You won’t make money from W32:Sality.ao
Comments OffPeople should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.
McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”
Aliases for this Virus is:
- PE_SALITY.JER (Trend Micro)
- Virus.Win32.Sality.aa (Kaspersky)
- Virus.Win32.Sality.y (Ikarus)
- Virus:Win32/Sality.AM (Microsoft)
- W32.Sality.AE (Symantec)
- W32/Sality-AM (Sophos)
- W32/Sality.AE (Norman)
- W32/Sality.AH (Panda)
- W32/Sality.AK (F-Prot)
- Win32.KUKU.a (Rising)
- Win32.Sality.OG (BitDefender)
- Win32/Sality.AA (VET)
These links should help people understand it it. You can visit my Malware Resources to help remove this virus. Something to consider before removing this is to disable your restore points.
Remember there’s no easy to make money, the only real way is to work hard. According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.
Removing Win32/Bagle.HE worm
Here is another virus that seems to be spreading lately. From the looks of it, it sees to be another email worm. Here is what eset says:
Aliases
Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)
When executed the worm copies itself in the following locations:
- Documents and Settings\All Users\Application Data\hidn\
hldrrr.exe - Documents and Settings\All Users\Application Data\hidn\
hidn2.exe
In order to be executed on every system start, the worm sets the following Registry entry:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key
Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.
The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.
Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.
I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.
Figuring out the Email-Worm Win32.Zafi.b
Comments OffThis is another just I just saw on the web and wanted to talk about what this little Worm does and what it’s known Aliases:
Email-Worm.Win32.Zafi.b (Kaspersky Lab) is also known as: I-Worm.Zafi.b (Kaspersky Lab), W32/Zafi.b@MM (McAfee), W32.Erkez.B@mm (Symantec), Win32.Hazafi.30720 (Doctor Web), W32/Zafi-B (Sophos), Win32/Zafi.B@mm (RAV), PE_ZAFI.B (Trend Micro), Worm/Zafi.B (H+BEDV), W32/Zafi.B@mm (FRISK), Win32:Zafi-B (ALWIL), I-Worm/Zafi.B (Grisoft), Win32.Zafi.B@mm (SOFTWIN), Worm.Zafi.B (ClamAV), W32/Zafi.B.worm (Panda), Win32/Zafi.B (Eset)
It is written in Assembler, and packed using FSG. It is 12800 bytes in packed form, and 33292 in unpacked form.
This Worm seems to be running through email and file sharing sites, One thing it tries to do is stop the process and deletes:
fvprotect.exe
winlogon.exe
jammer2nd.exe
services.exe
It attempts to detect antivirus program files on the computer and overwrite them with a copy of itself.
www.2f.hu
www.parlament.hu
www.virusbuster.hu
www.virushirado.hu
Facebook : Beware Spam for breakfast. (Virus)
Comments OffIn today’s society, we’ve been to complacent with people with people clicking links for the social group. In one such article on Channel Web, a nice little blog, says this:
The worm was discovered by IT security provider Kaspersky Lab, which said the threat, Net-Worm.Win32.Koobface.b, is targeting Facebook users by creating spam messages and sending them to the infected user’s friends via the site.
“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites,” said Alexander Gostev, senior virus analyst at Kaspersky Lab, in a statement. “So, the likelihood of a user clicking on a link like this is very high.”
[Via Channel Web]
This seems to be a problem people thinking that a link someone sends them is a real good link but actually is a link to a video site. According to this article the links people are sending are actually a fake video link, telling you have to download some update to flash player, by downloading this program. The user gets involved with the virus and the fun begins. So how can you prevent this from happening, two ways one is a very good group of software to make sure you have the latest and greatest video codecs. That too can be something they’ll say you need and if you’ve already installed this list of codecs then you know they’ll not telling the truth and you can quickly get away from the site laughing.
trojan.zlob removal tricks!!
Comments OffAliases:
Trojan-Downloader.Win32.Zlob.qyl (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzs (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzn (Kaspersky)
Trojan.Zlob.CPP (BitDefender)
Puper (McAfee)
SystemDefender (Symantec)Trojan:Win32/Zlob.G is a component of Win32/Zlob that downloads rogue security programs, adware, and additional Win32/Zlob components.
[Via Windows Live OneCare]
Sites that you need not Visit:
Comments Off- hxxp://movieportal2008q.com/freemovie/Movie/xxxx/x/ — this site usually tries to send you the “Trojan.HTML.Zlob.AG” Virus.
- hxxp://porntubedot.com/xxxxxxxx/WatchFreeMovie.php –This site usually tries to send you the “Trojan.Dropper.SMN” Virus.
- hxxp://handballfondi.it/xxxxxx1.php — This site is one of the new Malware sites that looks like Youtube, When you go to this site they say you need a special to play a video clip. Most of the time when you get something like this, it is going to try to install Malware. A good broad set of Codecs that you may want to download is called Klite Mega Codec, which if you us that you should never need to download any other codec to play a movie clip from any site online.
