virus of facebook

A computer virus that uses the popularity of Facebook to spread via email. To mengindarinya, refer to the email features of the virus carriers in the follow-up analysis of the virus Facebook Vaksincom about the following:

To spread the virus itself Facebook will send an email to all email addresses that have been obtained by attaching a ZIP attachment in the form. For those of you who have a Facebook account please be careful if you receive an email that seems to come from the Admin Facebook because of the possibility that the email contains a virus.

Email will be sent will have the characteristics as follows:

From: The Facebook Team "
Subject: Facebook Password Reset Confirmation.
Attachment: Facebook_Password_xxx.zip (Facebook_Password_xxx.exe)
Message:
Hey [name of recipient],
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team
Note: xxx is a random character

If we telurusi with the help of a network monitoring tools such as wireshark etherial or it can be seen clearly that the computer has been infected with the virus trying to send an email to some addresses which have been found to include a file attachment containing the virus.

In addition to sending an email that seems to come from the Admin Facebook, he also will make the infected computer as a spam server by sending an email to several email addresses obtained.

Antispyware invite false "Security Tools"

Other Action to be carried out by Facebook is a virus will download and install a fake antispyware program called "Security Tools". This fake antispyware will provide false information by displaying a row of a virus / trojan is successful in detection, false information usually will be displayed continuously at a given time.

If a user tries to perform the cleaning action using fake software then it will display the screen to allow users to purchase the software, if it appears that you should ignore it because you will not receive these antispyware software.

Antispyware will be made following files to make himself stay active:

* C: \ Documents and Settings \ All Users \ Application Data \ 47543326
* C: \ Documents and Settings \ Elvina \ Desktop \ security tools.lnk
* C: \ Windows \ temp \ _ex-08.exe
* C: \ Documents and Settings \ Elvina \ Start Menu \ Programs \ Security tools.lnk


As a supporter for him to remain active, he will make a few strings in the following registry:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
47543326 = C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ APPLIC ~ 1 \ 47543326 \ 47543326.exe
PromoReg = C: \ WINDOWS \ Temp \ _ex-08.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ 47543326
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Network UID =% user% _00127065
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion
Rlist

Action by antispyware "Security Tools"

* Displaying a message notification that the computer has been infected with a virus / spyware
* Displays a confirmation to update the database Antispyware Security Tools
* Restart the computer at a time Yeah ditetukan by displaying screen "Blue Sreen" as if there was an error in the system / computer hardware that have been infected.
* Changing Wallpapers / desktop Windows


Consider also other parts of Facebook by analysis of the virus Vaksincom:

* Virus Facebook: It's Fall, and Bitten Affected Dogs Appliances
* How To Clean Viruses Facebook?