Detectie:

https://www.virustotal.com/analisis/178f22f2df2fefceb8b2eca9dd944…


Un nou val de virusi se raspandesc pe Yahoo Messenger si trimit mass-uri la toti userii din lista. Daca primiti un link asemanator cu cele de mai jos, NU dati click.
foto http://miggiphotos.com/image.php
foto http://funwiththisguy.com/image.php
foto http://ariafotos.com/image.php
foto http://zhelefun.com/image.php
foto http://tviceimg.com/image.php
foto http://tusfbfotos.com/image.php
foto http://twittersphoto.com/image.php
foto http://tuesimages.com/image.php
foto http://red-myspace.com/image.php
Am trimis la analiza cateva bucati, in cateva ore o sa fie semnate de majoritatea producatorilor antivirus.


Devirusare manuala:

Stergeti manual urmatoarele fisiere:

C:\Windows\mds.sys
C:\Windows\mdt.sys
C:\Windows\winbrd.jpg
C:\Windows\net.exe
C:\Windows\infocard.exe (poate sa aiba mai multe denumiri)


Daca aveti Windows instalat pe alta partitie decat C, inlocuiti litera partitiei in calea fisierelor.


Stergeti manual urmatoarele chei de registry:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Firewall Administrating”=”C:\\WINDOWS\\infocard.exe”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Firewall Administrating”=”C:\\WINDOWS\\infocard.exe”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run]“Firewall Administrating”=”C:\\WINDOWS\\infocard.exe”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\\Documents and Settings\\[b][/b]\\Desktop\\IM56245.JPG-www.myspace.com.exe”=”C:\\WINDOWS\\infocard.exe:*:Enabled:Firewall Administrating”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\\Documents and Settings\\[b][/b]\\Desktop\\IM56245.JPG-www.myspace.com.exe”=”C:\\WINDOWS\\infocard.exe:*:Enabled:Firewall Administrating”

[HKEY_USERS\S-1-5-21-117609710-764733703-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Run]
“Firewall Administrating”=”C:\\WINDOWS\\infocard.exe”



Devirusare automata:
Descarcati Malwarebytes Anti-Malware 1.46.
Instalati programul si la sfarsit asigurati-va ca ati bifat urmatoarele:
Update Malwarebytes’ Anti-Malware
Launch Malwarebytes’ Anti-Malware
Apasati Finish.
Dupa lansarea programului, selectati Perform full scan si apasati pe Scan.
Dupa ce termina click pe OK si apoi pe Show Results.
Asigurati-va ca e totul bifat si apoi click pe Remove Selected.
malwarebytes 1.46
Cine are instalat Kaspersky Antivirus 2010 sau Kaspersky Internet Security 2010, sa faca update la definitii si sa ruleze o scanare completa a sistemului.

Atentie ! Cine are alt antivirus instalat, urmati pasii de mai jos(instalarea Kaspersky Virus Removal Tool 2010 9.0.0.722 NU implica dezinstalarea antivirusului vostru de pe sistem).
Descarcati
Kaspersky Virus Removal Tool 2010 9.0.0.722
Instalati-l, scoateti cablul de Internet/modem/etc, opriti protectia real-time(scutul) antivirus-ului instalat pe PC si scanati complet sistemul acest utilitar.
La terminarea scanarii stergeti toate fisierele detectate.
Restart, activati protectia antivirus, conectati cablul de internet/modem/etc.