Virus VBS/Repulik.A injection MS.Word and MS.Excel

Selasa, 06 Mei 2008

if yesterday ever appear virus that inspired by song ari lasso, today we want to introduce you in one new virus menyinyalir fan group music repvblik and remind in famous brand branded bvlgari.

we are sure still to remember with virus case kespo (kspoold) sempat booming with file principal target ms office especially ms. word and ms. excel with several database programs. this virus copes to menginjeksi file permanently use original icon from file at hypodermic so that enough effective to mengelabui user, although antivirus success “clean” virus but unfortunately not yet can to return icon and file extension (file at clean still berekstensi exe and icon application) so that user of opinion that file broken, eventually appear lah several tools alternative to split file that virus infection like chanal splitter (yayat_dhn), doc/xls recovery (husni), pcmedia antivirus “mengaku” as antivirus best at world. besides kespo gultung/stubble kawung also come along to enliven illusion world with principal target wipes off contents from file at infection and replaced it with country test exercise, so that although virus success at clean but contents from file at change with file contents other.

not want to lose with the pioneer, recently appear virus of a kind kespo where does this virus also will cope to menginjeksi file office (ms word and excel). even though this virus will still to belong to “baik” because he only menginjeksi file office exist in flash menyk.

actually is not too difficult to detect file that this virus infection, that is “hanya” with see icon and file extension tesebut. usually file that this virus infection has icon vbs with extension. doc. vbs, like seen in picture 1 hereunder.

Picture 1, File induk VBS/Repulik.A

with newest update norman can detect this virus by the name of vbs/repulik. A (see picture 2)

Picture 2, result scan norman virus control detect worm: VBS/Repulik.A

Feature VBS/Repulik.A

Next several features from VBS/Repulik.A

  • Icon VBS

  • Ekstensi VBS

  • Size 5 KB

  • Type file “VBScript script file”

  • File hypodermic exe/doc with add file size as big as 5 kb and have extension. doc. vbs. file at this hypodermic has icon vb

At the (time) of this virus is mobile, he will make mother file that be run each time computer booting. differ from another local virus, he will not make string in registry editor so that not too suspicious looking, this virus also will not windows function block and software security so that easier to cleaned.

Next mother file that at will deliver by vbs/republik. A
  • C:\Documents and Settings\%user%\Start Menu\Programs\Startup\Repvblik.vbs

besides make mother file, vbs/repulik. a also will keep hypodermic file that run by user and file repvblik. txt to folder c: \repvblik, like seen in picture 3 under this:

Picture 3, File drop VBS/Repulik.A

Message from the VM

Akan muncul di akhir umatku, wanita-wanita yang berpakaian namun pada hakikatnya bertelanjang.

Diatas mereka terdapat suatu penaka punuk unta.

Mereka tidak akan memasuki surga dan tidak juga akan mencium aroma surga.

Padahal bau surga itu dapat dicium dari jarak sekian dan sekian (H.R. Muslim)

By Repvblik

if you open file repvblik. txt that reside in directory c: \repvblik, so will appear latent message that is made by the vm. (see picture 4)

Picture 4, latent message the VM

Change volume (name) flash disk

vbs/repulik. a also will try to will change volume (name) flash menyk will be repvblik. (see picture 5)

Picture 5, VBS/Repulik.A Change volume (name) flash disk

injection ms. word and ms. excel

principal target vbs/repulik. a bone other than data especially ms. word and ms. excel by menginjeksi with add code virus in header file. file that at hypodermic will increase 5 kb from size at first. file that at this hypodermic actually not too difficult to been identified because he permanent will use icon vbs with extension. doc. vbs other the things of if icon use icon ms. word or ms. excel with file extension hidden, so that for certain user easy will be deceived to run file.

this virus the good news only aims data exist in removable disk (flash disk).

next file feature that at hypodermic by vbs/repulik. a (see picture 6)
  • Icon VBS

  • size “berbeda-beda” (happen file size increasing sebensar 5 kb from size at first)

  • Extension .DOC.VBS

Picture 6, file at hypodermic by VBS/Repulik.A

if file that injeksi at run so in folder same will make file temporary of the size 6 kb and use icon vbs, look at picture 7 under this:

Picture 7, temporary file that made by Repulik.A

scattered to pass flash disk

to simplify menyebara, he will use diskette / flash disk by will deliver virus file with hypodermic all files ms. word and ms. excel existing, next several files that at will make by vbs/repulik. a
  • I am So Sorry.txt.vbs

  • Indonesian and their corruption!!.txt.vbs

  • Make U lofty.txt.vbs

  • NenekSihir and her Secrets.txt.vbs

  • Never be touched!!.txt.vbs

  • SMS Gratis via GPRS.txt.vbs

  • Thank U Ly.txt.vbs

way to overcome VBS/Repulik.A

  1. Deactivate “sytem restore” during cleaning process (if use windows me/xp)

  2. kill virus process that has file name wscript. exe. for lethal this process is your can use tools currproses.

  3. file erase that made by virus

    • C:\Documents and Settings\%user%\Start Menu\Programs\Startup\Repvblik.vbs

    • C:\Repvblik

also file that deliverred at flash disk

    • I am So Sorry.txt.vbs

    • Indonesian and their corruption!!.txt.vbs

    • Make U lofty.txt.vbs

    • NenekSihir and her Secrets.txt.vbs

    • Never be touched!!.txt.vbs

    • SMS Gratis via GPRS.txt.vbs

    • Thank U Ly.txt.vbs

  1. change volume/name flash disk according to manual by:

    1. click right flash disk

    2. click rename

    3. change name “repvblik” by the name of you want

  1. for anticipation and prevent infection repeats, please install and scan with antivirus that can detect this virus well.

  1. if antivirus you are install not success “repair” file that at hypodermic by vbs/repulik. a. you can use tools “spliter vbs2doc/xls”. please download tools at address next


spliter vbs2doc/xls this be development from tools chanal splitter yav (yayat_dhn). chanal spliter yav tools that used to repair file that at hypodermic by kespo (kspoold), please download tools chanal spitter yav at address next: http: /chanal. biz/blog/? p=17


13 komentar:

Anonim mengatakan...

[url=]Viagra overnight delivery no rx[/url]

[url=]журнал знакомств в спб[/url]
[url=]песня будущие бляди[/url]
[url=]секс знакомства новокузнецк чат[/url]
[url=]dosug nnov[/url]
[url=]знакомства org[/url]
[url=]досуг нн ру[/url]
[url=]сайт секс знакомства[/url]
[url=]познакомьтесь с уолли спарксом онлайн[/url]
[url=]искусство знакомства с мужчинами[/url]
[url=]знакомства без регистрации в новосибирске[/url]
[url=]познакомлюсь с армянкой[/url]
[url=]ботанический сад интим[/url]
[url=]бляди в кино[/url]
[url=]проститутки кутузовский[/url]
[url=]дешевые шлюхи москвы выезд[/url]
[url=]интим интернет знакомства[/url][url=]секс чаты знакомств москвы[/url]
[url=]серпуховско-тимирязевская интим[/url]
[url=]служба знакомств мужчина и женщина[/url]
[url=]интим белоруссии[/url]

Anonim mengatakan...

Your blog keeps getting better and better! Your older articles are not as good as newer ones you have a lot more creativity and originality now keep it up!

Anonim mengatakan...

I want not agree on it. I over precise post. Specially the appellation attracted me to read the intact story.

Anonim mengatakan...

Amiable post and this mail helped me alot in my college assignement. Say thank you you as your information.

Anonim mengatakan...

I just found the website who writes about
home based business

If you want to know more here it is
home based business reviews

Anonim mengatakan...

My friend and I were recently discussing about the ubiquitousness of technology in our daily lives. Reading this post makes me think back to that discussion we had, and just how inseparable from electronics we have all become.

I don't mean this in a bad way, of course! Ethical concerns aside... I just hope that as technology further advances, the possibility of transferring our memories onto a digital medium becomes a true reality. It's one of the things I really wish I could see in my lifetime.

(Posted on Nintendo DS running [url=]R4i SDHC[/url] DS Fling)

Anonim mengatakan...

Escape Slow Downloads With NZB Downloads You Can Rapidly Find High Quality Movies, PC Games, MP3 Singles, Software and Download Them at Accelerated Speeds


Anonim mengatakan...

Predilection casinos? harm this advanced [url=]casino[/url] exemplar and wing it naval disrate online casino games like slots, blackjack, roulette, baccarat and more at .
you can also examine our untrained [url=]casino[/url] be comprised of c hatch something at and glean mastery impressive folding shin-plasters !
another inexperienced [url=]casino spiele[/url] draw up is , in pick to of german gamblers, inspect beneficent online casino bonus.

Anonim mengatakan...

Do You interesting of [b]Viagra 100mg dosage[/b]? You can find below...
[size=10]>>>[url=][b]Viagra 100mg dosage[/b][/url]<<<[/size]

[b]Bonus Policy[/b]
Order 3 or more products and get free Regular Airmail shipping!
Free Regular Airmail shipping for orders starting with $200.00!

Free insurance (guaranteed reshipment if delivery failed) for orders starting with $300.00!

Generic Viagra (sildenafil citrate; brand names include: Aphrodil / Edegra / Erasmo / Penegra / Revatio / Supra / Zwagra) is an effective treatment for erectile dysfunction regardless of the cause or duration of the problem or the age of the patient.
Sildenafil Citrate is the active ingredient used to treat erectile dysfunction (impotence) in men. It can help men who have erectile dysfunction get and sustain an erection when they are sexually excited.
Generic Viagra is manufactured in accordance with World Health Organization standards and guidelines (WHO-GMP). Also you can find on our sites.
Generic Viagra is made with thorough reverse engineering for the sildenafil citrate molecule - a totally different process of making sildenafil and its reaction. That is why it takes effect in 15 minutes compared to other drugs which take 30-40 minutes to take effect.
Even in the most sexually liberated and self-satisfied of nations, many people still yearn to burn more, to feel ready for bedding no matter what the clock says and to desire their partner of 23 years as much as they did when their love was brand new.
The market is saturated with books on how to revive a flagging libido or spice up monotonous sex, and sex therapists say “lack of desire” is one of the most common complaints they hear from patients, particularly women.

Anonim mengatakan...

Good dispatch and this fill someone in on helped me alot in my college assignement. Gratefulness you seeking your information.

Anonim mengatakan...

Making money on the internet is easy in the undercover world of [URL=]blackhat methods[/URL], It's not a big surprise if you don't know what blackhat is. Blackhat marketing uses little-known or misunderstood avenues to build an income online.

Anonim mengatakan...

Very nice and intrestingss story.

Anonim mengatakan...

Just popping in to say nice site.

Posting Komentar

eXTReMe Tracker