of 705,312 bytes is created using Visual Basic in-pack use PECompact. It seems this virus is to attack another virus, this is visible from the message in the body. Virus breed and spread using the Personalization mediator, which acts as a bot ..

2. Autoit variants

Most variants use Autoit icon folder in penyamarannya.

Characteristic of a virus that is created using this program automation scripting. That if the compile into an executable file, which is also in-pack using UPX. And nearly 90% with all autoit virus variants that we have, using the folder icon is similar in penyamarannya. This virus will also usually create an autorun.inf file at the time of the disk drive or flash drive.

3. Doremi

The contents of a text file that comes with the package a file virus.

Virus in the database that we have, we have found 4 variants of this virus that is Doremi.A, B, C and D. They almost have no differences in terms of coding. A variant using similar icon PCMAV, B and C using the icon that looks like a key image, and D variants using the magnifying glass icon image. All use social engineering techniques, so that seems like a normal program.

File viruses are created using Visual Basic is indeed likely to deliberately put in to trick internet users who download them. No briliant techniques that he applied, but the author has provided a routine that evil act in a certain date, such as 14 or 8. What happened? He will try to delete all data on the hard drive without the user. When the computer restart, which appear only "NTLDR is missing". Simultaneously file with the virus, usually you will also be able to find a text file with the name of Do-Re-Mi.txt the content: "by Midnight Joker."

4.Formalin

Formalin virus file properties.

At the time this update is known variants of the virus 2 Formalin. Icon used by this virus resembles the withdrawal folder, and it is created using Visual Basic. On Formalin.D, the file size of 18,432 bytes, with the in-pack conditions using UPX. This virus creates a folder "disguise" with names such as seepage problem UAN and UAS, My Completed Downloads, Picture Wallpaper, Crack Program, Jgn opened!, Nitip Data (jgn removed), and others.

At the infected computer, Internet Explorer in the caption will change to "Your computer has been infected the virus Formalin." He also tries to disable "safe-mode" in a way to delete some registry related. And in the file properties of the virus, in the property description information akan version have any posts like "Kasian dch loe".

5. Purwo.B

Impersonate use msword icon similar documents.

Created using Visual Basic, with the body size of about 36KB, with the pure-pack.Saat menginfeksi it creates a folder with the name "Purwokerto Under Cover" of the hidden attributes, and a file called "PurwokertoKotaSatria.exe" on each drive that he found . In the folder C: \ Windows \ System32 \ file system also have windows.exe, and in the C: \ Windows \ Shell \ services.exe.

6. Plolonk

Plolonk change the wallpaper computer infected.

Local production of virus is one that is made using Visual Basic, with a size of 67,072 bytes with the conditions in-packscramble. In the registry, he created new items in the HKLM run, with the name of the service point on one of the parent file in the Windows directory with the name of dllhost.exe. In addition, the directory can be found also an image file that will be made by it with the name of the wallpaper Pl0Lonx.jpg.

So on the infected computer, the computer's desktop wallpaper will change it into a picture theme "SuSE Linux". In addition, to be automatically active, he also put himself in the Startup folder with the name Empty.pif. the most likely use the UPX

7. Recycler variants

File viruses hiding behind false Recycle Bin.

Which is the characteristic of the virus from this technique is, how it spread. Of all the variants that we have, how that is done the same, ie masquerade as Recycle Bin. For example the virus attacks the flash disk. In the flash disk there is a victim akan Recycler folder with the name in which there is a folder using the name for example alpha numeric

"S-1-5-21-1482476501-1644491937-682003330-1013" with the icon is similar to the Recycle Bin icon. If this folder, click on or accessed from the Explorer, the file will not be visible virus. To view them, you can go to command prompt with the command "dir / a".

8. Buxto variants

Message from Buxto virus.

The virus is made using Visual Basic. On the one variannya, such as for example Buxto.C, it has a body size of 266,240 bytes, with no in-pack. Icon virus-like application icon Mozilla Firefox browser. The virus is known to create autorun on every drive that it can find to spread. And one thing, the message delivered by this virus is quite nyeleneh, as an ad's message.

9. Minerva

Minerva divert attention by giving the user games.

Virus-sized about 340,981 bytes to 347,965 bytes Minerva.A and to use this Minerva.B cajolery as flash games, using the icon that looks like a standard flash file. If a user tempted, and accidentally activate the virus, which is a games show. Games and its random, can Mario Bros., Single Puzzle Hangman, or the other. He was saving a few games on the body. That he would do to distract attention, the On the one hand the virus has merasuki the victim computer, the user is being cool to play its games.

This virus tries to log, and me-as registerrunning services. You can also find the file easily in the parent folder with the name Startup minerva.com. So, be careful if you get a file form flash games games, check first. himself in the HKLM \ System \ CurrentControlSet \ Services with the name of Minerva, can hope

10. Windx-Maxtrox

Display desktop wallpaper changed by the virus after Windx-Maxtrox.

Virus made with Visual Basic has a body size of around 77Kb original, without the in-pack. The virus is suspected to originate from the strong North Sulawesi has an executable file infection capabilities. Precisely, it will menginfeksi program in the Program Files directory. Infection of the techniques he applied canny enough to avoid pendeteksian's heuristic antivirus engine. Characteristics that can be recognized on the infected computer is changing the image from the desktop into the wallpaper image animation.