Okay recently ive had a lot of people talk to me about finding, detecting, and removeing virii so im gonna go over a few basic rules and methods when it comes to virii (multiple virus)


#1. Never download a file if you have no idea what it is - This should go with out saying.. Many people get emails with files attached and have no clue what it truely is or who its comming from but just because it sounds interesting they download it and usually end up with a virus of some type.

#2. Never accept files from people you dont know - I dont care if its a picture, a executable, or a rubber ducky in a pink swim suit... NEVER accept files from soneone u dont know and trust and i mean someone you know in real life not some internet dork you met a month back many hackers and script kiddys will go to ANY lenghts to kill a target and if this person hates u enough they could take up multiple identitys to try and fool you to be infected or hacked.

#3. Always run a virus scanner - i dont care if ur just surfing the web or playing a game and thinking closeing it will free up some memory or whatever u think itll do. ALways run it because there is no saying when a virus might be activated or how it got there for all you know the program you could be running could have a security flaw allowing remote access and someone to upload a virus to your computer.

#4. Always update your DAT file frequently - A virus scanner is only as good as its database of known viruses. A common problem with being infected with a virus is the virus is too new for a virus scanner to have detected by now and if u update ur virus scanner weekly or even daily you have about a 10x better chance of not being infected by a virus.

#5. Run the latest security patchs - Always patch your system and software to keep from there being some kind of security hole that could be well known or even sorta known to allow a user to run malicious code or upload a virus to ur machine

#6. Run a firewall - What does this have to do with a virus? a lot! a virus if not detected or found could use your computer to run other task such as scanning out new victems and trying to infect them! So yes always run a firewall and check it frequently for activity.

#7. Your operating system - I suggest you dont run OSes such as 95 98 or ME because they seem to be the most targeted for virii specially for home users.. NT and 2k are my personal fav Windows OSes and a lot of the older virii and trojans dont effect these OSes as well as they do the 9* oses and the NT OSes also allow you to see the task list of what running and this is a VERY good thing!

#8 Known your task list - make a list of files that normally run in ur task list so you know if anything new is running that wasnt running lets say a week back.. this could mean that software your not seeing is running in the background and could accually be a virus or trojan.

#9 Do full system scans weekly or monthly - Every week or month update ur DAT file as talked about above and do a scan of EVERYTHING on ur computer.. This is just a safety measure and not well practiced by many when it should be.

#10 Your email software - Many software like OUT LOOK EXPRESS is targeted by viruses, Why? mainly cause its widely used and microsoft wrote it what most virii do is they use Outlook to send itself out to all the people on your email list.. So choose your email software wisely



Thoes are just some good tips that everyone should know..


Now going into more details of finding virii without relying on ur virus scanner



It is a known fact that new virii are produced everyday and are spread pretty widely by a wide range of diff types of people. When dealing with a virus you should always do research on it and try to find out if anyone elese has had the same type of problems or discovered what it was. Last week my friend vanessa got infected with a virus and every 10 mins or so messages would pop up saying things like "Patch the leaks or the ship will sink" I of course had never heard of this virus before but knew right away how to find out what it was..

I went to www.google.com and type in "Patch the leaks or the ship will sink" with the quotes and all because that was the exact message given by the virus... It of course found MANY results.. many of which were not english but i found www.mcafee.com which had a lot of info on the virus includeing removal instructions..

You best friends when it comes to a virus are..

Common sense, Google, AVP(anti virus protection), firewall, and our good old buddy RegEdit


Regedit is great if u know how to use it but should not be messed with if you do not understand it.. Im not going into details on exactly how to use reg edit to its fullest extent but just enough to help you if u need it..

The virus vanessa was infected with used a file called blaargh.exe so i went to START then FIND FILES OR FOLDERS and found blaargh.exe

it was a new file and i did research on it and found it linked with the virus (duh) turns out it spreads thew kazaa with files shared by infected users...


some info on the virus i found was this

Name: Win32.Worm.Supova.A / B / C
Aliases: W32/Supova.Worm (McAfee, NAV), Worm.P2P.Surnova (AVP)
Type: Executable P2P Worm
Size: 40960 (version A), 45056 (version B), or 49152 bytes (version C)
Discovered: 13 July 2002
Detected: 13 July 2002, 01:00 (GMT+2)
Spreading: Medium
Damage: Low
ITW: Yes


the rest of the information comes from here http://www.bullguard.com/virus/93.aspx *quote his sources*

Symptoms
- one or more files named Alles-ist-vorbei.exe, Desktop-shooting.exe, Hello-Kitty.exe, BigMac.exe, Hellokitty.exe, Cheese-Burger.exe or Blaargh.exe in the Windows folder, matching in size one of the values listed above;

- the registry entry HKLM\Software\Microsoft\CurrentVersion\Run\SuperNova referring one of the files above;

- a lot of copies of the virus (with different names, but all aprox. 40 / 44 / 48 KB in size) in the Windows Media folder (usually C:\Windows\Media or C:\WinNT\Media).


Technical description
This is another worm that uses the KaZaA file sharing network to spread itself; it also tries to replicate via MSN Messenger. All three versions were written in Visual Basic.

It usually only displays a message box in an attempt to trick the user into thinking that the downloaded application crashed:

When the user clicks OK, the virus copies itself in the Windows folder, using one of the following filenames:
Alles-ist-vorbei.exe
Desktop-shooting.exe
Hello-Kitty.exe
BigMac.exe
Hellokitty.exe (version A only)
Cheese-Burger.exe
Blaargh.exe (versions B and C only)

It will then attempt to send itself to the user's contacts in the MSN Messenger friends list; the instant message sent includes a text from this list:

Hehe, check this out :-)
Funny, check it out (h)
LOL!! See this
LOL!! Check this out


This brings us to another point, never accept files even from friends unles u were expecting it or know EXACTLY what it is or you too might infect your friends..



well the list continues with information and removal instructions using reg edit


Removal
Manual Removal:
- Invoke task manager (by pressing CTRL+ALT+DEL once in Windows 95/98/ME, or CTRL+SHIFT+ESC in Windows NT/2000/XP) and terminate the process (or processes) corresponding to the filenames listed in the Symptoms section; doing this, or starting Windows in safe mode, will then allow you to remove (using REGEDIT) the malicious registry entries described above. You should also remove all the copies of the virus in the Windows Media folder; these are all EXE files, and they have sizes of 40960, 45056 or 49152 bytes.
Automatic Removal:
- Let BullGuard (or other AVP that detectes the files to remove it)


basicly how u can do this is by finding the files associated with the virus and remove all traces of them from the registry


lets say the virus files are "virus.exe" and "virus2.exe" *ull never see a virus like this unless someone was a real idiot *

Then go to the CTRL ALT DEL task list and find the 2 files and hit END PROCESS

after you are sure they are closed go to START , FIND FILES OR FOLDERS, and delete thoes 2 files..

After that go to START RUN and type "Regedit" and hit ENTER or OK

this will open reg edit... Then hit EDIT under regedit and hit FIND and type in "virus.exe"

and hit FIND NEXT this will find any registry that uses that file..

after it finds sumthing right click it and hit DELETE then hit F3 to continue to find the next file associated with it

do this till it says nothing is found

then go on to do the same thing with virus2.exe

after this shut down ur computer and leave it off for 10 seconds (u should always do this instead of hitting RESTART) then turn back on your computer

and check for the virus again and the virus files.. if u get any errors seek further assitance on why the errors pop up or search the registry and delete whatever is makeing the errors pop up..


I do not suggest any newbies trying to use reg edit as i described and you should have a good idea of what ur doing before u do it or u might remove something u needed... Always leave anti-virus to the experts such as mcafee and norton


Well guys that draws this tutorial to an end...

Please let me know what you thought or if u have any more questions!


--NetSyN

*all i got to say in closeing is THANK GOD i copied this tutorial and pasted it to a txt file and saved it before i hit post because my IE crashed and i woulda lost everything i just typed by hand.... gotta love common sense and predicting your software*