Thursday, March 11, 2004

I hope I fixed it

It's about the post I made yesterday. I tried to do the same with my notebook and updated the virus-definitions. I finally found out what virus got into my pc.

Apparently it is known as W32.Bizec. It got into my pc when I enter a HTML page which exploits a vulnerability in Internet Explorer. It's something that relates to showhelp() but I don't know about the details of it.

Well, then the worm/virus will replicate itself to SYSTEM32 folder and creates a \sysmon folder. It then will create icq2003decrypt.dll, java32.dll , javaext.dll and etc in SYSTEM32 folder. A register entry will be made into HKEY_Current_User\Software\Windows\xxxx cannot remember. LOL. Something that points to sysmon folder. This will then instruct the pc to start up this virus each time the machine reboots. The effect of it will be stealing data from your pc and sending messages to all your contact list in ICQ promoting that obnoxious jokebiz M*ther F*cka virus.

I rebooted my machine 2 times, deleted the files that were created by the virus, quarantine some of it coz I just can't delete it. Basket! and removed the registry entry.

My ICQ did not disconnect itself yesterday. It performs way past the 1 minute mark. ^_^. Hehehehe