Trojan: Autorun.QBP
"Love Map" spread of the virus
The functionality of the virus file
The characteristics of the virus file Autorun.QBP, including:
• Using the icon "Love File"
• Is the size of 793 kb
• type "Application"
• Berlin exe
Photo, file viruses W32/Autorun.QBP
Symptoms / virus effects
If you are infected with the virus Autorun.QBP will lead to symptoms and effects as follows
• In all virus files from file sharing appears with the name "[namaacak]. Exe and an empty file named" khq. Khq this file is also at the root of each drive.
• The virus is active in the computer's memory with the name "csrcs.exe" in the process with the user. You can check this by using the task manager on the Processes tab.
• Unable to files that are hidden inches (although the "folder options" in the pro-Fox time to time will return hidden)
Windows Registry
Despite not a lot of the action taken, Autorun.QBP changes to the registry
Broadcasting Media
Autorun.QBP virus can rapidly through the network and USB Flash / removable drive.
In the Flash USB / removable drive, it will create 2 files with the RHSA attribute (Read, Hidden, System and Archive), namely:
• Autorun.inf,
• [namaacak.exe], the virus file 793 kb
The network will create 2 files (in the root folder on the shared field, and enter the folder / network drive at all to share), including:
• khq, an empty file that is the impression that stopping viruses Autorun.QBP
• [namaacak.exe], the virus file 793 kb
How to clean manually:
1. Remove or disconnect the computer from the network is allowed.
2. Disable / turn off "System Restore" in the process of cleaning the virus.
3. Use the "Task Manager" to stop the virus is active. (probably with the name "csrsc.exe).
To open the Task Manager, can be made by pressing CTR + ALT + DELETE or right-click the Windows taskbar. Then turn off the virus, click [End Process] the process csrsc.exe.
4. Large files Autorun.QBP virus, which is located in C: \ WINDOWS \ system32, the name csrsc.exe Autorun.inf 793 kb in size and the size of 1 kb.
Use the search or find, looking for identical files to other viruses, particularly in the media to Flash or USB / removable disk, the file size of 793 kb of viruses, and many berextension exe application and khq file at the station . Do not forget to mark the "Show hidden files ..." and the feature "Hide protected works ..." in the Folder Options.
5. Remove the registry key string is created by the virus. To facilitate the registry using the following script.
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, SOFTWARE\Classes\batfile\shell\open\command,,, """%1"" %*"
HKLM, SOFTWARE\ Classes \comfile\shell\open\command,,, """%1"" %*"
HKLM, SOFTWARE\ Classes \exefile\shell\open\command,,, """%1"" %*"
HKLM, SOFTWARE\ Classes \scrfile\shell\open\command,,, """%1"" %*"
HKLM, SOFTWARE\ Classes \piffile\shell\open\command,,, """%1"" %*"
HKLM, SOFTWARE\ Classes \regfile\shell\open\command,,, "regedit.exe "%1"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell, 0, Explorer.exe
[del]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Use the notepad and save with the name "repair.inf" (use the Save as type option to All files, so the error does not occur).
Repair.inf run with the right button, then select [Install].
6. To optimize the cleaning of viruses Autorun.QBP use Norman Malware Cleaner is able to detect and eradicate this virus at a time. If you want free of viruses and other viruses from abroad, use antivirus Norman Security Suite (Single User) or Norman Endpoint Protection (Corporate user) that can prevent your computer infected with the virus abroad and viruses both specific and customers free on-site support by VAKSIN (PT technicians. Vaksincom).
You can download Norman Malware Cleaner the following link:
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
"Love Map" spread of the virus
The functionality of the virus file
The characteristics of the virus file Autorun.QBP, including:
• Using the icon "Love File"
• Is the size of 793 kb
• type "Application"
• Berlin exe
Photo, file viruses W32/Autorun.QBP
Symptoms / virus effects
If you are infected with the virus Autorun.QBP will lead to symptoms and effects as follows
• In all virus files from file sharing appears with the name "[namaacak]. Exe and an empty file named" khq. Khq this file is also at the root of each drive.
• The virus is active in the computer's memory with the name "csrcs.exe" in the process with the user. You can check this by using the task manager on the Processes tab.
• Unable to files that are hidden inches (although the "folder options" in the pro-Fox time to time will return hidden)
Windows Registry
Despite not a lot of the action taken, Autorun.QBP changes to the registry
Broadcasting Media
Autorun.QBP virus can rapidly through the network and USB Flash / removable drive.
In the Flash USB / removable drive, it will create 2 files with the RHSA attribute (Read, Hidden, System and Archive), namely:
• Autorun.inf,
• [namaacak.exe], the virus file 793 kb
The network will create 2 files (in the root folder on the shared field, and enter the folder / network drive at all to share), including:
• khq, an empty file that is the impression that stopping viruses Autorun.QBP
• [namaacak.exe], the virus file 793 kb
How to clean manually:
1. Remove or disconnect the computer from the network is allowed.
2. Disable / turn off "System Restore" in the process of cleaning the virus.
3. Use the "Task Manager" to stop the virus is active. (probably with the name "csrsc.exe).
To open the Task Manager, can be made by pressing CTR + ALT + DELETE or right-click the Windows taskbar. Then turn off the virus, click [End Process] the process csrsc.exe.
4. Large files Autorun.QBP virus, which is located in C: \ WINDOWS \ system32, the name csrsc.exe Autorun.inf 793 kb in size and the size of 1 kb.
Use the search or find, looking for identical files to other viruses, particularly in the media to Flash or USB / removable disk, the file size of 793 kb of viruses, and many berextension exe application and khq file at the station . Do not forget to mark the "Show hidden files ..." and the feature "Hide protected works ..." in the Folder Options.
5. Remove the registry key string is created by the virus. To facilitate the registry using the following script.
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, SOFTWARE\Classes\batfile\shell\open\command,,, """%1"" %*"
HKLM, SOFTWARE\ Classes \comfile\shell\open\command,,, """%1"" %*"
HKLM, SOFTWARE\ Classes \exefile\shell\open\command,,, """%1"" %*"
HKLM, SOFTWARE\ Classes \scrfile\shell\open\command,,, """%1"" %*"
HKLM, SOFTWARE\ Classes \piffile\shell\open\command,,, """%1"" %*"
HKLM, SOFTWARE\ Classes \regfile\shell\open\command,,, "regedit.exe "%1"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell, 0, Explorer.exe
[del]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Use the notepad and save with the name "repair.inf" (use the Save as type option to All files, so the error does not occur).
Repair.inf run with the right button, then select [Install].
6. To optimize the cleaning of viruses Autorun.QBP use Norman Malware Cleaner is able to detect and eradicate this virus at a time. If you want free of viruses and other viruses from abroad, use antivirus Norman Security Suite (Single User) or Norman Endpoint Protection (Corporate user) that can prevent your computer infected with the virus abroad and viruses both specific and customers free on-site support by VAKSIN (PT technicians. Vaksincom).
You can download Norman Malware Cleaner the following link:
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
Tidak ada komentar:
Posting Komentar