Posted by jackmedia in Chat applications like Yahoo Messenger and Skype to be the target of malicious programs. This virus spreads by sending itself to all contacts in the address of the application to include a link to download the file.
The message as if the authentic message that is sent by a contact in YM / Skype you. But be careful never click the link provided, though sent by your friend.
“The actual message is not sent by your friend, but by ‘love rat’ alias to a successful virus infection of your friend’s computer,”.
According to the latest watched Vaksincom 10 February 2009, the link in the start-update by the creator of the virus and the file name changed to ‘Your_Dad_Has_Shit_Fetish_Too.PIF’.
Link in the message is that lead to YouTube, but it is false and in fact directed to the download site for free Rapidshare used to save a file virus.
Using free Rapidshare file sharing to spread itself is very effective and efficient because it does not require high effort and infrastructure / bandwidth Rapidshare is very good to spread the virus file.
“So you do not actually download the file from YouTube but from rapidshare.com address. This file has size of 130 KB is created by using Visual C ++ Language Program “.
Impact
If the file that is downloaded is executed, it will automatically create a random file name with the extension .tmp and .exe that will be stored in the directory [C: \ Documents and Settings \% username% \ Local Settings \ Temp] with a different name backgrounds.
For example, A415.tmp or 034.exe and drop files with the name Lady_Eats_Her_Shit – www.youtube.com, then this virus will execute a file . Tmp and . Exe has a dewdrop it.
At the time of the file that has the extension. Tmp on the run and he will copy the file into another file name that is vshost.exe which has 122 KB size, this file will be saved in the root of each drive [c: \ or d: \].
This virus will also take advantage of the Windows autorun feature to create file [autorun.inf] at the root of each drive and the Flash Disk, the making of this file is that it can be activated automatically every time the user access the drive / Flash Disk. Autorun file containing this script to run the file [vshost.exe].
How do you get rid of this thing? Got this and Troj/Buzus-E at the same time.
Please visit this site http://vaksin.com/2009/0209/coutsonif/Coutsonif.html in indonesian language