The original poster either wants to protect their identity, knowing that the post might be removed (and so would also be removed on timelines where it was shared), or has included a misspelled word that will allow them to identify people who have copied and pasted it and will target them in the future. However, that request is a good sign the post has some kind of malicious intent behind it. Usually, those posts ask us to copy and paste rather than share. We’ve all seen posts on our timelines from friends that say something that tugs on our emotions or makes us excited or curious. Here, we’ve listed the most common Facebook virus attacks and how to protect yourself from them. Some are fairly easy to spot and avoid, while others look fairly innocuous until it’s too late. There have been a host of Facebook virus attacks in the little over a decade it’s been in existence. But to help you do it all by yourself, we’ve gathered our best ideas and solutions below.įeatures described in this article refer to the MacPaw site version of CleanMyMac X. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Explorer.exe = C:\DOCUME~1\\LOCALS~1\Temp\.So here’s a tip for you: Download CleanMyMac to quickly solve some of the issues mentioned in this article. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Explorer.exe = C:\WINDOWS\.scr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run cintaku = C:\WINDOWS\.scr HKCU\Software\Microsoft\Windows\CurrentVersion\Run Zul_Cinta_Anick = C:\WINDOWS\system32\.com The virus creates the following startup Registry entries for its files: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden The "UncheckedValue" is set to 00000001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL The "CheckedValue" is set to 00000000 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt The "UncheckedValue" is set to 00000001 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced The "ShowSuperHidden" is set to 00000000 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL The "Type" is set to blank (the normal value of this is the string "radio") The following Registry entries are modified: The "Show all hidden files or folders" option is not available after the infection. To check for this modification, it is enough to open Windows Explorer, click on Tools menu, and choose Folder Options. The virus modifies the Registry so that a user can not change Windows Explorer's option to "Show all hidden files or folders". HKLM\SOFTWARE\Classes\comfile (default) = Demi Allah Zul cinta kamu Anick (the default value is "MS-DOS Application") Translation in English: Swear to God, Zul loves you Anick HKLM\SOFTWARE\Classes\batfile (default) = Kabatia (the default value is "MS-DOS Batch file") HKLM\SOFTWARE\Classes\exefile (default) = File Folder (the default value is "Application") The virus disables the Windows Task Manager and modifies the following Registry entries: So, this malware pretends to be a valid folder on a hard drive. The malware uses a folder icon for its executable file, it drops a copy of itself using the name of all existing folders into the root directory of all drives in an infected machine and then it hides the original folders by adjusting their attributes. %userprofile%\My Documents\My Pictures.exe It also drops the following files, which are copies of the virus: Upon execution, the virus drops a copy of itself with a random name to the Windows and Windows System directories:
0 Comments
Leave a Reply. |