PCMAV 3.1 Update Build2 (Amis: Menyamar Sebagai File Mp3)

Amis. Trick with the technique of social engineering malware is still a powerful weapon for the user running it, as has been done by this worm. With applications like Winamp icon and make the files appear to have the extension *. mp3, a glimpse of the worm file is a regular mp3 files that are ready to listen. But if the user is well aware, this worm files easily recognizable from the type, size, and display properties that appear when the mouse cursor is directed to that file (as shown). worm was created by using Visual Basic programming language, measuring approximately 22 KB in a state in-pack. When active, he will close the applications that have a caption such as:
- pcmav
- process
- master
- utility
- hijack
- patrol
- firewall
- detect

To protect itself, the worm also disable the Command Prompt, Regedit, Folder Options, and hide the file extension. The worm also manipulate the registry so that when users access msconfig.exe, which came out just notepad.exe application.

The worm will mimic the name of every file *. mp3 files found, and create duplication worm like mp3 files to trick users. Fortunately, the original mp3 is not removed by this worm. The worm also creates a VBScript file with the name menol.vbs mounted on Start - All programs - Startup that serves to activate the files of the parent worm.

At the root drive, hard drive or on removable disk, it will create duplicate files by name AMIS.exe.

List of virus addition to PCMAV 3.1 Update Build2:
Amis
Amis.vbs
Autoit-ReplaceIcon
BHP
BlackLove.D
Blagu
Brontok-Joseray.J
Brontok-Joseray.J.bin
Dewasa
FaLoNgel
FaLoNgel.htm
FaLoNgel.ocx
Flyff666.vbs.B
Hasmi.B
Hasmi.B.ini
Malingsi.T
Malingsi.T.ini
Malingsi.T.mrc
Malingsi.T.sys.A
Malingsi.T.sys.B
Malingsi.T.sys.C
Malingsi.T.sys.D
Malingsi.T.sys.E
Malingsi.T.sys.F
Malingsi.T.sys.G
Malingsi.T.sys.H
Malingsi.U
Nebula
P0et-Death-Drive.A
P0et-Death-Drive.A.inf
P0et-Death-Drive.A.ini
P0et-Death-Drive.A.txt
P0et-Death-Drive.B
QGS
QGS.dll
QGS.hosts
QGS.inf
QGS.lnk
Senseii.vbs
Senseii.vbs.ini.A
Senseii.vbs.ini.B
Senseii.vbs.vbs.A
Senseii.vbs.vbs.B
Senseii.vbs.vbs.C
Senseii.vbs.vbs.D

Download PCMAV 3.1 Update Build2 (Amis: Menyamar Sebagai File Mp3)

Read full story

PCMAV 3.1 Update Build1 (FaLoNgel: Beranak Pinak Dalam Hard Drive)

FaLoNgel. See screenshot above, the presence of this worm is clear easy to know, because he manipulates certain registry that causes the icons that appear on the desktop and start menu to be larger than the default size. But cleaning is not an easy matter, because it will breed in the hard drive is making thousands of files. Worse, he can delete the files with extensions such as *. doc, *. html, *. htm, *. db, *. ocx and replace it with a duplicate of this worm.Worm created using Visual Basic programming language, size about 35 KB in a state in-pack. He will disable Comand Prompt, Task Manager, Regedit, and also change some colors display in Windows. Windows folder will be filled with artificial worms With the HTML file name FaLoNgelXXXX.htm where XXXX is the number in the thousands.

In a few *. ocx file which is the worm file, there is a message as follows:

FaLoNgelß

Kami tidak akan mengaktifkan antivirus,
Maupun program ini.
Karena file ini telah dikuasai
virus FaLoNgel.

Fandy Love Angel

List of virus addition to PCMAV 3.1 Update Build1:
Autoit-ReplaceIcon
BHP
BlackLove.D
Brontok-Joseray.J
Brontok-Joseray.J.bin
Dewasa
FaLoNgel
FaLoNgel.htm
FaLoNgel.ocx
Flyff666.vbs.B
Hasmi.B
Hasmi.B.ini
Malingsi.T
Malingsi.T.ini
Malingsi.T.mrc
Malingsi.T.sys.A
Malingsi.T.sys.B
Malingsi.T.sys.C
Malingsi.T.sys.D
Malingsi.T.sys.E
Malingsi.T.sys.F
Malingsi.T.sys.G
Malingsi.T.sys.H
Malingsi.U
Nebula
QGS
QGS.dll
QGS.hosts
QGS.inf
QGS.lnk
Senseii.vbs
Senseii.vbs.ini.A
Senseii.vbs.ini.B
Senseii.vbs.vbs.A
Senseii.vbs.vbs.B
Senseii.vbs.vbs.C
Senseii.vbs.vbs.D

Download PCMAV 3.1 Update Build1 (FaLoNgel: Beranak Pinak Dalam Hard Drive)

Read full story

PCMAV 3.1 Ragnarok Released

Having attended the latest edition of PC Magazine Media 08/2010 with Super DVD 8 GB, which also include antivirus pride Indonesia, PCMAV 3.1. Currently, PCMAV is the only one capable of recognizing antivirus 3327 virus and its variants are reported more widespread in Indonesia.

Immediately get Ragnarok PCMAV 3.1 has been enhanced only from a PC Media magazine 08/2010 which had been published. Immediately a message and get in the stall / nearest agent.

Technical questions please delivered directly to the editors of PC Media via e-mail you have read and understand the contents of README.TXT. And we will be grateful if you could take the time to make comments limited to the use PCMAV 3.1 as an input in its development.

WHAT'S NEW? / CHANGE-LOG

* ADDED! Added database and cleaning virus 35 local / foreign / new variants have been spread in Indonesia. Total 3327 virus and its variants that are circulating in Indonesia is well known in version 3.1 is the core engine PCMAV.

* ADDED! PCMAV can now run on Windows Vista & 7 64-bit full.

* ADDED! Removal special engine to clean thoroughly and AIBO Deathdrive virus variants are widespread in Indonesia.

* Improved! Change of name of the virus found a new variant.

* FIXED! Repair logs in Windows Vista & 7 64-bit.

* Improved! Fixes some minor bugs and improved the internal code to ensure that antivirus PCMAV remain the pride of Indonesia.

Download PCMAV 3.1 Ragnarok Released

Read full story

PCMAV 3.0.3 Update Build4 (Senseii: Menyembunyikan Drive C)

Senseii. Malware type VB Script worm is sized around 59 KB, have quite a lot of payload, such as displaying a message like the picture at start Windows, or hide drives C through manipulation of the registry, causing drive C is not visible in Windows Explorer.Worm will spread on a removable disk with senseii.vbe and desktop.vbs name, do not miss a autorun.inf file in order to run the worm automatically if autorun is active.

Some worms and companionnya duplicate files will also be created with the name:

c: \ windows \ EXPL0RER.vbs
c: \ windows \ system \ WinUpdt.vbs
c: \ antivirus.vbs
c: \ regedit.vbs

and much more. Although the drive C is not visible, but you can still access it via the Command Prompt. On the desktop, it also will create a file called Do not click.ini containing the text:

w32 s@ipud1n adalah virus tiruan dari virus yg pernah ada ingin tau siapa yang buat tiruanya yang jelas bukan kamu kan? [credits] senseii c45 sekolah di playgroup terkenal di Cirebon

List of virus addition to 3.0.3 Update PCMAV Build4:
74BE16
74BE16.exe.A
74BE16.exe.B
74BE16.fne.A
74BE16.fne.B
74BE16.fne.C
74BE16.fne.D
74BE16.fne.E
74BE16.fne.F
74BE16.fne.G
74BE16.fnr.A
74BE16.fnr.B
Aibo.C
Anti
Anti.doc
Autoit.EY
Autoit.EZ
Autoit.EZ.cmd
Autoit.EZ.inf
Autoit.FA
Autoit-ReplaceIcon
BHP
BlackLove.B
Brontok-Joseray.J
Brontok-Joseray.J.bin
CekVirus
DosenBlagu
Flyff666.vbs.B
Hasmi.B
Hasmi.B.ini
Hswdc.B
Iklan
KillMe
Malingsi.R
Malingsi.S
Malingsi.S.ini
Malingsi.T
Malingsi.T.ini
Malingsi.T.mrc
Malingsi.T.sys.A
Malingsi.T.sys.B
Malingsi.T.sys.C
Malingsi.T.sys.D
Malingsi.T.sys.E
Malingsi.T.sys.F
Malingsi.T.sys.G
Malingsi.T.sys.H
Malingsi.U
Metamorpica
Minerva.D
MyDoom.B
Nebula
QGS
QGS.dll
QGS.hosts
QGS.inf
QGS.lnk
Restui
Senseii.vbs
Senseii.vbs.ini.A
Senseii.vbs.ini.B
Senseii.vbs.vbs.A
Senseii.vbs.vbs.B
Senseii.vbs.vbs.C
Senseii.vbs.vbs.D

Download PCMAV 3.0.3 Update Build4 (Senseii: Menyembunyikan Drive C)

Read full story

PCMAV 3.0.3 Update Build3 (TolakBHP: Menyuarakan Protes Lewat Worm)

TolakBHP. Malware was created with various motifs, such as this one worm, which displays a message reject the commercialization of education. Messages such as in the picture above will appear when the worm is executed, and each time the infected computer to start Windows. There are two options button, if selected is the "Agree to Reject BHP" the message is closed, but if the choice is "No! Brow ", then the computer will shutdown by itself. This worm spreads on the root drive and removable disk with the file name: Reject BHP.flv.exe, measuring approximately 656 KB, created with Visual Basic programming language, without in-pack, and have the icon resembles a Media Player file.

This worm will place duplicate itself on Windows startup with the name SYSTEM.exe.

List of virus addition to 3.0.3 Update PCMAV Build3:
74BE16
74BE16.exe.A
74BE16.exe.B
74BE16.fne.A
74BE16.fne.B
74BE16.fne.C
74BE16.fne.D
74BE16.fne.E
74BE16.fne.F
74BE16.fne.G
74BE16.fnr.A
74BE16.fnr.B
Aibo.C
Anti
Anti.doc
Autoit.EY
Autoit.EZ
Autoit.EZ.cmd
Autoit.EZ.inf
Autoit.FA
Autoit-ReplaceIcon
Brontok-Joseray.J
Brontok-Joseray.J.bin
CekVirus
DosenBlagu
Flyff666.vbs.B
Hasmi.B
Hasmi.B.ini
Hswdc.B
Iklan
KillMe
Malingsi.R
Malingsi.S
Malingsi.S.ini
Malingsi.T
Malingsi.T.ini
Malingsi.T.mrc
Malingsi.T.sys.A
Malingsi.T.sys.B
Malingsi.T.sys.C
Malingsi.T.sys.D
Malingsi.T.sys.E
Malingsi.T.sys.F
Malingsi.T.sys.G
Malingsi.T.sys.H
Metamorpica
Minerva.D
MyDoom.B
Nebula
QGS
QGS.dll
QGS.hosts
QGS.inf
QGS.lnk
Restui
TolakBHP

Download PCMAV 3.0.3 Update Build3 (TolakBHP: Menyuarakan Protes Lewat Worm)

Read full story

PCMAV 3.0.3 Update Build2 (Autoit-ReplaceIcon: Worm Dengan Icon yang Beragam)

Autoit-ReplaceIcon. This unique Worm Autoit script-based and has the ability polymorphic. File size can vary, so too autorun.inf file that was created. Even the language information when the right click - Properties - Version - Language, also may vary in each of the worm file is created. Filename worm that spreads through the disk media also appeared random, although always with extension *. exe and consists of 6 characters. For example:
brgzdt.exe
civfap.exe
hissyn.exe
naigpy.exe
uxjxhp.exe

Uniquely, the icons used are also varied, some examples of the worm files with different icons that look like the picture above. Name Autoit-ReplaceIcon taken from one of the object function (ImageList_ReplaceIcon) that read the body of the worm. Files that are active in memory named csrcs.exe (located at the locations WINDOWS \ System32), at first glance looks like a Windows system file csrss.exe property.

List of virus addition to 3.0.3 Update PCMAV Build2:
74BE16
74BE16.exe.A
74BE16.exe.B
74BE16.fne.A
74BE16.fne.B
74BE16.fne.C
74BE16.fne.D
74BE16.fne.E
74BE16.fne.F
74BE16.fne.G
74BE16.fnr.A
74BE16.fnr.B
Aibo.C
Anti
Anti.doc
Autoit.EY
Autoit.EZ
Autoit.EZ.cmd
Autoit.EZ.inf
Autoit.FA
Autoit-ReplaceIcon
CekVirus
DosenBlagu
Hasmi.B
Hasmi.B.ini
Hswdc.B
Iklan
KillMe
Malingsi.R
Malingsi.S
Malingsi.S.ini
Malingsi.T
Malingsi.T.ini
Malingsi.T.mrc
Malingsi.T.sys.A
Malingsi.T.sys.B
Malingsi.T.sys.C
Malingsi.T.sys.D
Malingsi.T.sys.E
Malingsi.T.sys.F
Malingsi.T.sys.G
Malingsi.T.sys.H
Metamorpica
Minerva.D
MyDoom.B
Restui

Download PCMAV 3.0.3 Update Build2 (Autoit-ReplaceIcon: Worm Dengan Icon yang Beragam)

Read full story

PCMAV 3.0.3 Update Build1 (Restui: Menyembunyikan File Excel)

Restui. It is a worm measuring about 140 KB with no in-pack, made with Visual Basic programming language, and have the icon resembling Microsoft Excel spreadsheets. Creating duplicate files itself by mimicking Excel files (*. xls extension) were found, while the original files will be stored in the folder WINDOWS \ system32 \ MB.

With still keep the original files, the worm is able to display a spreadsheet when the user executes the actual worm file, this is done for the unsuspecting user. The possibility still there are bugs in the programming of this worm that can harm the user, because there are times when some Excel files are copied by the worm to the folder WINDOWS \ System32 \ MB will be broken and sized 0 bytes, if this happens, the worm only displays a blank spreadsheet.

This worm also replicate themselves by name and EXCEL.BAT restui.exe in the folder WINDOWS \ System32 \ MB, the same folder with the original Excel files owned by users that is hidden. At some point, he will delete the files with extension *. exe files contained on a removable disk. Although there is a gap because the worm does not check if the extension is to use capital letters. Thus, files with extension *. EXE, *. eXe, *. exe, and so long as it contains capital letters, are not deleted by this worm.

To eradicate this virus or another virus variant, PCMAV Update 3.0.3 Build1 been present with the addition of 31 new virus variant identification. For those users PCMAV 3.0.3, it is strongly recommended to update immediately, so that you PCMAV can recognize and eradicate the virus more.

List of virus addition to 3.0.3 Update PCMAV Build1:
74BE16.exe
74BE16.exe.Dropper.exe.A
74BE16.exe.Dropper.exe.B
74BE16.exe.fne.A
74BE16.exe.fne.B
74BE16.exe.fne.C
74BE16.exe.fne.D
74BE16.exe.fne.E
74BE16.exe.fne.F
74BE16.exe.fne.G
74BE16.exe.fnr.A
74BE16.exe.fnr.B
Aibo.C
Anti
Anti.doc
Autoit.EY
Autoit.EZ
Autoit.EZ.cmd
Autoit.EZ.inf
Autoit.FA
CekVirus
DosenBlagu
Hswdc.B
Iklan
KillMe
Malingsi.R
Malingsi.S
Malingsi.S.ini
Metamorpica
Minerva.D
Restui

Download PCMAV 3.0.3 Update Build1 (Restui: Menyembunyikan File Excel)

Read full story

PCMAV 3.0.3 Ragnarok Release

Have attended the latest edition of PC Magazine Media 07/2010 with Super DVD 8 GB, which also include antivirus pride Indonesia, PCMAV 3.0.3. Currently, PCMAV is the only one capable of recognizing antivirus 3292 virus and its variants are reported more widespread in Indonesia.

WHAT'S NEW? / CHANGE-LOG

* UPDATED! Added database and cleaning virus 46 local / foreign / new variants have been spread in Indonesia. Total 3292 virus and its variants that are circulating in Indonesia is well known in the version 3.0.3 is the core engine PCMAV.

* UPDATED! Removal special engine to thoroughly clean the virus variants YM-InfoCard, breakfast, Allya.vbs, Titian, Felisha, and Hasmi widespread in Indonesia.

* Improved! Folder "quarantine" is only created if there are quarantined file, and automatically removed if there are no files in it.

* FIXED! Bug on the Close button [X] is * not * function to close PCMAV.

* FIXED! Bug on Tree labels that can be * changed *.

* FIXED! Bug progress bar that * appear * when scanning right-click a file.

* FIXED! Bug * appears * error display when the computer is turn-off while PCMAV is working.

* Improved! PCMAV can run on Windows Vista & 7 64-bit (experimental).

* UPDATED! Change of name of the virus found a new variant.

* Improved! Fixes some minor bugs and improved the internal code to ensure that antivirus PCMAV remain the pride of Indonesia.


Download PCMAV 3.0.3 Ragnarok Release

Read full story