If you are playing internet on internet cafe or transferring file data between another user , check is there yourdiskette contain file like this:
* My Love.exe
* Kenangan.exe
* Hallo.exe
* Puisi Cinta.exe
* My Heart.exe
* Jangan Dibuka.exe
* Mistery.exe
If contain, your diskette infected pesin virus, and if your antivirus not updated so the virus pesin Pesin was able generously to spread itself.
Simple but Efective
In fact the Pesin spreading technique very simple, in fact might beconsidered to be old.
But apparently this method really agreed with the condition for the user of the computer (warnet) in Indonesia that the utilisation of his diskette still quite high.
Pesin spread through the diskette mediation that was put into the computer that was infected to afterwards infect the other clean computer if the diskette that was infected was accessed by the other computer.
This method same like the beginning virus in the year 1986an like Brain or the local Denzuko virus that spread itself only melaui the diskette, but at that time the internet media does not yet develop like today so as his spreading was not phenomenal like Lovebug or Klez.
As additional information, unlike the virus that often spreads now, Pesin in fact not dienkripsi.
Might be his creator followed the view "Why in enkrip, sooner or later definitely will be successful in dekrip by vendor antivirus".
And this view had correctly him or might be said exact because enkripsi will not make the surviving virus older, only made more was difficult to in oprek then.
That made one virus surviving more for a long time was the manufacturer's care of the virus made use of the situation and the available condition and the virus that succeeded in spreading widely must not have the sophisticated programming or enjelimet.
One of the proof were the Annakournikova virus where the virus that succeeded in throwing the users of the internet into turmoil in 2001 was created by the Dutch adolescent who did not have knowledge that was extraordinary in the programming by using the manufacturer's program of the Kalamar virus, but this virus succeeded in deceiving the user of the internet to mengklik attachments to the dual extension that came because of promising the picture of the pretty tennis player Anna Kournikova.
Method
The first time being undertaken, Pesin would "undercover" as the process windows by the name of SysTask.exe (and not the application) so as to be not seen in the application in Task Manager.
Moreover, Pesin would copying himself to the directory C:\MyDocuments by the name of MyHeart.exe.
So that windows undertook himself automatically every time start, Pesin will change registri as follows:
* HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run LoadService="%System%\Systask.exe /run"
Where "%System% was the system directory to OS Windows like:"
* C:\Windows\System (Win 95/98/ME), C:\Windows\System32 (Win XP) dan C:\WINNT\System32 (Win NT/2000).
If succeeding in being active in the memory, Pesin will try to infect the available diskette with copying himself with one of the names below this:
*
My Love.exe
*
Kenangan.exe
*
Hallo.exe
*
Puisi Cinta.exe
*
My Heart.exe
*
Jangan Dibuka.exe
*
Mistery.exe
Seldom resembled Swen, Pesin tried to obstruct access to the application:
* Registry Editor
* System Configuration
* System Configuration Utility
So as the computer that was infected would the difficulty undertook to three applications above because of Mouse access and Keyboard to to three applications in the bloc. This was clever enough and definitely confused the user of the computer with the middle capacity although:). The dangerous matter that was contained by Pesin was him will try to change "Autoexec.bat" to remove the Windows folder and the Files Program. Saw that in lurked was the directory and the program data that did not have the economical value and could in install again repeated then could be concluded that this Pesin manufacturer did not mean bad like the manufacturer Explorezip or Kelz.E that destroyed all the datas of Ms Office from the user of the computer that was infected.
Disinfection
To disinfection Pesin, the step that must be carried out was as follows:
1.
For Windows ME and Windows XP activated beforehand System Restore.
2.
(Windows 95/98/ME), undertook Windows in Safe Mode or (Windows NT/2000/XP), entered Task Manager [Ctrl] [Shift] [Esc], the Clique of tabulation [Processes], the clique [the Name Image] to put the process in order in a manner the alphabet and looked for the process by the name of "SysTask.exe", then the clique very much in the "Systask.exe" process and the clique [End Process] to kill Pesin.
3.
Scan the computer with the program antivirus that terupdate and could recognise Pesin, we used Norman Virus Control that could in download in ftp.cbn.net.id/the vaccine and cleaned all file that was detected as Pesin.
4.
Cleaned registri that was changed by Pesin by means of (don't forget the back up beforehand registri you, all the mistakes in changed registri will cause OS damage to become your responsibility):
*
Undertook registry the editor by means of [Start] [Run] typed [Regedit] and pressed [Enter] you will get the menu of Registry Editor
*
Enter to registri:
HKEY LOCAL MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and in the right column removed registri
"LoadService"="%System%\SysTask.exe/run"
By means of the right clique and chose delete.
*
Kept came back registri you and restart the computer and now your computer clean from pesin