Old 11-01-2012, 08:34 AM
  post #1
g00gle
အထူးအသင္း၀င္
 
အသင္း၀င္ေန႔စြဲ: Nov 2010
ေရးသားခ်က္မ်ား: 751
ႏိုင္ငံအလံ: Users Flag!
ေက်းဇူးတင္စကား: 12,278
ပို႔စ္ 754 ခုအတြက္ 6,476 ဦးမွ ေက်းဇူးတင္ေၾကာင္းေျပာပါသည္။
g00gle will become famous soon enough
Facebook Virus

အခုတေလာ Facebook မွာ Virus ေတြ ျပန္႕ေနပါတယ္။ 2010 April ကေန စျပီး Ramit ဆိုတဲ့ malware တစ္ေကာင္ ျပန္႕ေနတာ အခုတေလာ သိသိသာသာ ဆိုးလာပါတယ္။ Facebook account ေပါင္း 45,000 ေက်ာ္ရဲ႕ Log In password ေတြ ခိုးယူသြားျပီလို႕ ဆိုပါတယ္။

Virus ၀င္သြားတဲ့ Account ေတြက Facebook Wall, Groups, Page ေတြမွာ အလိုလို post တင္ပါတယ္။ ညစ္ညမ္း Video ကို ဒီမွာ ၾကည့္ဆိုျပီး လည္ေကာင္း၊ Timeline ျဖဳတ္ေပးမယ္ဆိုတဲ့ လင့္ေတြကို လည္ေကာင္း အလိုလို တင္ပါတယ္။ တကယ္လို႕ စိတ္၀င္စားလို႕ click လုပ္ၾကည့္လိုက္ရင္ Virus ရွိတဲ့ Page တစ္ခုကို ေရာက္သြားပါတယ္။ တခ်ိဳ႕ page ေတြက Youtube ပံုစံ၊ Facebook ပံုစံ လုပ္ထားပါတယ္။ အဲဒီ Page မွာ Video ၾကည့္ဖို႕ ... ဒါေလးကို တခ်က္ click လုပ္ဖို႕ လိုတယ္၊ install လုပ္ဖို႕ လိုတယ္ဆိုျပီး ဆိုလာပါတယ္။ အဲဒါကို click လုပ္လိုက္မိပါက စက္ထဲကို virus install သြားျပီ ျဖစ္ပါတယ္။ (ကြ်န္ေတာ္ linux နဲ႕ စမ္းတာေတာ့ browsers ထဲကို install လုပ္တာေတြ႕ပါတယ္။ Linux ကိုလဲ ျပန္ျဖဳတ္လိုက္ပါတယ္)


စက္ထဲ Virus ေရာက္သြားက Windows မွာ Registry ကို ၀င္ျပင္ျပီး startup မွာ အလိုလို တက္ေစပါတယ္။ ေနာက္ ကိုယ့္ network, browsing activity စတာေတြကို control လုပ္လိုက္တယ္ ဆိုပါတယ္။ ကိုယ့္ရဲ႕ သူငယ္ခ်င္းေတြ accounts ကိုလဲ လင့္ေပးျပီး ျဖန္႕ပါတယ္။ Sep-Dec, 2011 ထိ Windows PC 800,000 ေလာက္ infected ျဖစ္ေနတယ္ ဆိုပါတယ္။

လူအမ်ားစုက email, facebook စတာေတြမွာ password တစ္မ်ိဳးထဲ သံုးၾကတဲ့အတြက္ facebook password ရတာနဲ႕ Gmail, Bank password ရသြားသလိုလဲ ျဖစ္ပါတယ္။

Virus မ၀င္ေအာင္ Facebook wall, groups, pages ေတြမွာ shortend URLs နဲ႕ တင္ထားတဲ့ posts ေတြကို သြားမႏွိပ္ပါနဲ႕။ Shortened urls ဆိုတာ bit.ly, is.gd, tinyurl.com, goo.gl စသျဖင့္ website လိပ္စာ အတိုေလးေတြကို ေျပာတာပါ။ အဲဒီလိပ္စာေတြ ေနာက္ကြယ္မွာ ဘာေတြ ရွိမွန္း အလြယ္တကူ မသိႏိုင္ပါ။ ျပန္ျပီး လိပ္စာရွည္ ျဖစ္ေအာင္ လုပ္လို႕ ရေပမဲ့ ထြက္လာတဲ့ လိပ္စာက http://facebook2011.blogspot.com တို႕လိုမ်ိဳး ျဖစ္ေနေသးတဲ့ အတြက္ စိတ္ခ်ျပီး ႏွိပ္လိုက္တာမ်ိဳး ျဖစ္ႏိုင္ပါေသးတယ္။

ကိုယ္မွားမိလိုက္၊ စပ္စုမိလိုက္တဲ့အတြက္ ကိုယ့္ကြန္ပ်ဴတာ သံုးတဲ့သူမ်ားပါ ထိခိုက္ႏိုင္တဲ့အတြက္ သတိနဲ႕ Shortened URLs မ်ား မႏွိပ္ၾကရန္ တိုက္တြန္းပါတယ္။ ပို႕စ္တင္သူမ်ားလဲ shortened urls မ်ား ျဖစ္ႏိုင္ရင္ မသံုးတာ ေကာင္းပါတယ္။

If something doesn't work, break it and create a BETTER one.

Last edited by g00gle; 12-01-2012 at 02:54 AM..
g00gle is offline   Reply With Quote
ေအာက္ပါအသင္း၀င္ 16 ဦးတို႔မွ g00gle အား ေက်းဇူးတင္စကား ေျပာၾကားသြားပါသည္။
Old 14-01-2012, 01:07 PM
  post #2
ေက်ာ္တိုး
MF Contributor
 
ေက်ာ္တိုး's Avatar
 
အသင္း၀င္ေန႔စြဲ: Dec 2010
တည္ေနရာ: THAI LAND
ေရးသားခ်က္မ်ား: 236
ႏိုင္ငံအလံ: Users Flag!
ေက်းဇူးတင္စကား: 870
ပို႔စ္ 211 ခုအတြက္ 1,245 ဦးမွ ေက်းဇူးတင္ေၾကာင္းေျပာပါသည္။
ေက်ာ္တိုး is on a distinguished road
ျပန္စာ - Facebook Virus

အဲဒီအေကာင္ကၽြန္ေတာ့စက္ကိုကိုက္ပါတယ္..ေတာ္ေတာ္ကိုဆိုးပါတယ္..firefox သံုးလို႕ကိုမရေတာ့ေလာက္ေအာင္ျဖစ္ပါတယ္..

ဘာပဲဖြင့္ဖြင့္ကိုယ္ဖြင့္တဲ့ ဆိုဒ္ကိုအရင္သြားၿပီးခဏၾကာေတာ့သူ႕ဆီကိုေရာက္သြားပါတယ္..ရွိတဲ့ Antivirus ေတြလဲကိုက္တယ္ေတာ့ေျပာတယ္မရွင္းႏုိင္ဘူးေျပာပါတယ္..firefox ကိုျဖတ္ၿပီး

Cclear နဲ႕ရွင္းျပန္သြင္းေတာ့လဲမထူးပါဘူး..ေနာက္ဆံုးေတာ့ေအာက္ကေကာင္ေလးနဲ႕ရွင္းႏုိင္သြားပါတယ္

ကီးေလးပါပါတယ္ ယူလိုက္ပါ

http://ifile.it/jiazetp/Malwarebytes...maker-CORE.rar

ေက်ာ္တိုး is offline   Reply With Quote
ေအာက္ပါအသင္း၀င္ 12 ဦးတို႔မွ ေက်ာ္တိုး အား ေက်းဇူးတင္စကား ေျပာၾကားသြားပါသည္။
Old 21-06-2012, 08:01 AM
  post #3
g00gle
အထူးအသင္း၀င္
 
အသင္း၀င္ေန႔စြဲ: Nov 2010
ေရးသားခ်က္မ်ား: 751
ႏိုင္ငံအလံ: Users Flag!
ေက်းဇူးတင္စကား: 12,278
ပို႔စ္ 754 ခုအတြက္ 6,476 ဦးမွ ေက်းဇူးတင္ေၾကာင္းေျပာပါသည္။
g00gle will become famous soon enough
ျပန္စာ - Facebook Virus

အခုတေလာ ဘဂၤလားက လူေတြ ေဖ့ဘြတ္မွာ scam links ေတြ လိုက္တင္ေနတာ ေတြ႕တယ္။ goo.gl လို႕လို shortened လုပ္ထားတဲ့ url ကို မဖြင့္တာ ေကာင္းပါတယ္။ ဖြင့္မိလို့ တျခား website ကို ေရာက္ရင္လဲ ဘာမွကို မႏွိပ္ပဲ Ctrl + Shift + Escape ႏွိပ္ျပီး Task Manager ကို ဖြင့္။ Chrome.exe / Firefox.exe စတဲ့ျဖင့္ browser ကို End Process လုပ္ပလိုက္ပါ။ Hack ထားတယ္ဆိုတဲ့ ဆိုက္ေတြလဲ မၾကည့္တာ ေကာင္းပါတယ္။

soccer myanmar page က link တစ္ခုမွာ virus အေၾကာင္း ေရးထားလို႕ ဒီမွာ ျပန္ကူးလိုက္ပါတယ္။ virus remove အတြက္ကလြဲျပီး ဒီထဲမွာ ပါတဲ့ လင့္ေတြလဲ မႏွိပ္လိုက္ပါနဲ႕။

Quote:
File Name:Naka.exe
File size:2097152 bytes
Filetype:PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
MD5:a1b720650f4e943a13a1f97623ce98c9
SHA1:74d577f352bbc675271c640f0ee04f5f7544097c
File URL: http://goo.gl/Ht [file is deleted - due to Suspend Hosting- Thank you Mike from GoDady who taking care this :)]
This is script kiddie who uses the program to generate the worm:
blackburnbbhh@gmail.com
These are his contact numbers to recover the password.... Any authority can contact these numbers for cyber criminal:
+8801917665290
+01919834692


First of all, THERE IS NO INFECTED AT ALL IN BURMA with that worm. You want to name "NAKA", we can name it "BSGH" - "Bangalishit Script-kiddie Got Hacked".
They think, Burmese people use PC like poor BD guys use. We use Mac and Linux!! Go and develop yourself to write a virus for Linux if you got skills, but we got skill in disassembly too.

1)
The worm modifies the IPs in Host file for Facebook, Google IP addresses to redirect to their website. If someone visit the Facebook with infected PC, they may think, this guy hacked Facebook, Real idiots! They don't know how Burmese people surf the web, everyone know host files, and everyone know how to bypass the big firewall of Government of Burma.

66.220.153.74 http://bdblackhats.com <=== To replace with Facebook
73.194.69.104 http://bdblackhats.com <=== To replace with Google
If you see in your host file, please kill these two lines.

2) Fake Msg : "This program has known Compaitablity Issues In VirturalBox. Please Run It Normally. The Application Will Now Close. Thankyou."
Fake Msg : "This program has known Compaitablity Issues In VirturalBox. Please Run It Normally. The Application Will Now Close. Thankyou." for SpyBot S&D


3)
Logger Email Address: torechudikhankirpola@gmail.com Password: +8801015209
Now we deleted their email, that account is created for malicious purposed only to get log from Burmese PC. We have report Google about this account not to accept the recovery request since we have proof.
You can look at following URL:
1#OWNED http://i50.tinypic.com/2u6pifk.gif
2#OWNED http://i45.tinypic.com/20js0vb.gif <== After I saw one activity to recover the password, really your confirmation code in my phone. LOL! So I am ready to do this.
3#TANGODOWN http://i49.tinypic.com/35d8g9h.gif <=== Ouch! That may hurt to BD guys!

4)
It has AntiNorman, AntiNOD32, AntiZoneAlarm, AntiBitDefender, AntiKaspers, AntiWireShark. So those anvirus can’t detect it. Avast, AVG, BitDefender, ClamAV, F-Secure, G-Data, Kaspersky, Panda, Quick Heal, VBA32, VirusBuster will not detect this.

Don’t worry, the worm “Generic.dx!” CAN BE detect with following antiviris : AntiVir, CPSecure, Dr.Web, Emsisoft, ESET, F-PORT, IKARUS, SOPHAS.

5)
You can find exe files (NakaNaka.exe, Naka.exe) in infected system.
Dll files are used: ntdll.dll , advapi2.dll, kernel32.dll for running the worm.
Batch file : MELT.bat, the batch file has command to delete C:\Windows\winlogon.exe.
6)
Once you run the file, it may infect your pc to log and send email to that email and disable some functions such as Run, CMD.exe and Task Managers. And it kills the some tasklists by following command, the worm, it runs "SC stop wscsvc", "SC stop SharedAccess" and run command “TASKKILL /F /T /IM in order to infect.


7)
For "RUN" problem please visit at http://technet.microsoft.com/en-us/l.../cc938270.aspx
For Task Manager Problem please visit at http://support.microsoft.com/kb/555480,
For CMD.exe problem, please do following system:
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f


8)
And they worm will hide their files in hidden. Because the worm executed to change register key to be 1.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
[1 is Hidden, 2 is Visible]

LOL, i don't know why this URL is used for http://automation.whatismyip.com/, that URL is already block for long time ago from whatismyip.com.

9)
The worm has abilities to spam at Yahoo, Live and Skype with fake message and file.

You may need to clean following files too.
C:\Documents and Settings\Username\Local Settings\Application Data\Yahoo Messenger\y.src

Y.src is for Yahoo Messenger sharable file to spread at your chat.
C:\Documents and Settings\Username\Local Settings\ Application\Data\Microsoft Messager\mypornpics.src
mypornpics.src sharable file to spread at your chat at Live/Hotmail Chat.

C:\Windows\System32\sy4c.vbs - SKYPE4COM – SKYPE
If your computer is infected, your account may send to your friend with this message:” Hey Check out my new program” At Skype.


10)
You may need to check your Registery at following:
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\AppPaths
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\Ploicies\Explorer
NoControlPanel <=== remove it

11)
Universalwashere <==== If you see account your account password is changed, try this password, if you see new account in your system with that name, that is the password/username. Please remove/change it.

If something doesn't work, break it and create a BETTER one.

Last edited by g00gle; 21-06-2012 at 08:03 AM..
g00gle is offline   Reply With Quote
ေအာက္ပါအသင္း၀င္ 8 ဦးတို႔မွ g00gle အား ေက်းဇူးတင္စကား ေျပာၾကားသြားပါသည္။
Reply

တန္ဆာပလာမ်ား
ေဖာ္ျပမႈပံုစံ

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

ဖိုရမ္ေတြ ေက်ာ္ေရာက္ခ်င္ရင္ !

အျခားဆင္တူေဆြးေႏြးခ်က္မ်ား
ေဆြးေႏြးခ်က္ စတင္ေရးသားသူ ကြပ္ပ်စ္၀ိုင္း ျပန္စာမ်ား ေနာက္ဆံုးပို႔စ္
ကြန္ျပဴတာမွာ Virus ႐ွိပါၿပီ Task Manger, Folder Options and Registry ကုိျပန္လည္ျပင္ဆင္ျခင္း poekaunglay87 Virus & Anti-virus ပိုင္းဆိုင္ရာ 19 21-03-2012 10:28 PM
Facebook Virus ကိုဘယ္လိုရွင္းမလဲ ေအးမင္းေမာင္ Virus & Anti-virus ပိုင္းဆိုင္ရာ 0 30-07-2011 03:54 PM
Online Virus Scanners မ်ားအေၾကာင္း KznT Virus & Anti-virus ပိုင္းဆိုင္ရာ 0 28-03-2011 08:31 PM
Virus ႏွင့္ User မ်ား gnyi Virus & Anti-virus ပိုင္းဆိုင္ရာ 1 13-10-2010 06:30 PM


ဖိုရမ္၏ ပင္မအခ်ိန္သည္ ဂရင္းနစ္စံေတာ္ခ်ိန္ +6.5 ျဖစ္သည္။ေဒသစံေတာ္ခ်ိန္ 03:09 PM
Inactive Reminders By Icora Web Design