Virus Detected!

Today is Sunday..and in a moment time i am going to mengaga jemputan org kawin di sebalah rumah. Baik tah d aga..karang aku kawin nada org mengaga. Pc ku bevirus gerenti dri pc cgu d sekolah ni.eshh! nyasal ku msukan pendrive ku.

Yesterday i spent hours removing a virus that had been detected by my anti-virus program(I am using Eset Nod32). It detected the virus and quarantined. But seems that the virus could reproduce itself after deletation. As a result my anti-virus kept popping up alert time and time. All it could do was blocking. I got annoyed with the pop-ups so decided to find solution for this. Spent hours (from afternoon till evening) surfing the internet and reading. The detail of the virus is below:

Win32/PSW.OnLineGames

Aliases: Trojan-PSW.Win32.OnLineGames (Kaspersky), Infostealer.Gampass (Symantec), New Malware.hz (McAfee) Type of infiltration: Trojan Size: 117104 B Affected platforms: Microsoft Windows Signature database version: 2776 (20080109) Short description: Win32/PSW.OnLineGames is a trojan that steals sensitive information. The trojan can send the information to a remote machine.

Installation
When executed, the trojan copies itself into the:

%system%

folder with the following file names:

kavo.exe (117104 B)

The following file is dropped in the same folder:

kavo0.dll (96768)

The libraries with the following names are injected into all running processes:

kavo0.dll

The trojan creates and runs a new thread with its own program code within the following processes:

explorer.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kava" = "%system%\kavo.exe"

The following Registry entries are set:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = 2

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden" = 0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = 0

Spreading
The trojan copies itself into the root folders of fixed and/or removable drives using the following name:

f.cmd

The following file is dropped in the same folder:

autorun.inf

Thus, the trojan ensures it is started each time infected media is inserted into the computer.

Information stealing
The trojan collects various information related to online computer games. The trojan gathers information related to the following processes:

dekaron.exe

elementclient.exe

gc.exe

ge.exe

hyo.exe

maplestory.exe

Online6.dat

Ragexe.exe

so3d.exe

sro_client.exe

wsm.exe

ybclient.exe

zhengtu.dat

The trojan is able to log keystrokes. The trojan can send the information to a remote machine. The HTTP protocol is used.

Other information
The trojan can download and execute a file from the Internet. The trojan contains a list of 13 URLs. The trojan alters the behavior of some security related applications. It uses techniques common for rootkits.

(sources:http://www.eset.eu/buxus/generate_page.php?page_id=18601)

A type of trojan. A new type i guess. Its threat is win32/psw.onlinegames.nmy and the object is hidden..a familiar 'autorun.inf' and its hidden too. I tried one solution by modifying the content of the autorun.inf(start->-run->type c:/autorun.inf) and then save it as prompt but i just couldn't seem to save it because the virus sets it attribute to read only. I tried to view the autorun.inf that was hidden and wanted to changed the attribute so that i could save the modified content by unclicking the view in the folder option but i couldn't do that as well. The virus changed the
settings and registry itself. S***!!

I searched for other solutions and i found this->http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector/. It solved my problem but the i still couldn't view the hidden files. I couldn't retrieve any Hidden files from the windows xp folders. When I change the setting to "shown hiddenfiles and folders" from Folder Options/View menu, this setting always goes back to the previous setting "Do not show...".Use this to solve the problem(go to here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix). My pc is up and running again =D

English Premier League started yesterday. Liverpool played Sunderland and they won by 1 goal to nil. To see the highlight go to here->http://vdo.me//play.php?vid=179

Here are some pictures:



ilang kepala traffic light.





accident lagi.




Kesian c darling bru mandi. Kana shampoo bersih dan berkilau.



me!