Google Local Exploit Virus

Huey, Dewey and Louie is the nephew of Uncle Donald is known for its mischief. But in Indonesia the internet world, at the end of 2009 has also been rang by Trio Kwek-Kwek others.


The first (Huey) is a virus that exploits such as Facebook Bredolab and Zbot, Dewey is a virus that exploits Yahoo Messenger and was analyzed by Vaksinis. The latter is Louie, a virus that directs all security access to Google’s site.

The following analysis of the virus action Google (Louie) who is known by the generic name and the detected W32/SmallTroj.VPCG infect thousands of computers in the country in early December 2009.

This virus needs to watch out because in addition to blocking access to security sites, it is also very difficult to remove manually and requires the Windows Live CD Mini PE to be cleaned thoroughly because it uses rootkit techniques which masquerade as the services and drivers.

Although the virus is created with Visual Basic programming language but the resulting effect is too much trouble, he will do a block of almost all security tools including antivirus commonly used by the user by way of reading the ‘filename’ of the application.

This virus will also block access to security websites and other websites that have been determined by the number switch to IP 209.85.225.99 which is the public ip google. So every time a user tries to access to certain websites, including website security / antivirus, so that appears not you want the web but the website www.google.com. To do this he would add the website address which will be on the block to a file with a name [ C:\Windows\System32\Drivers\etc\ hosts ]

Tell

Actually not too difficult to identify the characteristics of this virus, one of them is if the user accessing the web security / antivirus web it will be direct to the website www.google.com.

Another way that can be done is to check your windows host file. If there is IP address 209.85.225.99 which followed the website it’s likely your computer has been infected with this virus.

At the time the virus is activated, it will create some master files and download several other files from the web address that has been predetermined. This file will be stored in several locations that will be activated every time the computer boots. This virus will also disguise himself as a file and a Windows service so that drivers make the cleaning process.


To expedite the action it will also block some functions of Windows, including disabling system restore, disable the Windows Firewall, disable RPC DCOM, disable Service Pack 2 upgrade, or can not show hidden files by changing the string to the registry.

Incoming search terms for the article:

• W32/SmallTroj VPCG (6)
• remove w32/smalltroj vpcg (4)
• W32 SmallTroj VPCG (2)
• Virus Kwek (2)
• 209 85 225 99 virus (1)
• traffic-mafia google virus (1)
• traffic-updates google virus (1)
• virus block google acess (1)
• virus blocking traffic (1)
• virus google blok trio kwek kwek (1)
• W32/Smalltroj (1)
• W32/SmallTroj VPCG removal (1)
• SmallTroj VPCG (1)
• Smalltroj removal tool (1)
• Smalltroj (1)
• C:\windows\system32 italiano (1)
• exploiter digo (1)
• google C:\WINDOWS\system32\drivers\etc (1)
• google local exploit virus (1)
• google traffic-updates virus (1)
• google virus (1)
• how to remove financial host virus on facebook (1)
• ip address 209 85 225 99 (1)
• local hosts google virus (1)
• removal smalltroj vpcg (1)
• W32/SmallTroj VPCG remove (1)

Bookmark It !!!