I recently noticed a spurt in the traffic to my blog which is apparently caused by people looking for answers to the Nhatquanghlan worm. Well, over here in Chandigarh, it seems that this virus is just about in all computers and is being spread by the ubiquitous pen/usb/zip/thumb drive. From my ruminations on the net and frequent tinkering around the ward computer that gets reinfected almost every day, I have made certain observations that seem to make some conclusions about this worm.
1. This worm spreads by USB drives though it is possible that other portable media may be involved too.
2. It causes the task manager, the folder options, registry files to be altered.
3. It can be diagnosed by the above symptoms.
4. There is a crappy looking folder icon that is seen (with same name as the original folder), the file size of which is 282 kb.
5. It makes the computer slow down, and no anti-virus as of now seems to catch hold of it.
6. Inability to stop the USB drive from remove hardware safely option.
7. Inability to format the USB drive.
8. The worm is an autorun .exe file and executes and infects every time a USB drive is plugged in.
Cure:
1. Download Hijack this(free), and the task manager fix of the interra group (also free), and a program called spybot killer.
2. Run the hijack this (rename it first or it wont start), and fix all files with scvhost.exe (not svchost.exe), run spybot, and then task manager fix. This should cure it. As u learn more about viruses, hijack this is probably the most useful program to have.
3. Reboot, and should run ok.
Prevention:
1. USB hygiene is paramount. Disable autorun (wont happen unless infection is cleared first) using administrative tools.
2. Do not run any program from the USB drive, copy paste on to computer first.
3. Scan USB drive all the times.
4. Format USB drive often.
5. Read about hakaglan on the web.
1. This worm spreads by USB drives though it is possible that other portable media may be involved too.
2. It causes the task manager, the folder options, registry files to be altered.
3. It can be diagnosed by the above symptoms.
4. There is a crappy looking folder icon that is seen (with same name as the original folder), the file size of which is 282 kb.
5. It makes the computer slow down, and no anti-virus as of now seems to catch hold of it.
6. Inability to stop the USB drive from remove hardware safely option.
7. Inability to format the USB drive.
8. The worm is an autorun .exe file and executes and infects every time a USB drive is plugged in.
Cure:
1. Download Hijack this(free), and the task manager fix of the interra group (also free), and a program called spybot killer.
2. Run the hijack this (rename it first or it wont start), and fix all files with scvhost.exe (not svchost.exe), run spybot, and then task manager fix. This should cure it. As u learn more about viruses, hijack this is probably the most useful program to have.
3. Reboot, and should run ok.
Prevention:
1. USB hygiene is paramount. Disable autorun (wont happen unless infection is cleared first) using administrative tools.
2. Do not run any program from the USB drive, copy paste on to computer first.
3. Scan USB drive all the times.
4. Format USB drive often.
5. Read about hakaglan on the web.
No comments:
Post a Comment