Tuesday, June 29, 2010

PCMAV 3.0.3 Update Build3 (TolakBHP: Menyuarakan Protes Lewat Worm)


TolakBHP. Malware was created with various motifs, such as this one worm, which displays a message reject the commercialization of education. Messages such as in the picture above will appear when the worm is executed, and each time the infected computer to start Windows. There are two options button, if selected is the "Agree to Reject BHP" the message is closed, but if the choice is "No! Brow ", then the computer will shutdown by itself. This worm spreads on the root drive and removable disk with the file name: Reject BHP.flv.exe, measuring approximately 656 KB, created with Visual Basic programming language, without in-pack, and have the icon resembles a Media Player file.

This worm will place duplicate itself on Windows startup with the name SYSTEM.exe.

List of virus addition to 3.0.3 Update PCMAV Build3:
74BE16
74BE16.exe.A
74BE16.exe.B
74BE16.fne.A
74BE16.fne.B
74BE16.fne.C
74BE16.fne.D
74BE16.fne.E
74BE16.fne.F
74BE16.fne.G
74BE16.fnr.A
74BE16.fnr.B
Aibo.C
Anti
Anti.doc
Autoit.EY
Autoit.EZ
Autoit.EZ.cmd
Autoit.EZ.inf
Autoit.FA
Autoit-ReplaceIcon
Brontok-Joseray.J
Brontok-Joseray.J.bin
CekVirus
DosenBlagu
Flyff666.vbs.B
Hasmi.B
Hasmi.B.ini
Hswdc.B
Iklan
KillMe
Malingsi.R
Malingsi.S
Malingsi.S.ini
Malingsi.T
Malingsi.T.ini
Malingsi.T.mrc
Malingsi.T.sys.A
Malingsi.T.sys.B
Malingsi.T.sys.C
Malingsi.T.sys.D
Malingsi.T.sys.E
Malingsi.T.sys.F
Malingsi.T.sys.G
Malingsi.T.sys.H
Metamorpica
Minerva.D
MyDoom.B
Nebula
QGS
QGS.dll
QGS.hosts
QGS.inf
QGS.lnk
Restui
TolakBHP

Download PCMAV 3.0.3 Update Build3 (TolakBHP: Menyuarakan Protes Lewat Worm)

Read full story
Labels: ,

Monday, June 21, 2010

PCMAV 3.0.3 Update Build2 (Autoit-ReplaceIcon: Worm Dengan Icon yang Beragam)


Autoit-ReplaceIcon. This unique Worm Autoit script-based and has the ability polymorphic. File size can vary, so too autorun.inf file that was created. Even the language information when the right click - Properties - Version - Language, also may vary in each of the worm file is created. Filename worm that spreads through the disk media also appeared random, although always with extension *. exe and consists of 6 characters. For example:
brgzdt.exe
civfap.exe
hissyn.exe
naigpy.exe
uxjxhp.exe

Uniquely, the icons used are also varied, some examples of the worm files with different icons that look like the picture above. Name Autoit-ReplaceIcon taken from one of the object function (ImageList_ReplaceIcon) that read the body of the worm. Files that are active in memory named csrcs.exe (located at the locations WINDOWS \ System32), at first glance looks like a Windows system file csrss.exe property.

List of virus addition to 3.0.3 Update PCMAV Build2:
74BE16
74BE16.exe.A
74BE16.exe.B
74BE16.fne.A
74BE16.fne.B
74BE16.fne.C
74BE16.fne.D
74BE16.fne.E
74BE16.fne.F
74BE16.fne.G
74BE16.fnr.A
74BE16.fnr.B
Aibo.C
Anti
Anti.doc
Autoit.EY
Autoit.EZ
Autoit.EZ.cmd
Autoit.EZ.inf
Autoit.FA
Autoit-ReplaceIcon
CekVirus
DosenBlagu
Hasmi.B
Hasmi.B.ini
Hswdc.B
Iklan
KillMe
Malingsi.R
Malingsi.S
Malingsi.S.ini
Malingsi.T
Malingsi.T.ini
Malingsi.T.mrc
Malingsi.T.sys.A
Malingsi.T.sys.B
Malingsi.T.sys.C
Malingsi.T.sys.D
Malingsi.T.sys.E
Malingsi.T.sys.F
Malingsi.T.sys.G
Malingsi.T.sys.H
Metamorpica
Minerva.D
MyDoom.B
Restui

Download PCMAV 3.0.3 Update Build2 (Autoit-ReplaceIcon: Worm Dengan Icon yang Beragam)

Read full story
Labels: ,

Tuesday, June 8, 2010

PCMAV 3.0.3 Update Build1 (Restui: Menyembunyikan File Excel)


Restui. It is a worm measuring about 140 KB with no in-pack, made with Visual Basic programming language, and have the icon resembling Microsoft Excel spreadsheets. Creating duplicate files itself by mimicking Excel files (*. xls extension) were found, while the original files will be stored in the folder WINDOWS \ system32 \ MB.

With still keep the original files, the worm is able to display a spreadsheet when the user executes the actual worm file, this is done for the unsuspecting user. The possibility still there are bugs in the programming of this worm that can harm the user, because there are times when some Excel files are copied by the worm to the folder WINDOWS \ System32 \ MB will be broken and sized 0 bytes, if this happens, the worm only displays a blank spreadsheet.

This worm also replicate themselves by name and EXCEL.BAT restui.exe in the folder WINDOWS \ System32 \ MB, the same folder with the original Excel files owned by users that is hidden. At some point, he will delete the files with extension *. exe files contained on a removable disk. Although there is a gap because the worm does not check if the extension is to use capital letters. Thus, files with extension *. EXE, *. eXe, *. exe, and so long as it contains capital letters, are not deleted by this worm.

To eradicate this virus or another virus variant, PCMAV Update 3.0.3 Build1 been present with the addition of 31 new virus variant identification. For those users PCMAV 3.0.3, it is strongly recommended to update immediately, so that you PCMAV can recognize and eradicate the virus more.

List of virus addition to 3.0.3 Update PCMAV Build1:
74BE16.exe
74BE16.exe.Dropper.exe.A
74BE16.exe.Dropper.exe.B
74BE16.exe.fne.A
74BE16.exe.fne.B
74BE16.exe.fne.C
74BE16.exe.fne.D
74BE16.exe.fne.E
74BE16.exe.fne.F
74BE16.exe.fne.G
74BE16.exe.fnr.A
74BE16.exe.fnr.B
Aibo.C
Anti
Anti.doc
Autoit.EY
Autoit.EZ
Autoit.EZ.cmd
Autoit.EZ.inf
Autoit.FA
CekVirus
DosenBlagu
Hswdc.B
Iklan
KillMe
Malingsi.R
Malingsi.S
Malingsi.S.ini
Metamorpica
Minerva.D
Restui

Download PCMAV 3.0.3 Update Build1 (Restui: Menyembunyikan File Excel)

Read full story
Labels: ,

PCMAV 3.0.3 Ragnarok Release


Have attended the latest edition of PC Magazine Media 07/2010 with Super DVD 8 GB, which also include antivirus pride Indonesia, PCMAV 3.0.3. Currently, PCMAV is the only one capable of recognizing antivirus 3292 virus and its variants are reported more widespread in Indonesia.

WHAT'S NEW? / CHANGE-LOG

* UPDATED! Added database and cleaning virus 46 local / foreign / new variants have been spread in Indonesia. Total 3292 virus and its variants that are circulating in Indonesia is well known in the version 3.0.3 is the core engine PCMAV.

* UPDATED! Removal special engine to thoroughly clean the virus variants YM-InfoCard, breakfast, Allya.vbs, Titian, Felisha, and Hasmi widespread in Indonesia.

* Improved! Folder "quarantine" is only created if there are quarantined file, and automatically removed if there are no files in it.

* FIXED! Bug on the Close button [X] is * not * function to close PCMAV.

* FIXED! Bug on Tree labels that can be * changed *.

* FIXED! Bug progress bar that * appear * when scanning right-click a file.

* FIXED! Bug * appears * error display when the computer is turn-off while PCMAV is working.

* Improved! PCMAV can run on Windows Vista & 7 64-bit (experimental).

* UPDATED! Change of name of the virus found a new variant.

* Improved! Fixes some minor bugs and improved the internal code to ensure that antivirus PCMAV remain the pride of Indonesia.


Download PCMAV 3.0.3 Ragnarok Release

Read full story
Labels: ,
Subscribe to: Posts (Atom)
 

Labels

what is PCMAV?

PCMAV is an antivirus program developed by Indonesian Software Developer (PCMedia Magazine). PCMAV is distributed bundled with PCMedia Magazine. PCMAV is a free software for personal use or non-commecial use. For Commercial Use, You need to have the PCMedia Magazine to use this software.

Distributting and Using PCMAV is legal for personal and non-commercial!

PC Media Antivirus PCMAV Download Update © 2009 PCMAV is an antivirus program developed by Indonesian Software Developer (PCMedia Magazine).