Wednesday, March 24, 2010

Virus alert "Deadlock", The message is positive but Destroy Computers

0 comments
KOMPAS.com - The message was positive with words that evoke patriotism. However, do not be lulled into sweet words that brought a new local computer virus called Deadlock. Check out the following message.

Indonesia freed our country from terrorism, Anarchists, and CCN (Collusion, Corruption & Nepotism) at the Government of the Republic of Indonesia Kubu (Civil, Army & Police) and the Catch, Fight and spacing? Without exception. Clean us from Portitusi Affairs, Social Gambling and Crime. Merdekakan ourselves from Poverty, Misery and Injustice! Along with the Democratic Party? SBY & BOEDIONO, Indonesia Joint Building Fair, Makmur & Prosperous

In the Name of the Indonesian nation
Prince Deadlock

I? M Everyone, but No one
I? M Everything, but Nothing
I? M Everywhere, but Nowhere

If your computer suddenly displays a picture with the message (see picture), you are advised to immediately take action. The reason your computer is attacked by a virus that is active and deadly.

The virus will display the message in the desktop that has taken over. Usually this message will only appear at the appointed time. Along with the emergence of this message, then all files in all drives will be deleted, including the program and the file system of Windows.

So, if you see this message on your computer, chances are it's too late for a minute of data on your computer will be destroyed. Like the saying goes "calm waters washed away", apparently in these viruses keep silent time bomb in the victim computer to be activated in accordance with the time specified.

Peak, on 12 and 13 later, Deadlock will make your computer completely destroyed deadlock aka all the data, good data throughout the hard drive, flash, and Windows file that displays the message "NTLDR is Missing".

Recognize characteristic

The virus is actually still go to the family of Visual Basic program is compressed using 2.x Petite sizes around 80 KB. Icons that are used are also not camouflaged, still use the application icon and probably came from one of the cities in Kalimantan (Samarinda).

If the virus is active on the computer, it will create some files that will run on your computer when switched on.
- C:-Windows-system32-apache.exe
- C:-Windows-system32-mysql.exe

Selection name apache and mysql likely aimed at disguising himself as a popular programs Apache and Mysql. In order for these files can be automatically activated when the computer starts, he will make a few strings in the following registry:
-HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Windows-CurrentVersion-Run
-mysql = C:-Windows-system32-mysql.exe
-HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Windows-CurrentVersion-Run
-apache = C:-Windows-system32-apache.exe

The virus is quite clever in fooling the user. Users will not be suspicious if the computer is actually infected because there are no signs that usually done by other local viruses, such as disable the Task Manager / Msconfig / Regedit or Folder Options, other than that created the file did not suspicious because it seems to be the program Apache and MySql. Users realized that the computer has been infected at the time of late, which at that time will appear the message from the virus makers are then followed by the emergence of the message "Windows File Protection error". This indicates that there is a program that seeks to remove the Windows system files.

This virus will start automatically each time users access a drive / flash disk by using the Windows autorun by making fruit 3 files, namely:
- [Desktop.ini] that contains the script to run the file [folder.htt]
- [Folder.htt], contains the script to run the main file ie [flashguard.exe]
- [Flashguard.exe] is a master file that will be run.

Flash media is one of the most widely used by the user. This is what will be used by some even virtually all of the virus to spread itself. This will also be carried out by a virus Deadlock by making some of the following files.
-Desktop.ini
-Folder.htt
-Flashguard.exe

Time bomb

Virus Deadlock like a time bomb that will destroy the target computer at the appointed time. This virus will execute the action every 12-13 dated at about 08.00-09.00 each month by ALL ERASE FILE / DATA INCLUDING WINDOWS FILE SYSTEM in all drives, including flash media using the command cmd.exe / c del / f / s / q / a and cmd.exe / c rd / s / q so that, if the computer is restarted, it will display the message "error".

So, the best way to anticipate, do not forget to do a back-up data. To prevent this viral infection, you are advised to use antivirus program that can detect this virus very well.

According Vaksincom Lab testing, current viruses detected by Norman as Deadlock not detected by the majority of existing anti-virus in Indonesia, both local and antivirus antivirus abroad. Norman Endpoint Protection detected the virus as Tibs.DKKR Deadlock.

If you want your data to be victims of this Deadlock again, never to reinstall your operating system to a hard drive that contains your data is lost. Perform critical data recovery process by using a data recovery and true methods.

If you reinstall your operating system to a hard drive that contains data you want to save, likelihood of successful recovery will be very low. If you are not experienced in data recovery and want to get professional help with data recovery of reasonable price, please contact the division Vaksincom Data Recovery in an e-mail info [at] vaksin.com.

Leave a Reply

Labels

 
Temporary © 2011 DheTemplate.com & Main Blogger. Supported by Makeityourring Diamond Engagement Rings

You can add link or short description here