Expert Virus Removal Services and Technical advice.

We are Providing Computer users with Expert Virus Removal Services and Technical Advice.

Threats and their Removal.

Do you need a quick solution to a technical problem? With our live remote-assistance tool, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution.

Spywares and their Removal.

Are you worried that your computer might be nfected with Spywares? Then this is were you can find Support.

Advices for Protecting the Computer.

Expert Advices for Protecting your computer from attacks from all threats

Different Anti Virus Software and Tools.

Familiarizing different Anti Virus Software and removal Tools.

December 30, 2010

Unconquered Zeus Threat

ZeuS is a well-known banking Trojan horse program, also known as crimeware.  This trojan steals data from infected computers via web browsers and protected storage. Once infected, the computer sends the stolen data to a bot command and control (C&C) server, where the data is stored.

The US FBI, Secret Service, and various NY agencies have issued a joint Cyber-Security Advisory warning of the threat posed by the Zeus botnet specifically and wire fraud risks from keylogger trojans in general. Zeus combines keylogger capabilities with man-in-the-middle (or man-in-the-brower) style attacks to steal online banking credentials.

How to remove Worm_Lamin.AC

First I suggest you to follow prevention is better than cure proverb as it is better to safe than trying clean up after the system getting infected. We have to be very careful in clicking the unknown links, enable pop-up blocker, Turn on firewall on your system, getting the Anti-virus updated are some of the basic things we need to make sure that they are done to safe guard our system.

Manual removal of the worm : 

Step 1: We need to turn the system restore off.
Step 2: Delete all the files and processes that belong to the worm from task manager processes tab
Step 3: Some times you will not be able to download the files from the locations found from the processes tab or using process explorer, at that time restart the system in safe mode and and try to remove the files.
Step 4: Enable Registry Editor
Step 5: Delete the registry values from the path 


  • In HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    • Shell = %Program Files%\Microsoft Office\OFFICE11\WINWORD.EXE
  • In HKEY_CLASSES_ROOT\exefile
    • NeverShowExt =
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    • EnableLUA = 0
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{Application name}
    • Debugger = cmd.exe /c del    
      
  • Delete the registry keys 
    • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\
      • Svc
    • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\
      • FWCFG
    • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
      • WinDefend
    • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center              
     
  • Restore this modified registry values in the files 
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced From: SuperHidden = 0
    To: SuperHidden = 1
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc 
  • From: Type = 4
    To: Type = 20 
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
  • From: Type = 4To: Type = 20 
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
  • From: Type = 4To: Type = 20 
  • There will be another location with the same path change the value from type 4 to 20.

Search and delete the keys in the following location for different files %Program Files%\Microsoft Office\OFFICE11\ control.ini 
Drvics32.dll
hjwgsd.dll
jwiegh.dll
PUB60SP.mrc
ruimsbbe.dll
smss.exe
yofc.dll
remote.ini


After doing this please scan your computer using any good updated anti-virus program.

Worm_Lamin.AC

This worm will propagate via instant messaging applications online like yahoo messenger, Gtalk, msn Messenger or Digsby.


Effects: 

  • Deletes registry  that are related to anti-virus and security applications resulting in improper functioning of anti-virus programs leaving the system security at risk
  • It disables security center functions like firewall security updates
  • Disables Internet connection sharing service which will disable sharing
  • It sends a copy of its link in the instant messages
It drops files following files in the system :

  • %Program Files%\Microsoft Office\OFFICE11\services.exe
  • %Program Files%\Microsoft Office\OFFICE11\WINWORD.EXE
  • %User Startup%\Adobe Gamma Loader.com

  1. These dll files are loaded into the system program files Drvics32.dl, hjwgsd.dll, jwiegh.dll, PUB60SP.mrc, remote.ini, yofc.dll, ruimsbbe.dll, smss.exe and creates an auto start entry in the registry attacking the word file. 
  2. It also disables registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot which will not allow us to boot in safe mode and explorer, shared access, services related registry entry's values will be changed to 4.  
  3. It also pings many sites that are harmful using command prompt.
  4. The sent spam messages are predetermined, which is listed in HJWGSD.DLLl, and contains the link http://bukuger{BLOCKED}.hared.com. Copies of the malware maybe downloaded from this site, which is currently inaccessible.    
So please be aware while clicking on any links in any instant messenger sites.

Mitigating Cross Site Scripting

Attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool a user  in order to gather data from them besides spoiling the victims PC with different things like DNS poisoning, making changes to the system security, cookie theft and adware etc

XSS holes can allow Java script insertion, which may allow for limited execution. If an attacker were to exploit a browser flaw (browser hole) it could then be possible to execute commands on the client's side. If command execution were possible it would only be possible on the client side. In simple terms XSS holes can be used to help exploit other holes that may exist in your browser.

Cross Site Scripting (XSS)

It is the vulnerability in the web applications that will inject malicious scripts in to the websites viewed by other users. This may result in hacking of the user details and misuse of it to very small issues like leading to different sites which can be easily prevented by a good Internet Security Program.

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More