[SOLUTIE] Virusul http://ow.ly/****=http://facebook.com/photo.php

De cateva ore se raspandeste pe Yahoo! Messenger un nou virus, din familia Palevo, din cate se pare.
Metoda este cea clasica: trimite un link “perfid” care induce in eroare utilizatorul si dupa click i se ofera un virus spre descarcare.

Mesajul este unul din urmatoarele:



Your pic? http://wong.to/images321.php
foto http://hi5-viewz.net/profile.php
http://youtube-images.net/profile.php
http://www.facebook.tiitacs.com/facebook_image.php?image=IMG002508902010.JPG
http://fajcesbook.com/album.php
http://facebookim.net/profile.php
http://facebook.toptout.com/photo_id.php
is this you on pic? http://yo-picture.net/photos.php
foto http://www.facebook-vidz.com/photo_id.php
foto http://yeapic.net/photos.php
http://hi5-z.net/photos.php
foto http://alliancelink.info/photos.php
foto http://latrigalle.com/photos.php
foto http://faidebook.com/photos.php
foto http://fan-serial.ru/photos.php
is this you? http://your-photoz.net/photos.php
is this you? http://troschool.com/id.php
is this you photo? http://rurl.org/31e2?=www.facebook.com
is this you http://m-yfacebook.net/id.php
is this you? http:// facebookhit.com/photos.php
is this you? http://msnhot.net/photos.php
is this you? http://msndumpphoto.com/photos.php
is this you? http://artistspace1.com/photos.php
is this you? http://photospace2.com/photos.php
is this you on pic? http://caponemaygofree.com/profile.php
is this you on pic? http://madbomberfireworks.com/photos.php
http://facebook.vjwlimited.com/photos.php
is this you on pic? http://tinyurl.com/myspaces-JPG
foto ๐Ÿ˜€ www.dirbay.net/photos.php?=www.FaceBook.com/profile-6658.php
http://www.proelectrocasa.com/view.php
http://myn-spacing.net/photos.php
http://4url.cc/3cq?=www.facebook.com/photo.php
Is this you on pic? http://myfrcebooks.net/photo.php
Funny photo hahah ๐Ÿ˜€ http://u.nu/9f5vd?=www.facebook.com/profile.php?id=
SUMMER? yeaaaaaaahh http://u.nu/8njud?=www.facebook.com/profile.php?id=
Foto? haha http://u.nu/7rhud?=www.facebook.com/profile.php?id=
http://www.mostcashfast.com/view.php?image=
http://ow.ly/2fSaJ?=www.facebook.com/photo.php
LOL!! Is this u? http://ow.ly/2eQiw?=www.facebook.com/profile.php?id=
LOL!! Is this u? http://ow.ly/2eM7L?=www.facebook.com/profile.php?id=
is this you on pic? http://64.202.120.38/525684446636-JPG-www.facebook.com.exe
i canโ€™t believe this is you http://67.19.9.75/444446636-JPG-www.facebook.com.exe
is this you on pic? http://ow.ly/2ei1n?=www.facebook.com/photo.php
is this you on pic? http://ow.ly/2eFvB?=www.facebook.com/photo.php
is this you on pic? http://ow.ly/2eAeK?=www.facebook.com/photo.php
is this you on pic? http://ow.ly/2eohl?=www.facebook.com/photo.php
is this you on pic? http://ow.ly/2eovc?=www.facebook.com/photo.php
is this you on pic? http://ow.ly/2e6NU?=www.facebook.com/photo.php
is is you on this pic? http://ow.ly/2dWT4?=www.facebook.com/photo.php
is it you on this pic? http://ow.ly/2dHV4?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2bmMb?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2d3aB?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2cWs2?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2dHV4?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2dOyA?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2cTes?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2c4Kd?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2bgwQ?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2b7Xp?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2aY8W?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2anHr?=www.facebook.com
foto ๐Ÿ˜€ http://ow.ly/2aG6r?=www.facebook.com
foto ๐Ÿ˜€ http://ow.ly/2anHr?=www.facebook.com
foto ๐Ÿ˜€ http://eliotson.yourfreehosting.net/FaceBook.php
foto ๐Ÿ˜€ http://ow.ly/29Bpi?=http://www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/291IF?=http://www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/291db?=http://www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/291aV?=http://www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/290Cl?=http://www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/27K04?=http://www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/27rnj?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/27gE2?=www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/2752E?=http://www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/26x6I?=http://www.facebook.com/photo.php
foto ๐Ÿ˜€ http://ow.ly/23U3V?=http://facebook.com/photo.php

Adresa facebook.com de la final induce pe cei mai mult in eroare, site-ul fiind cu totul altul de fapt, iar virusul se incarca de pe http://julietgardiner.com/photo.php.
Fisierul descarcat pretinde ca este o poza, dar are extensia finala .exe si doar icon-ul imita pe cel al unei poze.

Odata rulat creeaza fisierul C:\WINDOWS\jusched.exe, care va porni odata cu PC-ul si va trimite mesaje in mod automat tuturor prietenilor din lista Yahoo! messenger.

Mai sunt create fisierele: c:\do.exe, c:\wos.exe, c:\tolo.exe, %userprofile%\local settings\temp\rnk.exe, c:\windows\rgemua.exe
Detectia lui este una foarte mica: doar 4 din 40 de Antivirusi de pe VirusTotal.com. Felicitari Comodo pentru promptitudine.

Iata care sunt solutiile pentru DEVIRUSARE:

1. Descarcati Malwarebytes Anti-Malware. Scanati PC-ul rapid (sau complet daca nu functioneaza scanarea rapida) si stergeti la final infectiile gasite apasand Remove selected.

2.Descarcati ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Creati un fisier nou de tip .txt cu Notepad si scrieti in el ce e mai jos in citat:

File::
C:\Users\Public\jusched.exe
C:\WINDOWS\jusched.exe

Denumiti-l CFScript.txt si trageti-l peste ComboFix, asa cum este aratat in poza de mai jos:

jusched.exe poza


Apoi asigurati-va ca ati inchis toate programele care ruleaza (yahoo messenger, firefox, etc)
Dezactivati temporar protectia Antivirus!
Rulati apoi ComboFix. Va va intreba daca sa inceapa curatirea. Confirmati cu Yes de fiecare data. Nu-l opriti in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

20 responses to “[SOLUTIE] Virusul http://ow.ly/****=http://facebook.com/photo.php”

  1. B.valentin

    Exact aseara il trimitea cnva prin lista ca mass.L-am luat intentionat (am kaspersky I.S 2011 + Hitman 3.5)…La prima scanare nici unul nu il detecta.L-am pus pe Virus Total si era detectat de Bitdefender , Comodo, Gdata + altele care nu sunt foarte raspandite.L-am oprit prin “Proactive Defense” si am dat o scanare online cu Bitdefender(care l-a gasit si l-a sters).Sunt sigur ca daca il iau azi il detecteaza aman2…(Kis si Hitman)…

  2. Cosmyn

    Uita-te si tu ce contine “Combofixu’ ” tau
    http://www.virustotal.com/analisis/e8051a6ee427793fb1c6cd6c6db8c7f8a180358d7fd3995a9a0436e195509580-1277738548
    Apropo,nu merge asta am incercat la un prieten,si,cred ca ar fi mai usor sa intrati in C:WINDOWSjusched.exe si sa stergeti executabilul ๐Ÿ˜›

  3. Cosmyn

    Ma scuzi,m-am grabit cu faptul ca nu merge,am aflat ca anulase procesul inainte sa se termine,deci de-aia nu mergea,totusi,mai bine le spui sa intre direct sa stearga executabilul ๐Ÿ˜‰

  4. Virus Yahoo http://ow.ly/23U3V?=http://facebook.com/photo.php | Tutoriale PC

    […] alta metoda de devirusare gasiti si aici. AKPC_IDS += "1622,";Popularity: 1% [?] Posted in SECURITATE Tags: SECURITATE, yahoo […]

  5. Devirusare
  6. Costin

    @Radu
    Iti multumesc pentru atentionare si as vrea sa te intreb daca este bun si MBAM pentru DEVIRUSARE?(inca nu am primit asa ceva pe mess , INCA )

  7. Noul Virus Pe Yahoo Messenger « Nebunie de blog!

    […] : http://www.FaraVirusi.com Categories: Cate ceva despre Yahoo Messenger Etichete:Noul Virus Pe Yahoo Messenger […]

  8. Cojocaru Silviu
  9. Solutie virus yahoo « Biscuim Mฤƒria Ta!

    […] Ucide rama acum!!!! […]

  10. News » Blog Archive » Cum sa scapi de noul virus YM!

    […] Ghid preluat de pe Faravirusi.com […]

  11. Daniel

    daca aveti virusu acela care trimite mass-uri in toata lista cu acest fisier scapati de el testat functioneaza 100% pe windows xp daca aveti win vista sau 7 si aveti virusu ala incercati nushtiu daca functioneaza

    http://depositfiles.com/files/vergn3fma

  12. [Solutie Virus] Niste poze interesante cu tine in arhiva asta…astept raspuns sa vad ce parere ai :))

    […] dori sa te abonezi la feed-ul RSS pentru a primi noutatile de pe aceasta pagina.Adoptand tehnica virusului Palevo, care se raspandeste prin Yahoo! messenger, a aparut un nou virus autohton, care trimite de data […]

  13. anamaria

    o captura de desktop cu fisierul notepad sa vada si cei afoni exact cum arta inainte de a fi denumit si salvat ….adica trebuie sa scrii si ” File:: ” ?

  14. alina

    pai eu una care nus chiar atat de experimmentata in chestiile aste cum sa fac????

  15. andrei

    daca formatez pc’ul scap de acest virus?

  16. [ Tutorial ] Cum sa scapi de noul virus de YM | Damian Irimescu

    […] Ghid preluat de pe Faravirusi.com […]

Leave a Reply