After so long submerged, Shemale vol 2 which is a regeneration of the previous virus has returned to spread the threat. The virus is present by closing some gaps that might be exploited by a user to turn himself. Still, he uses the album teaser porn.still like its predecessor, the virus was created with Visual Basic Script (VBS). He will encrypt itself that the user does not easily read the contents of the script of the virus, and has a size of 195 KB with VBS icon.
Here are the features that can be found at the time to infect user's computer:
1. Folder appears with the name 'Adult (New Release)', this folder contains several files shortcut to run the master file that has been determined to be made on all drives.
2. Appeared files 'Membership of Shemale Lover' which will be created in each drive with the icon 'Internet Explorer'.
3. Can not access the folder 'C: \ Windows', if the user accessing the folder it will open the 'My Computer'.
4. Message appears' Shemale Ver. 2.0.1 by CRY 'at the time of the Windows screen saver is active.
5. Error message appears when running certain security tools.
6. Changes on behalf of the owner of Windows.
7. Change the file type "Shortcut" [. Lnk] form the "Movie Clip
"At the time of infecting a computer, it will make quite a lot of files to be stored in different directories, Ozawa.wmv.lnk Like Mary, Tina Yusuki.mpeg.lnk, sora aoi.dat / lnk, Jennifer Miller.wmv. lnk, sativa rose.wmv / lnk, and others. In the name of the folder is expected to attract a user to execute one of the shortcut files within it.
In addition to more perfect disguise he would change the file type LNK (shortcut) is a 'Movie Clip' so as if a video file, to be sure he will hide the second extension of the file [. LNK]
The virus is also doing a lot of unblocking of several security tools as well as several local anti-virus by doing a debugger to run the file [c: \ windows \ WinUpdt.tpx or C: \ Windows \ appsys.exe]. Thus, he will be active each time the user runs the security tools.
0 komentar:
Post a Comment