Get Hooked On Line
Would you like to react to this message? Create an account in a few clicks or log in to continue.



 
HomeServicesHomeProductsLatest imagesSearchRegistercontact usLog in
Hooked On Line Latest Product Redsail Vinyl Cutter P24,000 include package: *1 roll - vinyl sticker *1 meter - vinyl transfer *3 pc A4 size US Dark Transfer Paper

Get Hooked On Line :: General Informations :: General Informations
 

 Taga Lipa Are Virus

Go down 
AuthorMessage
hooked
senior
senior
hooked


Number of posts : 51
Age : 26
Registration date : 2007-05-12

Taga Lipa Are Virus Empty
PostSubject: Taga Lipa Are Virus   Taga Lipa Are Virus Icon_minitimeTue Jul 24, 2007 1:31 pm
VBS.SOLOW ang name ng malware na ito pag symantec ang gamit niyo adnd
vbs.slow.a pag trendlabs pccilin

di puedeng isystemrstore kasi mayron ng nakasave na "infected" version kaya no use

di kayang madetect ng most imported AV ito,bago kasi sir e
gawa lang dito sisikat ito am sure liuke the 143 virus na gawa ng taga ama
grabe, it cant be detected by antivirus, it has autorun.inf and the ".vbs"

its a vbscript file that writes "TAGA LIPA ARE!" on registry and creates a shell application everytime a disk drive is ben clicked.. im trying to study the file to be able to reverse it


HOW to "REMOVE TAGA LIPA ARE!"

1. Run Task Manager
Windows XP(Press Ctrl+Shift+Esc)
or CTRL + ALT + DEL then look for the "processes" tab, hanapin nyo un process na may name na "Wscript" end process nyo LAHAT.
2. On windows Explorer
Select TOOLS -> Folder Options tapos sa VIEW tab under "hidden files and folders" select nyo show hidden files and folders
next, uncheck hide protected operating system files
3. Browse nyo lahat nang disk drives or flashdrives nyo
( wag double click kasi magrun ulit un "wscript") look for
"autorun.inf" and "FS6519.dll.vbs"
tapos delete nyo un 2 files, select nyo both files and press shift+delete be sure na lahat ng wscript sa task manager nka-end task.
4. Lastly, click start and select run, type nyo "regedit" press ctrl+F search nyo un "taga lipa are" i think 3 beses nyo sya makita, duouble click nyo un then replace it
with "Microsoft Internet Explorer" 3 un mapapalitan nyo jan.. then exit nyo na..thats it!! restart ur PC and then OK na ulit..

mga tatamaan ng malware

FLASHDRIVE
FLOPPY DRIVE
OPTICAL DRIVE
HARDDRIVE

Sa harddrive, C: (also D: E: and other drives if you got one) and the Windows folder. Kung gusto mo mawala ang taga lipa are na message, palitan mo muna yung script na nakasulat sa itaas

WARNING! Wrong manipulation on Windows Registry may damage your Windows. So beware...

Burahin mo ang mga lines na ito sa registry:

"HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunFS651 9",winpath&"FS6519.dll.vbs"
"HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMainWindow Title"


kapag pinindot mo yung drive C: (or D: or E:), the AUTORUN.INF will run automatically and read the process from the autorun.

Kaso, since wala na yung FS6519.DLL.VBS (kung tinanggal mo) it only means na di na ito makakalat.

Basta 2 suspect files lang meron...

AUTORUN.INF
FS6519.DLL.VBS

Tanggalin mo manually yung AUTORUN.INF sa root drive (C: D: E:) para mawala na yang nagba-bug sa screen mo.

only applicable on TAGA LIPA ARE virus... Other viruses has its own instructions. Pero take note of this, AUTORUN.INF should not exist on all root folders (C: D: E:)... Else, it is something malicious.
Back to top Go down
http://www.hookedonline.net
 
Taga Lipa Are Virus
Back to top 
Page 1 of 1
 Similar topics
-
» REMOVING RVHOST EXE virus
» Yahoo Messenger Virus Attack

Permissions in this forum:You cannot reply to topics in this forum
Get Hooked On Line :: General Informations :: General Informations-
Jump to: