Senin, 13 April 2009

Script Virus Leena

Hi... akhirnya saYa nGeBLog Lagi Nih... Di sini anda dapat menemukan informasi tentang Musik. Kunci atau Chord Lagu, Profil, Plus info tentang IPTEK diantaranya Hacking, Cracking, Programmer, Virus maker, dan Lain-Lain deh Pokonya...

Nah,, Kali Ini saya akan ngebaHas tentang :

Script Virus Leena

The virus is created using VB and have the size of 76 KB and use the MS Word
icon. With the view that resembles MS Word document, the virus will spread
easily, especially for general computer users that are less careful. If the
virus is executed it will appear an MS Word file with any posts EMPTY-headed.
After that Leena will make some parent are:

- C: \ Documents and Settings \% username%\Local Settings\Application Data \%
user%. Task \ services.exe

- C: \ Documents and Settings \% username% \ Local Settings \ Temp \ lsass.exe

- C: \ Documents and Settings \ all users\ application data \ normal.exe

- C: \ Documents and Settings\All Users \Application Data \ leena.%% Running on

- C: \ Windows

- ExeServ.exe

- Leena.ini

- C: \ WIndoss \ system32 \ 3D Soccer.exe

- C: \ WIndoss \ system32 \ Av-Prev.exe

- C: \ WIndoss \ system32 \ controls.exe

- C: \ WIndoss \ system32 \ ex-plorer.exe

- C: \ WINDOWS \ System32 \ exerun.exe

As Leena support will make a string of registry,including:

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogonshell
= Explorer.exe C:\WINDOWS\ExeServ.exe

- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command Default = C: \
WINDOWS \ System32 \ ExeRun "% 1"% *

In addition Leena will also create a schedule [Schedule Task] with the name of
the directory Leena [C: \ Windows \ tasks \ leena] schedule task is made to run
the master file that is located in the directory [C: \ WINDOWS \ System32 \
controls.exe ], where the schedule will be run every 08.15 hours each week.

Block the function of Windows and restart the computer. Leena to defend himself
will try to shut some windows functions such as:

- Regedit

- Msconfig

- Folder option

The protection is made Leena will kill [restart] if the computer functions on
the run. On the mode Safe Mode and Safe Mode with Command Prompt Leena will also
remain active even though the computer booting mode safe mode or safe mode with
command prompt, this is done to prevent the user to clean this virus.

The technique is realized with the following string in the registry:

- HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \
SafeBoot\AlternateShell = C: \ WINDOWS \ System32 \ Av-Prev.exe

- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \
Winlogon shell = Explorer.exe C: \ WINDOWS \ ExeServ.exe

Manipulate files. Exe to activate the virus

Be careful if your computer is infected with the virus, we recommend to
immediately clean up with the antivirus program can mendeteksinya. Because Leena
will try to switch every executable file to run itself (in background), and the
application of the call will still be able to run as usual.

To do this, Leena will create the following string in the registry:

- HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command
Default = C: \ WINDOWS \ System32 \ ExeRun "% 1"% *

Hide file MS.Word As done by the virus River, Leena will also try to hide the MS
Word file and instead Leena will create duplicate files in accordance with the
name of the file that is hidden, the virus file by Leena will have the

- File Size 76 KB

- Extensi. EXE

- File Type "Application".

If you try to run the file that is infected with the Leena MS.Word program will
appear with any posts EMPTY-headed.

Load disqus comments

0 komentar