Security and Tech Blogs » Virus http://www.precisesecurity.com/blogs Thu, 09 Feb 2012 00:49:48 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 ~dulla@204 Virus http://www.precisesecurity.com/blogs/2008/12/10/dulla204-virus http://www.precisesecurity.com/blogs/2008/12/10/dulla204-virus#comments Wed, 10 Dec 2008 12:00:14 +0000 webmaster http://www.precisesecurity.com/blogs/2008/12/10/dulla204-virus/ Security and Tech Blogs

~dulla@204 is a harmful virus that can stop operation of document applications such as Microsoft Word, Excel, Powerpoint and Adobe Acrobat. ~dulla@204 also modifies Windows Registry and adds its own key to run itself when Windows starts. When attempting to open a document file, it will display “~dulla@204”. Category: Virus Risk Level: High Technical Details Characteristics: Once executed, this virus will drop several files under Windows directory. These files bears random name like ~jmkiteyd~.exe, which is around 43kb (44032 bytes) in size. To run ~dulla@204 on [...]

]]> Security and Tech Blogs

~dulla@204 is a harmful virus that can stop operation of document applications such as Microsoft Word, Excel, Powerpoint and Adobe Acrobat. ~dulla@204 also modifies Windows Registry and adds its own key to run itself when Windows starts. When attempting to open a document file, it will display “~dulla@204”.

Category: Virus

Risk Level: High

Technical Details

Characteristics:

Once executed, this virus will drop several files under Windows directory. These files bears random name like ~jmkiteyd~.exe, which is around 43kb (44032 bytes) in size.

To run ~dulla@204 on every Windows start-up, it will add the following registry entries:

  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services =”~dulla@204”
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services =”~dulla@204”
  • HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\Run “~jmkiteyd~.exe”

When loaded, ~dulla@204 virus may infect executable files on the compromised computer as a method to propagate. The same process is applied on a network to distribute a copy of itself. Once running on the computer, ~dulla@204 will corrupt all document files by altering part of the header, which makes it irrecoverable.

Distribution Method:
Computer users may acquire ~dulla@204 from malicious web sites or legitimate site that are compromised with a Trojan. Visiting these sites may download and execute ~dulla@204 without visitors notice. Once on the system, this virus will infect .EXE files. It will also look for connected computers and do the same on network-shared drives.

Recommended ~dulla@204 Removal Procedure

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definition of your antivirus program.
3. Reboot computer in SafeMode [how to]
4. Use antivirus program to run a full system scan and clean/delete all infected file.
To manually delete associated files, please browse Windows directory and look for files similar to ~jmkiteyd~.exe (43kb). When found, delete carefully one at a time.

5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services =”~dulla@204”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services =”~dulla@204”
HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\Run “~jmkiteyd~.exe”

6. Exit registry editor and restart the computer.
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.

8. Addition removal tool can be found on this web site : http://www.insa.gov.et/INSA/faces/downloads/downloads.jsp

]]> http://www.precisesecurity.com/blogs/2008/12/10/dulla204-virus/feed 227