PCMAV 3.0.1 Update Build3 (Rieysha-Jogja.C)

Rieysha-Jogja.C. The virus is made with Delphi, measuring around 449 KB and use the icon like Microsoft Word. Including very diligent to create duplicate files virus with various names and files scattered on the C drive, the folder C: \ Windows, C: \ Windows \ system, C: \ Windows \ System32, C: \ Windows \ Help, or removable disk. The name of the file that was created, among others:
ajang_overclocking.exe
algoritma_dan_pemrograman_virus.exe
cara_cara_cepet_dapet_duit.exe
daftar_koruptor_indonesia.exe
duduk_diem_dapet_duit_kalo_perlu_tidur.exe
jogja_berhati_nyaman.exe
kopi_jos_enak_tenan.exe
penguji_keamanan_operating_sistem.exe
makan_gratis_tapi_cuci_piring.exe
hardiskmu_penuh_virus.exe

And much more. This virus also creates other virus type VBScript, with names such klik2x.vbs, keperawananku.sys.vbs, X-Code Magazine1.vbs, or recycle.vbs. A VBScript file with the name kisah_tragis_gebi.vbs also created, if executed, this script displays an animation of text in Notepad and automatically save it with a rieysha.txt. Animated text that is displayed stating:

Sayang kapan kamu kembali ke indonesia? apa kamu kembali dengan hatimu yang dulu?

———————————————-

To eradicate this virus or another virus variant, Build3 PCMAV Update 3.0.1 is now available with the addition of eight new virus variant identification. For those users PCMAV 3.0.1, it is strongly recommended to update immediately, so that you PCMAV can recognize and eradicate the virus even more.

List of virus addition to 3.0.1 Update PCMAV Build3:

Abzenz.B
Autoit.EW
Autoit.EW.ini
AwaN
Bohia
Bohia.dll
Bohia.url.A
Bohia.url.B
Bohia.url.C
Bohia.url.D
Bohia.url.E
Bohia.url.F
Dots.vbs
Forever
Forever.dll
Forever.hosts
Forever.inf
GadiHot.E
GadiHot.E.txt
Hswdc
Malingsi.O
Malingsi.O.dll
Malingsi.O.dll
Malingsi.O.dll
Malingsi.O.exe
Malingsi.O.ini
Malingsi.O.mrc
Malingsi.P
Pengantin_Baru
Rieysha-Jogja.C
Rieysha-Jogja.C.vbs.A
Rieysha-Jogja.C.vbs.B
Saphira.B
Saphira.B.sys
Sarap
Sesiana.vbs.A
Sesiana.vbs.A.inf
Sesiana.vbs.B
Xcrack
Xcrack.inf

Download PCMAV 3.0.1 Update Build3 (Rieysha-Jogja.C)

Read full story

PCMAV 3.0.1 Update Build2 (AwaN)

AwaN. For most programmers, Visual Basic Classic (version 6.0 or below) is still a favorite, including a local maker for viruses. One of the viruses created with Visual Basic is the cloud type worms, with size around 36 KB, without in-pack.

Icon used this virus is quite unique, namely the eye icon image. As can be seen as shown below:

Awan Icon

The virus will create AwaN.exe file on the Windows folder, and create a file containing the text Read Dong.txt:
============================================
# File Ini dibuat oleh Program
# Tanggal : 4/16/2010
# Jam : 12:40:27 PM
# Komputer anda sudah tertular virus saya
# tenang aja kok virus nya gak bahaya
# Cuma ngigit dikit, he… he … he…
============================================

The dates and hours listed were taken from an infected computer system. He also infects flash disks and create file AwaN.exe. Election eye icon by virus makers is not without significance, most likely due to this virus has the ability to peer programs are run and stored in a file named AwaN.dll. Sample contents are as follows:

4:20:44 PM 4/16/2010
Size: .0 MB
*** PROGRAMS OPENED ***

4:20:26 PM Process Monitor – Sysinternals: www.sysinternals.com PROCMON_WINDOW_CLASS
4:20:29 PM Shell_TrayWnd
4:20:30 PM Start Menu DV2ControlHost
4:20:31 PM Run #32770
4:20:33 PM Untitled – Notepad Notepad
4:20:36 PM Save As #32770

———————————————-

To eradicate this virus or another virus variant, Build2 PCMAV Update 3.0.1 is now available with the addition of 10 new virus variant identification. For those users PCMAV 3.0.1, it is strongly recommended to update immediately, so that you PCMAV can recognize and eradicate the virus even more.

List of virus addition to 3.0.1 Update PCMAV Build2:

Abzenz.B
Autoit.EW
Autoit.EW.ini
AwaN
Bohia
Bohia.dll
Bohia.url.A
Bohia.url.B
Bohia.url.C
Bohia.url.D
Bohia.url.E
Bohia.url.F
Dots.vbs
Forever
Forever.dll
Forever.hosts
Forever.inf
GadiHot.E
GadiHot.E.txt
Malingsi.O
Malingsi.O.dll
Malingsi.O.dll
Malingsi.O.dll
Malingsi.O.exe
Malingsi.O.ini
Malingsi.O.mrc
Pengantin_Baru
Saphira.B
Saphira.B.sys
Sarap
Xcrack
Xcrack.inf

Download PCMAV 3.0.1 Update Build2 (AwaN)

Read full story

Download PCMAV 3.0.1 Release

PCMAV 3.0.1 Ragnarok April May 2010 edition, re-issue of PC Media Free portable anti-virus that is the mainstay of their PCMAV, PCMAV this time April-May 2010 edition is labeled 3.0.1 Ragnarok and able to detect the virus means that 3224 is going to make your computer more safe from the damned virus.

Several changes were made in PCMAV 3.0.1
Updated! Added a database identifier and cleaning 60 local virus / foreign / new variant of the reported spread in Indonesia. Total 3224 virus and its variants are circulating in Indonesia has been known in the version 3.0.1 is the core engine PCMAV.
FIXED! PCMAV.exe-unpack file in order to avoid false alarms from multiple antivirus heuristics engine outside. The result, now PCMAV.exe file size larger than previous versions.
FIXED! Right-click function “Scan with PCMAV” is now able to walk properly.
FIXED! In some cases the error message “GetTask / GetHandleJob”. Now been repaired.
FIXED! -Folder tree structure which does not remember the previous choices have been fixed.
FIXED! Valkyrie writing that still emerge have been adjusted.
FIXED! Caption on the menu Quarantine has now been adapted to the new version.
FIXED! File information has been adapted to this new version.
Improved! Changes name to follow a new variant viruses were found.
Improved! Some minor bug fixes and improvements of internal code to ensure that the equipment can be antivirus PCMAV Indonesian pride.

Virus Forever: PCMAV 3.0.1 Update Build1
Forever. Is a virus that is made with Visual Basic programming language, in-pack and generate size around 68 KB.

He uses the folder icon and create a virus file on your hard drive with the path and file name Windows \ system32 \ system.exe and Windows \ userinit.exe. In addition, it also makes the file Windows \ kdcoms.dll that contains the string "Do not worry! I Will protect your computer. "Without quotes.

Viruses also to block access to sites using the file Windows \ system32 \ drivers \ etc \ hosts had made, a list of sites that is blocked is:
download.f-secure.com
mirror02.gdata.de
download.avg.com
spftrl.digitalriver.com
www.grisoft.cz
download1us.softpedia.com
download.softpedia.com
www.bitdefender.co.uk
www.bitdefender.com
virusscan.jotti.org
bkav.com.vn
www.bkav.com.vn
download.com.vn
www.download.com.vn
9down.com
www.9down.com
download.eset.com
www.download.com
www.symantec.com
www.bitdefender.com.vn
www.kaspersky.com
cmcinfosec.com

List of these sites also look at body of the virus that has been in-unpack as shown. To spread, viruses make use removable disks and create file forever.exe, System Volume Information.exe, Romantic.exe (specially created in a subfolder found in the virus), and the autorun.inf that will execute forever.exe.

To eradicate this virus or another virus variant, Build1 PCMAV Update 3.0.1 is now available with the addition of 23 new virus variant identification. For those users PCMAV 3.0.1, it is strongly recommended to update immediately, so that you PCMAV can recognize and eradicate the virus even more.

List of virus addition to 3.0.1 Update PCMAV Build1:
Abzenz.B
Autoit.EW
Autoit.EW.ini
Dots.inf
Dots.vbs
Forever
Forever.dll
Forever.hosts
Forever.inf
GadiHot.E
GadiHot.E.txt
Malingsi.O
Malingsi.O.dll
Malingsi.O.dll
Malingsi.O.dll
Malingsi.O.exe
Malingsi.O.ini
Malingsi.O.mrc
Pengantin_Baru
Saphira.B
Saphira.B.sys
Xcrack
Xcrack.inf


Download PCMAV 3.0.1 Release






Download PCMAV 3.0.1 Update Build1

Read full story