Still remember the virus Aksika? Virus "open source" it is true that one has many variants. Not surprisingly because of its source code is freely disedia kan on the Internet, so anyone can easily change and to compile its source code and the new variants.
As the ease of that, many virus maker or a beginner programmers try-try to make a virus without the need to fuss. Most required only a knowledge about the operating system and programming.
But how easy is not, when compared to using the program Virus Generator. From the name alone, we can already surmise usefulness of the program. Yes, Virus Generator is a program to be able to make the virus easily and IM.
Starting a virus sample from the rather more sent to us by readers. PC Media Antivirus known by the name of Morning-Gen.FFE, but other antivirus that have also called with the name Brontok.D. With a simple investigation finally note that the virus is made using a Virus Generator.
Fast Firus Engine (FFE)
Creator Generator buatannya program is named with the name of Fast Firus Engine. As seen on the program site or the author, he tells that the program is only for the purpose of learning and not for destructive action. But only if the program is already falling into the wrong hands, will be used for destruction.
Virus Generator is created using Visual Basic language and the use-compress PACKER tELock. In paketnya there are two files, namely Fast Firus Engine.exe and data.ex_. Fast Firus Engine. exe is the main program in the making virusnya and temporary files data.ex_ actual virus body is not the original cause dimodifi.
When the file Firus Fast Engine.exe executed, the user will be presented in an interface. You are only to fill in the name of the virus, the name of the author, and messages. Then, by pressing the keys generate, so your virus.
How's Generator is actually very simple. He added only the data that you entered earlier to the end of the original virus file (data.ex_). Later this information is used by virus infection in the process.
How Menginfeksi Virus?
Virus creation FFE results look simple indeed. Same as Generatornya, he also created using the Visual Basic language in the method-compile Native-Code. Then, in order to compress the tELock the small size. This virus has a body the size of the original 55,296 bytes.
When the virus first executed, it will create several files in several main locations. As in the directory \% WINDOWS% \, there is a file with the akan nama.exe, Win32 exe, activex.exe, and% virusname% (the name of the virus according diisikan by the author on the Generator). In \% WINDOWS% \% system32% \ file copy.pif akan there, _default.pif, and surif.bin. In addition, he also change or create files Oeminfo.ini which are part of the System Properties. So if your computer is infected by the virus results from the FFE generate, then on the System Properties there are any posts akan "Generated by Fast Firus Engine".
In the directory \% WINDOWS% \% System% \ akan parent there are some files that use the same name as belonging to a Windows file system, such as csrss.exe, winlogon.exe, lsass.exe, smss.exe, svchost. exe, and winlogon.exe.
And do not forget, in the root drive will be there with the file name "read euy.txt" which contains messages from the creator of the virus. So at the time of creating the virus with the Generator, then the author akan are some input boxes, such as the Author of the virus, Name of the virus, and Messages. Nah, the contents of the message that this file will then be displayed on the "read euy.txt" is.
After the virus was successful copy-and-a parent to file in the system, it will run the main file before, so that the memory will be some process of virus, such as csrss.exe, winlogon.exe, lsass. exe, smss.exe, svchost.exe, and winlogon.exe. Name of the process is similar to the process / services belonging to a Windows may deliberately to deceive users. To distinguish them, you can see the path or the location process is executed. Process virus is usually run in the System directory while the process / services are running Windows property usually comes from the System32 directory.
Change Registry
This virus adds a few items in the startup registry at the time so he can start running Windows automatically or to change the settings of Windows so that an appropriate desires. Information about the registry diubahnya will not be able to easily see the condition in encrypted.
That he is a change such as the value of Userinit items, ie, by adding a parameter to a parent. In the key HKEY_CURRENT_ USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ Load itemnya will also be changed so that the mother to file with the name Activex.exe. In the HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ akan there are new items with the name present. Key HKEY_ LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ akan there are also new items to the default name and% username%, username here is the user name that is active at that time.
Virus generate results from FFE also change the shell extension to file. Exe, that is, change the type of information from the file into the Application Folder. Setting an Options folder is also changed to not show the extension and each fi le with the hidden attributes. And active in order to safe-mode, it also change the value of the items SafeBoot.
With the assistance registry Image File Execution Options, this virus also add new items in the section with the name of cmd.exe, msconfi g.exe, regedit.exe and taskmgr.exe. The meaning is that each user accessing the program with the file name like that, it will be in the by-bypass Windows file and forwarded to the parent virus.
How virus spread?
This virus can spread through the data storage media such as flash disks. When you mencolokkan flash disk on the infected computer, then on the flash disk there will be some new files, such as explorer.exe,%% virusname. Exe, and msvbvm60.dll. Also, some files such as desktop.ini, autorun.inf so that it can be running automatically at the flash disk is.
Virus file stored on any other directory in the new flash disk with the name of the file containing the Recycled Firus.pif and Folder.htt. All files are virus hidden in a condition so as not visible.
Virus in action
To be able to survive, this virus will try to block every program that he does not want, such as tools or programs, including antivirus PCMAV. Same data as well as a registry change, data on the program are also being blocked by it in the body in conditions encrypted.
So, when the virus is stay in the memory, it will monitor each program that is accessed by the user, ie, by reading the file name and window caption. Some of the files to try the antivirus dibloknya is nav.exe, avgcc.exe, njeeves.exe, ccapps.exe, ccapp.exe, kav.exe, nvcoas.exe, avp32.exe, and many more others. Including some of the installer or setup program also can not be executed on the infected computer.
Prevention and Penanggulangan
PC Media Antivirus RC19 can clean infected computer completely and accurately 100% of each virus that is made by using the Fast Firus Generator. To avoid action by the virus to block PCMAV, please rename your first file PCMAV for example PCMAV-CLN.EXE become MERDEKA.EXE.
As the ease of that, many virus maker or a beginner programmers try-try to make a virus without the need to fuss. Most required only a knowledge about the operating system and programming.
But how easy is not, when compared to using the program Virus Generator. From the name alone, we can already surmise usefulness of the program. Yes, Virus Generator is a program to be able to make the virus easily and IM.
Starting a virus sample from the rather more sent to us by readers. PC Media Antivirus known by the name of Morning-Gen.FFE, but other antivirus that have also called with the name Brontok.D. With a simple investigation finally note that the virus is made using a Virus Generator.
Fast Firus Engine (FFE)
Creator Generator buatannya program is named with the name of Fast Firus Engine. As seen on the program site or the author, he tells that the program is only for the purpose of learning and not for destructive action. But only if the program is already falling into the wrong hands, will be used for destruction.
Virus Generator is created using Visual Basic language and the use-compress PACKER tELock. In paketnya there are two files, namely Fast Firus Engine.exe and data.ex_. Fast Firus Engine. exe is the main program in the making virusnya and temporary files data.ex_ actual virus body is not the original cause dimodifi.
When the file Firus Fast Engine.exe executed, the user will be presented in an interface. You are only to fill in the name of the virus, the name of the author, and messages. Then, by pressing the keys generate, so your virus.
How's Generator is actually very simple. He added only the data that you entered earlier to the end of the original virus file (data.ex_). Later this information is used by virus infection in the process.
How Menginfeksi Virus?
Virus creation FFE results look simple indeed. Same as Generatornya, he also created using the Visual Basic language in the method-compile Native-Code. Then, in order to compress the tELock the small size. This virus has a body the size of the original 55,296 bytes.
When the virus first executed, it will create several files in several main locations. As in the directory \% WINDOWS% \, there is a file with the akan nama.exe, Win32 exe, activex.exe, and% virusname% (the name of the virus according diisikan by the author on the Generator). In \% WINDOWS% \% system32% \ file copy.pif akan there, _default.pif, and surif.bin. In addition, he also change or create files Oeminfo.ini which are part of the System Properties. So if your computer is infected by the virus results from the FFE generate, then on the System Properties there are any posts akan "Generated by Fast Firus Engine".
In the directory \% WINDOWS% \% System% \ akan parent there are some files that use the same name as belonging to a Windows file system, such as csrss.exe, winlogon.exe, lsass.exe, smss.exe, svchost. exe, and winlogon.exe.
And do not forget, in the root drive will be there with the file name "read euy.txt" which contains messages from the creator of the virus. So at the time of creating the virus with the Generator, then the author akan are some input boxes, such as the Author of the virus, Name of the virus, and Messages. Nah, the contents of the message that this file will then be displayed on the "read euy.txt" is.
After the virus was successful copy-and-a parent to file in the system, it will run the main file before, so that the memory will be some process of virus, such as csrss.exe, winlogon.exe, lsass. exe, smss.exe, svchost.exe, and winlogon.exe. Name of the process is similar to the process / services belonging to a Windows may deliberately to deceive users. To distinguish them, you can see the path or the location process is executed. Process virus is usually run in the System directory while the process / services are running Windows property usually comes from the System32 directory.
Change Registry
This virus adds a few items in the startup registry at the time so he can start running Windows automatically or to change the settings of Windows so that an appropriate desires. Information about the registry diubahnya will not be able to easily see the condition in encrypted.
That he is a change such as the value of Userinit items, ie, by adding a parameter to a parent. In the key HKEY_CURRENT_ USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ Load itemnya will also be changed so that the mother to file with the name Activex.exe. In the HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ akan there are new items with the name present. Key HKEY_ LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ akan there are also new items to the default name and% username%, username here is the user name that is active at that time.
Virus generate results from FFE also change the shell extension to file. Exe, that is, change the type of information from the file into the Application Folder. Setting an Options folder is also changed to not show the extension and each fi le with the hidden attributes. And active in order to safe-mode, it also change the value of the items SafeBoot.
With the assistance registry Image File Execution Options, this virus also add new items in the section with the name of cmd.exe, msconfi g.exe, regedit.exe and taskmgr.exe. The meaning is that each user accessing the program with the file name like that, it will be in the by-bypass Windows file and forwarded to the parent virus.
How virus spread?
This virus can spread through the data storage media such as flash disks. When you mencolokkan flash disk on the infected computer, then on the flash disk there will be some new files, such as explorer.exe,%% virusname. Exe, and msvbvm60.dll. Also, some files such as desktop.ini, autorun.inf so that it can be running automatically at the flash disk is.
Virus file stored on any other directory in the new flash disk with the name of the file containing the Recycled Firus.pif and Folder.htt. All files are virus hidden in a condition so as not visible.
Virus in action
To be able to survive, this virus will try to block every program that he does not want, such as tools or programs, including antivirus PCMAV. Same data as well as a registry change, data on the program are also being blocked by it in the body in conditions encrypted.
So, when the virus is stay in the memory, it will monitor each program that is accessed by the user, ie, by reading the file name and window caption. Some of the files to try the antivirus dibloknya is nav.exe, avgcc.exe, njeeves.exe, ccapps.exe, ccapp.exe, kav.exe, nvcoas.exe, avp32.exe, and many more others. Including some of the installer or setup program also can not be executed on the infected computer.
Prevention and Penanggulangan
PC Media Antivirus RC19 can clean infected computer completely and accurately 100% of each virus that is made by using the Fast Firus Generator. To avoid action by the virus to block PCMAV, please rename your first file PCMAV for example PCMAV-CLN.EXE become MERDEKA.EXE.
yeah can u commet liks where can i download these prograsm:=) please
ReplyDelete