Virus VBS/Repulik.A injection MS.Word and MS.Excel

Selasa, 06 Mei 2008

if yesterday ever appear virus that inspired by song ari lasso, today we want to introduce you in one new virus menyinyalir fan group music repvblik and remind in famous brand branded bvlgari.

we are sure still to remember with virus case kespo (kspoold) sempat booming with file principal target ms office especially ms. word and ms. excel with several database programs. this virus copes to menginjeksi file permanently use original icon from file at hypodermic so that enough effective to mengelabui user, although antivirus success “clean” virus but unfortunately not yet can to return icon and file extension (file at clean still berekstensi exe and icon application) so that user of opinion that file broken, eventually appear lah several tools alternative to split file that virus infection like chanal splitter (yayat_dhn), doc/xls recovery (husni), pcmedia antivirus “mengaku” as antivirus best at world. besides kespo gultung/stubble kawung also come along to enliven illusion world with principal target wipes off contents from file at infection and replaced it with country test exercise, so that although virus success at clean but contents from file at change with file contents other.

not want to lose with the pioneer, recently appear virus of a kind kespo where does this virus also will cope to menginjeksi file office (ms word and excel). even though this virus will still to belong to “baik” because he only menginjeksi file office exist in flash menyk.

actually is not too difficult to detect file that this virus infection, that is “hanya” with see icon and file extension tesebut. usually file that this virus infection has icon vbs with extension. doc. vbs, like seen in picture 1 hereunder.

Picture 1, File induk VBS/Repulik.A

with newest update norman can detect this virus by the name of vbs/repulik. A (see picture 2)

Picture 2, result scan norman virus control detect worm: VBS/Repulik.A

Feature VBS/Repulik.A

Next several features from VBS/Repulik.A

  • Icon VBS

  • Ekstensi VBS

  • Size 5 KB

  • Type file “VBScript script file”

  • File hypodermic exe/doc with add file size as big as 5 kb and have extension. doc. vbs. file at this hypodermic has icon vb

At the (time) of this virus is mobile, he will make mother file that be run each time computer booting. differ from another local virus, he will not make string in registry editor so that not too suspicious looking, this virus also will not windows function block and software security so that easier to cleaned.

Next mother file that at will deliver by vbs/republik. A
  • C:\Documents and Settings\%user%\Start Menu\Programs\Startup\Repvblik.vbs

besides make mother file, vbs/repulik. a also will keep hypodermic file that run by user and file repvblik. txt to folder c: \repvblik, like seen in picture 3 under this:

Picture 3, File drop VBS/Repulik.A

Message from the VM

Akan muncul di akhir umatku, wanita-wanita yang berpakaian namun pada hakikatnya bertelanjang.

Diatas mereka terdapat suatu penaka punuk unta.

Mereka tidak akan memasuki surga dan tidak juga akan mencium aroma surga.

Padahal bau surga itu dapat dicium dari jarak sekian dan sekian (H.R. Muslim)

By Repvblik

if you open file repvblik. txt that reside in directory c: \repvblik, so will appear latent message that is made by the vm. (see picture 4)

Picture 4, latent message the VM

Change volume (name) flash disk

vbs/repulik. a also will try to will change volume (name) flash menyk will be repvblik. (see picture 5)

Picture 5, VBS/Repulik.A Change volume (name) flash disk

injection ms. word and ms. excel

principal target vbs/repulik. a bone other than data especially ms. word and ms. excel by menginjeksi with add code virus in header file. file that at hypodermic will increase 5 kb from size at first. file that at this hypodermic actually not too difficult to been identified because he permanent will use icon vbs with extension. doc. vbs other the things of if icon use icon ms. word or ms. excel with file extension hidden, so that for certain user easy will be deceived to run file.

this virus the good news only aims data exist in removable disk (flash disk).

next file feature that at hypodermic by vbs/repulik. a (see picture 6)
  • Icon VBS

  • size “berbeda-beda” (happen file size increasing sebensar 5 kb from size at first)

  • Extension .DOC.VBS

Picture 6, file at hypodermic by VBS/Repulik.A

if file that injeksi at run so in folder same will make file temporary of the size 6 kb and use icon vbs, look at picture 7 under this:

Picture 7, temporary file that made by Repulik.A

scattered to pass flash disk

to simplify menyebara, he will use diskette / flash disk by will deliver virus file with hypodermic all files ms. word and ms. excel existing, next several files that at will make by vbs/repulik. a
  • I am So Sorry.txt.vbs

  • Indonesian and their corruption!!.txt.vbs

  • Make U lofty.txt.vbs

  • NenekSihir and her Secrets.txt.vbs

  • Never be touched!!.txt.vbs

  • SMS Gratis via GPRS.txt.vbs

  • Thank U Ly.txt.vbs

way to overcome VBS/Repulik.A

  1. Deactivate “sytem restore” during cleaning process (if use windows me/xp)

  2. kill virus process that has file name wscript. exe. for lethal this process is your can use tools currproses.

  3. file erase that made by virus

    • C:\Documents and Settings\%user%\Start Menu\Programs\Startup\Repvblik.vbs

    • C:\Repvblik

also file that deliverred at flash disk

    • I am So Sorry.txt.vbs

    • Indonesian and their corruption!!.txt.vbs

    • Make U lofty.txt.vbs

    • NenekSihir and her Secrets.txt.vbs

    • Never be touched!!.txt.vbs

    • SMS Gratis via GPRS.txt.vbs

    • Thank U Ly.txt.vbs

  1. change volume/name flash disk according to manual by:

    1. click right flash disk

    2. click rename

    3. change name “repvblik” by the name of you want

  1. for anticipation and prevent infection repeats, please install and scan with antivirus that can detect this virus well.

  1. if antivirus you are install not success “repair” file that at hypodermic by vbs/repulik. a. you can use tools “spliter vbs2doc/xls”. please download tools at address next


spliter vbs2doc/xls this be development from tools chanal splitter yav (yayat_dhn). chanal spliter yav tools that used to repair file that at hypodermic by kespo (kspoold), please download tools chanal spitter yav at address next: http: /chanal. biz/blog/? p=17


tips computer for free virus

Senin, 05 Mei 2008

Senin, 05 Mei 2008

As everyone who has ever had the flu knows, viruses can be devastating-and computers don't get off any easier than people. Even though a flu virus and a computer virus have obvious differences, there are some similarities: Both you and your computer get viruses from others who are already infected, and prevention can help keep both of you healthy.

Keep in mind that the steps listed in this article are only recommendations that may help prevent virus infection and help deal with it if one does occur. This topic is complex, and it changes rapidly, so it's important to stay vigilant and stay informed.

Prevention is the key. Your best defense is to keep your system from getting infected in the first place because once it is, it can be very difficult, if not impossible, to get rid of the virus. The road to prevention begins with these steps:

  1. Install effective anti-virus software. Anti-virus software is widely available; any online or brick-and-mortar store that sells software will offer a number of products. These products typically require an annual subscription, which lets you keep your anti-virus software up to date and ready to detect the latest threats. Tip: For added protection, consider buying a security suite that includes firewall software and other protection (such as spam filtering).
  2. Avoid risky behavior. For example: never open an e-mail attachment that comes from someone you don't know, and avoid downloading anything from the Internet that might not be trustworthy. Keep in mind that humorous material is often passed along, from address to address, through email. It's best not to open this type of file, because even if the attachment is from someone you know, they may be unknowingly passing along a virus.

Make regular virus scans a habit. Anti-virus software typically lets you chose whether to schedule a scan on a regular basis or perform a manual scan. Because a full scan can take an hour or more to complete, many anti-virus software packages also let you perform a quick, but less thorough, scan of the most commonly infected parts of the computer. See your product documentation for details. Tip: While you shouldn't depend on it for your main anti-virus solution, another option is to use a free online service to scan your computer, like TrendMicro HouseCall* or Symantec Security Check*.

You've discovered an infection. Now what? If you discover a virus or related threat during a scan, follow these steps:

  1. Follow your anti-virus software's on-screen instructions. Many viruses can be easily removed using this method. Another option for Windows-based systems is to use the Microsoft Windows Malicious Software Removal Tool, free software distributed through Windows Update and updated monthly. Re-scan your computer after you've removed the virus (just to be sure).
  2. Tip: It's also a good idea to scan again with a separate scanner, such as an online service, for added assurance.

  3. Contact an expert. If first efforts aren't enough, check your anti-virus product's Web site for additional information. Sometimes–especially for high-profile threats–major anti-virus software manufacturers will provide a tool to help get rid of specific viruses. However, these tools can be complicated to use, so depending on how comfortable you are with the procedure, you might want to bring in an expert. Many large retail chains now provide in-store services that specialize in removing viruses. The cost involved can be a small amount to pay to resolve the problem.
  4. Use restore disks or re-install the operating system. A new computer often comes with a set of one or more emergency "restore" disks. If you haven't been able to remove the virus, this set of disks might help you to resolve the problem. However, you will lose any files that haven't been backed up on separate media (see "Backing Up Your Computer"), although many anti-virus programs let you make a set of emergency restore disks when you install the software. Similarly, if your computer came with a set of one or more operating system disks, you can re-install the operating system and return the computer to factory condition. These options are strong medicine, but if everything else fails, they may be the only way to restore your computer's health.

Keeping Virus-Free

  • Install anti-virus software and keep it up to date
  • Don't open suspicious e-mail attachments or download untrustworthy Internet content
  • Set Windows* Update to automatic mode
  • Use firewall software

eXTReMe Tracker