Monthly Archives: June 2009 - Page 2

Download PCMAV 2.0c Update Build 1 (Virus PutriEor.vbs)

Posted by on June 5, 2009 No comments

Update Build1 present the user with the addition of 12 new virus variants. For you PCMAV 2.0c users are strongly advised to update immediately, so that you PCMAV can recognize and eradicate the virus more. And to obtain and use PCMAV update, you simply run PCMAV Cleaner (PCMAV-CLN.exe), of course the computer must be in active state is connected to the Internet (non-proxy). Automatic Updates feature of PCMAV akan automatically download and update the database of PCMAV.

But for you who want to get the update file manually, you can download it through file-download some of the address that I provided in the link below.

Put the file is downloaded (update.vdb) in the folder \ vdb. If there had been a long update file, you simply paste. Make sure that once again, that the name of the file update is update.vdb, if different, simply change the name. And later when you return PCMAV run, it is updated.

Full Download:

Download Only Update File:

Download PCMAV 2.0c (June-July 2009)

Posted by on June 4, 2009 18 comments

Coincided with rising magazine PCMedia Edition 07/2009, PCMAV 2.0c officially launched, with the ability to detect the virus in 2771 that many circulating in Indonesia.

IN THE NEW PCMAV 2.0C

  • Updated! Added a database and virus cleaning 51 local / foreign / new variants have been spread in Indonesia. Total 2771 virus with all variant, including virus Conficker , the many circulating in Indonesia is well known in this version 2.0c.
  • Updated! Cleaner and RTP supports the latest generation of engine ClamAV 0.95.
  • Updated! Added special solvets that can handle a lot of virus Risa make changes to the configuration of Windows.
  • BuG fixed! Cleaner sometimes can not be started when RTP is active. This problem caused the process that is still “hanging” in the memory.
  • BuG fixed! RTP in Cleaner detects a particular condition (or vice versa) as a “suspected virus”.
  • BuG fixed! In some conditions and certain computer configurations, the RTP does not want to run and appeae error message “For first usage or upgrading to newer version, …”
  • Improved! Now advanced heuristic engine can be optimized to detect variants in the polymorphic virus that spreads a lot in Indonesia.
  • Improved! Unit Automatic Updates to be more optimized thread safe.
  • BuG fixed! Error detection (false alarm) heuristik on some programs and scripts.
  • Improved! PCMAV.LOG content of the report.
  • Updated! Contents README.TXT conditions.
  • Improved! Several name changes the virus has found a new variant.
  • Improved! Some minor improvements and bug improvised code to ensure that internal PCMAV can still be anti-Indonesian pride.

Download:

Top 10 Virus Indonesia: June 2009

Posted by on June 3, 2009 10 comments

The first sequence in June 2009 still the same : Conficker, followed by Autoit and FullHouse. In addition there are some viruses that the new entrance to the ranking of the ten big as this Nhatquanglan and Hotum.vbs. For more details, please see the following list:

1. Conficker

With sophisticated technology this virus spread is unusual. Of which is the DLL file (Dynamic Link Library) to distinguish them with most other viruses in the form of EXE. Capability can also held disetarakan with the rootkit. And, are pro-polymorphic making them have a body change. At the infected computer, users will not be able to open the site “smelly” antivirius or Microsoft update. The virus is also active in Indonesia, spread by using a removable media disk eg flash disk. In the flash disk infected, you will find a file autorun.inf and RECYCLER directory in which there is a sub-directory with the name eg S-5-3-42-2819952290-8240758988-879315005-3665, and in this directory there are files with the virus Conficker jwgkvsq.vmx name usually is the actual DLL file.

2. Autoit

Most variants of the virus-based import script using this as a folder-like icon. This virus has the ability to do the auto update to multiple sites. He can also take advantage of Yahoo! Messenger as media distribution intermediaries to send a message with a link to each contact person in the Y! M victims.

3. FullHouse

A virus that is made using Visual Basic. In action, it extract images “Han Eun ji”, one of the leaders in the series Full House. One of the parent file hide in RECYCLER folder, and will create a autorun.inf file on the target drive to be running automatically.

4. Recycler

Which is the characteristic of the virus from this technique is, how it spread. Namely “hide” in Recycler directory / Recycler / Recycle Bin. He is also known to apply techniques code code injection so that the virus can “nyangkut” on explorer.exe. This is done to make user or even anti-virus program to kill him.

5. Nhatquanglan

This virus is created using Visual Basic. Two new variants that we met 101KB and 81KB size, similar to using a folder icon. One is something special to block some sites manipulate files with antivirus hosts.

6. Hotum.vbs

One more local type of virus known as VBScript Hotum.vbs. Have approximately the size of 8KB. He will be active with the automatic change the Windows registry userinit property and create new items run. Easy to identify the computer that was infected with this virus. View information on the hours in the windows lower right corner, the PM will be replaced to “Hotum” while for the PM changed to “Tombom”

7. Risa

The virus has the size of 42KB, with the condition of one-pack using UPX. Icon resembling the folder. When a computer infected with this virus, will be a lot of the folders found in every corner of spoofery drive. He can also go to the flash disk, flash disk will be in there are some files with names such as Kumpulan Puisi cinta palsu.exe”, “Rahasia (Jangan dibuka).exe”, and other. Message from the creator of the virus also can be found in the Windows directory with the name “Wasiat.html”, or on the root drive C: with the name “Puisi_untukmu_bang.html”.

8. LegendOfAang.vbs

Virus that is created using VBScript in the present condition encrypted. In the picture above you can see the virus file is in a condition that has been encrypted and the decrypt. He has a size of about 13KB. When in action, he tried to delete the vbs file to the possibility that another virus. On the removable disk will also be infected autorun.inf file there is the property of this virus. And to be able to automatic running, it userinit change items in the registry that referred to himself.

9. Astuty

This virus have a message of love delivered in a browser. The message file may be found in the Windows directory with the name Notic.htm. He used similar document icon in msword penyamarannya. Approximately 617KB in size, in-pack using UPX. Virus will forge file. DOC that he found, in a way hide the file. DOC gave the original with the hidden attributes, and replace it with a virus with the file name of the file that is almost the same.

10. Vanpraja

This virus will exclude the image file in the resources of the body, one with the name of “Hacked by v@nP.jpg” as seen above. Extract the files in the root drive to some of the victims found in the computer. Physically, he resembles the msword document file, the file size of 96KB, and in-pack using UPX. The creator of the virus promote their schools to spread the way a text file that contains the campaign to each drive including the root.

Download PCMAV 2.0b Update Build4 (Virus Hotum.vbs)

Posted by on June 1, 2009 5 comments

Update Build4 present the user with the addition of 12 new virus variants. For you PCMAV 2.0b users are strongly advised to update immediately, so that you PCMAV can recognize and eradicate the virus more. And to obtain and use PCMAV update, you simply run PCMAV Cleaner (PCMAV-CLN.exe), of course the computer must be in active state is connected to the Internet (non-proxy). Automatic Updates feature of PCMAV akan automatically download and update the database of PCMAV.

But for you who want to get the update file manually, you can download it through file-download some of the address that I provide below.

Put the file is downloaded (update.vdb) in the folder vdb. If there had been a long update file, you simply replace. Make sure that once again, that the name of the file update is update.vdb, if different, simply change the name. And later when you return PCMAV run, he is in a condition updated.

Download: