Member Since: October 25, 2008
Answers: 4
Last Update: October 25, 2008
Visitors: 699
|
| |
I recently got a virus that makes my browser scroll down automatically, types in crap automatically and does all this crap to my computer. F*kin pisses me offffffffff!!!!!!!!!!!!!!!!!!! Do you know how I can get rid of it and not get it again i OMFG SO FRIGGAN AWSOME!!! HTTP:??WWW>ZIMLABS>NET?!!$&%%>HTML
hate it. all that crap in this paragraph is what the virus it typing in...please help!!!
Thanks (link)
|
Old question, but this may help anyone that still get manages to get infected.
This infection from zimlabs.net is called
W32/Lamo.worm otherwise known as CodeBlack
Upon execution, the worm copies itself to the following files.
* C:\CodeBlack.exe
* C:\WINDOWS\system32\CodeBlack.exe
* C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CodeBlack.exe
* A:\CodeBlack.exe
It then deletes the following files in the victim machine.
* C:\WINDOWS\system32\Restore\rstrui.exe
* C:\WINDOWS\system32\Cmd.Exe
* C:\Documents and Settings\All Users\Start Menu\Programs\PC Help & Tools\System Restore.exe
* C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.exe
* C:\WINDOWS\system32\taskmgr.exe
* C:\WINDOWS\system32\dllcache\msconfig.exe
* C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
The worm also adds the following registry entries.
* HKEY_CURRENT_USER\Software\America Online\ AOL Instant Messenger (TM)\CurrentVersion\Users\IAmGoneList
"GoneMsg0001" = " Aim Hacker 1.3 FREE!"
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page" = "http://www.zimlabs.net/[removed].exe"
* HKEY_CURRENT_USER\Control Panel\International "s1159" = "??????"
* HKEY_CURRENT_USER\Control Panel\International "s2359" = "??????"
The worm sends one of the following messages to AOL Instant Messenger users. The message has a link to "http://www.zimlabs.net/[removed].exe" that contains a copy of this worm.
It also attempts to copy itself to the following shared folders.
This can be found on the internet, but in the past I aswel got this infection from www.zimlabs.net no longer online.
I had the pleasure of meeting Zim via AIM/AOL instant messenger, and I cant wait to see what he comes up with in the future as this worm.. from what he had known at 11-13 when he compiled this infection.. The next will get alot more hits.
Hope this helps.
Use McAfee, Kaspersky, Nortan, AVG or Panda to remove. I recommend BitDefender.
|
|
Rating: 5
| |
pretty fucking late haha but good answer :)
|
|