Must Have - Zimuse Removal Tool

BY Admin ON Jan 28, 2010


After a day identified and studying the behavior of Zimuse worm, BitDefender has wrap a conclusion and released Zimuse Removal Tool for users to clean thoroughly all Zimuse traces from their infected computers.

As stated by BitDefender, Zimuse runs stealthy inside the infected computer, until the countdown ends where it began to attack and then everything is too late. So, users can use this tool to check whether their computers are already infected by Zimuse or not and of course the sooner you know is better than later.

Here is the official documentation on Zimuse worm released by BitDefender:
What are the other names for Worm.Zimuse.A?

Trojan.Startpage.G, Win32/Zimuse.A or Worm:Win32/Zumes.A!sys

What are the symptoms? How do I find out if I have Worm.Zimuse.A on my PC?

Presence of the following files
* %system32%\drivers\mstart.sys
* %system32%\drivers\mseu.sys

A technical description of Worm.Zimuse.A:

The malware comes as an application with a WinZip icon in order to trick the user into running it. To look even more as a a self-extracting archive it displays a dialog box asking for a password in order to successfully unzip the package contents.
Once executed the application checks the command line parameters and if there is a switch '/Z' then it proceeds to delete all the files , all the registry keys it and all the services it has created during a previous infection.

If no disinfection switch is given then it takes the following actions:
* it checks if it's set to run at startup up, by checking the presence of a key named 'Dump' in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
* if no previous infection is found then it infects the computer.

Infection of the computer consists in:
* dropping the files
- %system32%\drivers\mstart.sys and creates and runs a service named 'mstart' from this file;
- %program-files%\Dump\dump.exe"
- %Temp%\Dump.ini
- %Temp%\Regini.exe
- %system32%\drivers\mstart.sys
- %system32%\drivers\mseu.sys
- %Temp%\mseu.ini (used for installation of mseu.sys service)
- %system32%\mseus.exe
- %Temp%\mseus.ini (used for installation of mseus.exe service)
- %system32%\tokset.dll
- %system32%\ainf.inf
- %Temp%\instdrv.exe (which is a clean file used to install services)
- %system_drive%\IQTest\iqtest.exe (in some versions)
- %system_drive%\IQTest\readme.txt (in some versions)

* sets dump.exe file dropped earlier to run at startup (this is the flag of infection)
* deletes the following files (which were used for services instalation)
- %Temp%\Regini.exe
- %Temp%\Dump.ini
- %Temp%\mseu.ini
- %Temp%\mseus.ini
- %Temp%\instdrv.exe
Worm.Zimuse.A Removal Instructions:
POSTED IN , , | 4 Comments | Read More

Malware Alert!! Win32.Worm.Zimuse.A - The Hard Disk Wrecker

BY Admin ON Jan 27, 2010


This is a must-read article from BitDefender Malware City Blog about a new nasty e-threat posted on January 25th 2010. Here it goes:

BitDefender has identified a new e-threat that combines the destructive behavior of a virus with the spreading mechanisms of a worm. Two variants are known to this day.

Called Win32.Worm.Zimuse.A, this malicious piece is extremely dangerous, unlike average worms, it would lead to severe data loss as it overwrites the first 50 KB of the Master Boot Record, a key zone of the hard disk drive.

Win32.Worm.Zimuse.A enters the computer disguised as an apparently harmless 'IQ Test'. Once executed, the worm creates between seven and eleven copies of itself (depending on the variant) in critical areas of the Windows system.

In order to execute itself on each Windows boot-up, the worm sets the following registry entry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Dump"="%programfiles%\Dump\Dump.exe"
And also creates two driver files, namely %system%\drivers\Mstart.sys and %system%\drivers\Mseu.sys.

The really unfortunate thing about this worm is the fact that in its early stages, it's almost impossible for users to become aware that the system has fallen victim to this e-threat. If a certain number of days have elapsed since the infection (40 days for variant A and 20 days for variant B), users will receives an unusual system error message pops-up on the screen and on the next restart will represent with the fatal moment of the computer, nothing else to do, it's too late, the damaged is done .
POSTED IN , | 1 Comment | Read More

Editor's Pick : Free SUPERAntiSpyware Portable Scanner - Fight Viruses When AntiVirus Can't Do

BY Admin ON Jan 26, 2010


In a certain situation when virus infects user's computer, AntiVirus programs lost the ability to functioning due to a very nasty infections. Users also unable to execute the programs to clean their infected computers. When users tries to, the similar notification like an image below pops-up.



Users certainly out of ideas when something happened like that and the only thing that circulating in their minds is reinstall/reformat the OS (Operating System). But wait, don't give up yet, you have a way to clean up your computers even the installed AntiVirus programs has been disabled. Yes, think on portability, most of viruses can't stop the executions of portable programs and this is why some major AntiVirus developer created a portable virus removal tools for users to fight this kind of infections.

Some was created only for a certain infections and some with a full virus database signatures similar to a normal AntiVirus programs enables user to perform a full virus clean up on their infected computers. One of the best of these programs and also a freeware is SUPERAntiSpyware Portable Scanner.
POSTED IN , , | 0 Comments | Read More

Warning!! Latest Threats - Beware Of Trojan Crawling Through Your Yahoo Mail

BY Admin ON Jan 20, 2010


In the last entire week, I received an email containing the attachment in ZIP file from the same sender, two or three emails a day and what exasperate me is that it contains a VIRUS!!

The email content are as follows:
Dear customer!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you.
United Parcel Service.
That email was came from 'UPS Manager Bill Baxter' (I don't think so!!) and sent using 'parcel@ups.com', an attachment named something like 'UPS_Label_NRxxxx.zip'. Thank GOD!! ESET NOD32 AntiVirus able to detect that attachment as 'Win32/Kryptik.BUW trojan' and delete it.

I kept getting the same email continuously two or three times a day, so I blocked it forever. But today, I received another one:
POSTED IN , , | 0 Comments | Read More

Clean And Remove Instant Messaging (IM) Viruses And Worms With Instant Messenger Cleaner

BY Admin ON Jan 12, 2010


Lately, lots of computers got infected by viruses and worms through Instant Messaging (IM), send and received various spam messages which arising from the malware that breeds in the user's computer. The spam messages are also in various languages such as Filipino, Thai, Vietnamese and some others that might be foreign to you.

Yahoo Messenger and MSN messenger (Windows Live Messenger) are reportedly the most numbers of getting infected. For the solutions, CodeMonster has released Instant Messenger Cleaner that enables you to clean and remove any Instant Messenger threats including worms and viruses.

About Instant Messenger Cleaner:

A tool that enables you to clean and remove any Instant Messenger threats including worms and viruses from your MSN or Windows Live Messenger. Instant Messenger Cleaner can even remove AOL instant messenger and Yahoo Messenger related viruses and worms.

How To Use:
POSTED IN , | 0 Comments | Read More

Free Download Full Version Of EASEUS Data Recovery Wizard 4.3.6

BY Admin ON Jan 10, 2010


For future convenience, users should have installed a data recovery software in their computers. Who knows, maybe you or somebody had accidentally permanent delete something useful from your computer or from removable media and need to recover that deleted data back, at this point data recovery software comes handy. In some advanced data recovery software, you can create a bootable data recovery utility, burn it into the CD/DVD, boot that burnt CD/DVD to recover data from an accidentally formatted harddisk or from a 'dead' Windows. Today, you got a chance to grab one of the advanced data recovery tool, EASEUS Data Recovery Wizard 4.3.6 full version for free.

Data Recovery Wizard V4.3.6 featured:
  • Recover deleted or lost files emptied from the Recycle Bin.
  • File recovery after accidental format, even if you have reinstalled Windows.
  • Disk recovery after a hard disk crash.
  • Get back files after a partitioning error.
  • Get data back from RAW hard drives.
  • Recover office document, photo, image, video, music, email, etc.
  • Recover from hard drive, USB drive, memory card, memory stick, camera card, Zip, floppy disk or other storage media.
  • Support FAT12, FAT16, FAT32, NTFS/NTFS5 file systems.
  • Windows 2000/XP/2003/VISTA.
  • Bootable media based on WinPE.
  • High quality of file recovery.
  • Free file repair service.
When to use?
  • Hard Drives that have been formatted.
  • Corrupted or missing critical file system structures.
  • Accidental file deletion.
  • File loss without reason.
  • Unexpected system shutdown or application failure.
  • Computer viruses and worms infection or corruption.
  • Boot-up problems.
  • Partition structures are damaged or deleted.
  • Damage due to a power failure or surge.
  • Various kinds of file system corruption.
  • Recover files from devices with unknown file systems including Hard Disk, external ZIP/USB drive, removable SmartMedia, MemoryStick, SD cards, etc.
How to get it for free?
POSTED IN , | 0 Comments | Read More

Remove Troubled, Hidden And Unused Devices (Ghosted Devices) From Your Computer For A Better Performance

BY Admin ON Jan 8, 2010


When a new hardware inserted into computer, Windows will always try to install an appropriate driver for it to functioning. Sometimes, Windows has encountered a problems during the installations and this will leave the tail of the unfinished driver installation and that will turned that device to be a 'Ghosted Devices'.

Ghosted Devices also came from the old and the unused device that you've pulled-out from your computer and never use it again and also from the improperly disconnected devices and these devices are listed in Device Manager as a hidden devices. Maybe you think that these Ghosted Devices not going to give you any troubles and better to leave it as it is. But, it is better to know what Ghosted Devices can do that can scares you:
  • Slow computer startup - Windows will loads all the installed device driver including for the Ghosted Devices and it'll make the loading time increased.
  • Error on computer startup - You might get an error on each startup due to the Ghosted Devices from the unfinished driver installations and sometimes your computer always found a new hardware.
  • Slow computer performance - This is due to a mixed up between the real hardware drivers and the drivers from Ghosted Devices that can caused your computer performance decreasing, lagging or sometimes not responding.
  • Slow computer shutdown - Too many Ghosted Devices can make your computer shutdown takes longer than before due to Windows cannot kill the applications for properly shutdown.
  • Error on computer shutdown - In some cases, Ghosted Devices can interrupt the shutdown process that sometimes causing the computer to improperly shutdown such as the monitor has been turn off but the power is still on.
  • Hardware performance - Ghosted Devices can cause the hardware performance downgraded due to the duplicated and conflicted between the real hardware drivers and the Ghosted Devices driver.
GhostBuster from ghostbuster.codeplex.com can help you to get rid-off these Ghosted Devices. After installed GhostBuster, please read the developer says first:
POSTED IN , | 0 Comments | Read More

Use On-Screen Keyboard To Prevent Hackers From Stealing Your Login Data Or Even Your Money!!

BY Admin ON Jan 7, 2010


Did you know, hackers can use programs that record every button you push on your keyboard to steal passwords or Social Security numbers? Physical keyboard will generates certain codes on every keys that you've pushed, these codes can be converted into numbers, characters and letters. Hackers have the ability to do that and willing them to log into your account, change your password or even worse, steal your money!!

To foil them, use tools like Virtual Keyboard to enter passwords at banking and credit web sites. Virtual Keyboard did not produced the codes like physical keyboard does, besides it is not a keystrokes but it was a clicks. In some Internet Security products such as Kaspersky Internet Security, Virtual Keyboard was included in it, noticed or not, that is a useful feature provided by Kaspersky Lab's. Also, users have a choice to install any 3rd party Virtual Keyboard made by some software developers that are available on internet.

Please take note, users also should practice and always remember that do not let your browser to remember and store any login ID's and also please sign-out or log-out after finished the login sessions, these will prevent users data and login ID's from falling into hackers hand when their browser been hijacked. In Windows, Virtual Keyboard are already included by default and the name is 'On-Screen Keyboard'. Even the names are different but the functions are the same.
POSTED IN , , | 0 Comments | Read More