Answers:
Hi
My warning, a moment ago return with a software call Hijackthis, it will show you adjectives the processes on your computer, and you may eradicate the process
You may download this soft from
http://bj.b7thy.com
Good luck
Usually your Virus Protector will run past its sell-by date
Download Avast from www.avast.com its free and have the ultimate detection rate above Norton Mcafee and AVG =)
VBS/Postcard is a modern virus/worm. Computer
Associates did not receive client reports of
this virus, but is issuing a signature release
due to client inquiries.
VBS/Postcard exists in three parts. The main
letters is an entrenched scribble inside a HTML
page. Its worm section which exists as a WSF
profile and its payload portion as a VBE directory are
dropped onto the local system. The virus
infects positive network files surrounded by the Windows,
Windows\Temp, and Windows system directories.
It will also spread through map network
drives.
Certain configurations may not own Windows
Scripting Host associated next to WSF and VBE
files, thereby limiting its propagation.
Depending on settings, Internet Explorer, upon
startup, will prompt a user to run ActiveX
objects. If rejected, the virus will issue a
notification that ActiveX requirements to be activate in
demand to see its postcard and reload its code
until standard or Internet Explorer is forcibly
shut down.
If agreed, this HTML is displayed after the
virus' code have executed:
Happy foreign Millenium
Happy unusual year (2001).
Best wishes from:
your dear ...
The virus will first modify the registry
allowing script explicit as unsafe to be
run from the local device lacking being
prompted and sets the Internet Explorer
home page to the infected HTML report:
HKCU\Software\Microsoft\Window...
Settings\Zones\0\1201=0
HKLM\Software\Microsoft\Window...
Settings\Zones\0\1201=0
HKCU\Software\Microsoft\Intern... Explorer\Main\Start
Page=C:\WINDOWS\TEMP\millenium...
Next, the virus will drop itself (html) to:
C:\WINDOWS\SYSTEM\postcard.tif...
And copy this report to:
C:\WINDOWS\2001.{3050F3D9-98B5...
C:\WINDOWS\SYSTEM\dragonball.G... kokoro
hikareteku).{3050F3D9-98B5-11C...
C:\WINDOWS\TEMP\millenium.{305...
The virus will also copy its code to:
C:\WINDOWS\TEMP\<random
number>post-card.tif.{3050F3D9...
Next, the virus will drop its worm portion
into:
C:\WINDOWS\SYSTEM\[db.GT].wsf
The worm will propagate through Microsoft's
Outlook by sending one email per address book
to every address contained inwardly that address
book beside subject chosen at disorganized using the
current system time from the following:
Happy fresh Millenium (read the postcard (attached file))
Postcard for you is waiting (in attachment)
Happy 2001 (for more accomplishment check attached file)
Stroke of luck? surrounded by 2001? (happy 2001 -read attachment)
Goodies
You enjoy get a postcard (attached file)
Someone sent you a postcard (in attachment)
beside attachment:
"C:\WINDOWS\TEMP\<impulsive decimal
number>post-card.tif.{3050F3D9...
The following registry modifications are then
made:
HKLM\Software\Microsoft\Window... YuP -
[C]apsule [C]orp
HKLM\Software\Microsoft\Window...
Ball GT
Next, the virus will set out to infect all HTML,
SHTML, HTM, and ASP files in the Windows, temp,
and system directories by appending its code
to the end of the files.
The virus will enumerate all make friends drives and
copy itself from:
C:\WINDOWS\TEMP\millenium.{305...
to:
networkdrive:\\docs.{3050F3D9-...
The virus will drop a payload database onto the
local system:
C:\WINDOWS\SYSTEM\payl0ad.vbe
Finally, both the worm portion and the payload
files are executed. The payload code is meant
to disable the mouse and the baby grand.
It will after unfold up WordPad and display:
DB FaMiLy sTrIkEz oNe MoRe Time wiTh: DB.GT
today we infected you but tommorow we will
infect rest of the ANIME WORLD. YuP
[C]apsule[C]orp
If it is Monday 4am or 4pm at 32, 37, 38
minutes, this payload will execute. If it is
Thursday 2pm or 4am, the virus will loop
indefinitely until the minute strikes 40, 42,
43, or 45.
IPE signature update 1164 provides detection
for VBS/PostCard.