we are sure still to remember with virus case kespo (kspoold) sempat booming with file principal target ms office especially ms. word and ms. excel with several database programs. this virus copes to menginjeksi file permanently use original icon from file at hypodermic so that enough effective to mengelabui user, although antivirus success “clean” virus but unfortunately not yet can to return icon and file extension (file at clean still berekstensi exe and icon application) so that user of opinion that file broken, eventually appear lah several tools alternative to split file that virus infection like chanal splitter (yayat_dhn), doc/xls recovery (husni), pcmedia antivirus “mengaku” as antivirus best at world. besides kespo gultung/stubble kawung also come along to enliven illusion world with principal target wipes off contents from file at infection and replaced it with country test exercise, so that although virus success at clean but contents from file at change with file contents other.
not want to lose with the pioneer, recently appear virus of a kind kespo where does this virus also will cope to menginjeksi file office (ms word and excel). even though this virus will still to belong to “baik” because he only menginjeksi file office exist in flash menyk.
actually is not too difficult to detect file that this virus infection, that is “hanya” with see icon and file extension tesebut. usually file that this virus infection has icon vbs with extension. doc. vbs, like seen in picture 1 hereunder.
Picture 1, File induk VBS/Repulik.A
with newest update norman can detect this virus by the name of vbs/repulik. A (see picture 2)
Picture 2, result scan norman virus control detect worm: VBS/Repulik.A
Feature VBS/Repulik.A
Next several features from VBS/Repulik.A
-
Icon VBS
-
Ekstensi VBS
-
Size 5 KB
-
Type file “VBScript script file”
-
File hypodermic exe/doc with add file size as big as 5 kb and have extension. doc. vbs. file at this hypodermic has icon vb
Next mother file that at will deliver by vbs/republik. A
-
C:\Documents and Settings\%user%\Start Menu\Programs\Startup\Repvblik.vbs
besides make mother file, vbs/repulik. a also will keep hypodermic file that run by user and file repvblik. txt to folder c: \repvblik, like seen in picture 3 under this:
Picture 3, File drop VBS/Repulik.A
Message from the VM
Akan muncul di akhir umatku, wanita-wanita yang berpakaian namun pada hakikatnya bertelanjang.
Diatas mereka terdapat suatu penaka punuk unta.
Mereka tidak akan memasuki surga dan tidak juga akan mencium aroma surga.
Padahal bau surga itu dapat dicium dari jarak sekian dan sekian (H.R. Muslim)
By Repvblik
if you open file repvblik. txt that reside in directory c: \repvblik, so will appear latent message that is made by the vm. (see picture 4)
Picture 4, latent message the VM
Change volume (name) flash disk
vbs/repulik. a also will try to will change volume (name) flash menyk will be repvblik. (see picture 5)
Picture 5, VBS/Repulik.A Change volume (name) flash disk
injection ms. word and ms. excel
principal target vbs/repulik. a bone other than data especially ms. word and ms. excel by menginjeksi with add code virus in header file. file that at hypodermic will increase 5 kb from size at first. file that at this hypodermic actually not too difficult to been identified because he permanent will use icon vbs with extension. doc. vbs other the things of if icon use icon ms. word or ms. excel with file extension hidden, so that for certain user easy will be deceived to run file.
this virus the good news only aims data exist in removable disk (flash disk).
next file feature that at hypodermic by vbs/repulik. a (see picture 6)
-
Icon VBS
-
size “berbeda-beda” (happen file size increasing sebensar 5 kb from size at first)
-
Extension .DOC.VBS
Picture 6, file at hypodermic by VBS/Repulik.A
if file that injeksi at run so in folder same will make file temporary of the size 6 kb and use icon vbs, look at picture 7 under this:
Picture 7, temporary file that made by Repulik.A
scattered to pass flash disk
to simplify menyebara, he will use diskette / flash disk by will deliver virus file with hypodermic all files ms. word and ms. excel existing, next several files that at will make by vbs/repulik. a
-
I am So Sorry.txt.vbs
-
Indonesian and their corruption!!.txt.vbs
-
Make U lofty.txt.vbs
-
NenekSihir and her Secrets.txt.vbs
-
Never be touched!!.txt.vbs
-
SMS Gratis via GPRS.txt.vbs
-
Thank U Ly.txt.vbs
way to overcome VBS/Repulik.A
-
Deactivate “sytem restore” during cleaning process (if use windows me/xp)
-
kill virus process that has file name wscript. exe. for lethal this process is your can use tools currproses.
-
file erase that made by virus
-
C:\Documents and Settings\%user%\Start Menu\Programs\Startup\Repvblik.vbs
-
C:\Repvblik
-
also file that deliverred at flash disk
-
I am So Sorry.txt.vbs
-
Indonesian and their corruption!!.txt.vbs
-
Make U lofty.txt.vbs
-
NenekSihir and her Secrets.txt.vbs
-
Never be touched!!.txt.vbs
-
SMS Gratis via GPRS.txt.vbs
-
Thank U Ly.txt.vbs
-
change volume/name flash disk according to manual by:
-
click right flash disk
-
click rename
-
change name “repvblik” by the name of you want
-
-
for anticipation and prevent infection repeats, please install and scan with antivirus that can detect this virus well.
-
if antivirus you are install not success “repair” file that at hypodermic by vbs/repulik. a. you can use tools “spliter vbs2doc/xls”. please download tools at address next
http://www.4shared.com/file/43727532/dda23d77/_2__Splitter_VBS2DOC_XLS.html?dirPwdVerified=3c4e3b82
Note:
spliter vbs2doc/xls this be development from tools chanal splitter yav (yayat_dhn). chanal spliter yav tools that used to repair file that at hypodermic by kespo (kspoold), please download tools chanal spitter yav at address next: http: /chanal. biz/blog/? p=17(sumber: vaksin.com)
