No doubt, the virus-Maxtrox that Windx previously entered into the top ten but got the last order, this time he immediately raced to the first order. The rest, still occurs chase between each of the virus. Only one new virus that is Fdshield, who entered ranked this time, the rest is a virus variant or old. Here is a list of more:

1. Windx-Maxtrox

Viruses are created with Visual Basic has the original size of about 77Kb, without in-pack. Viruses that allegedly came from the area of North Sulawesi has an executable file infection capabilities. Rather, it will infect existing programs in the Program Files directory. Infection techniques he applied smart enough to avoid detection by antivirus heuristic engine. Characteristics that can be recognized on infected computers is changing the desktop wallpaper images into animated images.

2. AutoIt variant

The characteristics of this virus is made using a scripting automation program. What if the compiled into an executable file, which is also on-pack with UPX. And nearly 90% AutoIt virus variants and all we have, using icons like folders in disguise. The virus is also usually will create an autorun.inf file on a disk drive when you strike or flash drives.

3. Malingsi

The virus was fat with the size of 705,312 bytes was created using Visual Basic in-pack using PECompact. It seems this virus is intended to attack other viruses, can be seen from the message in your body. These viruses multiply and spread using mIRC intermediary, which acts as a bot.

4. Recycler variant

Which is characteristic of this virus is how it spread technique. Of all the variants that we have, the way he did is the same, that is disguised like Recycle Bin. For example while it attacks flash disk. In the flash disk there will be a victim with a Recycler folder that contains folders using alpha numeric names such as “S-1-5-21-1482476501-1644491937-682003330-1013″ with a icon similar to the Recycle Bin icon. If this folder is clicked or accessed from the Explorer, the file will not appear viruses. To see it, you can go to the command prompt with the command “dir / a”.

5. Fdshield

Viruses are created using Delphi language uses the icon that resembles the Internet Explorer. Has a file size of 553,472 bytes, with no on-pack. One thing is obvious from these viruses is the name used when spread, which reads “17 + + & Secret Women Sexs artis Indonesia (foto2_kamera tersembunyi_liputan). Exe”. For users who have not the heart – heart, will think the file is a HTML file. If you look at the directory C: \ Windows \ System32, will find a master file with the name “rundl32.exe”. Do not be fooled again! That was not part of the Windows files, but it was a virus file. Note the letter “L” is just one. And now look at the Task Schedule, there is a new Job with the name “Windows FD Shield” which will execute the virus file at a time when he had set.

6. Purwo variant

Another new variant, Purwo.C, was created using Visual Basic, with the body size of about 56KB, pure in-pack. This virus uses a Word document icon similar to defraud MsOffice’s victim. When it infects creates a folder with the name “Purwokerto Under Cover” is given the hidden attribute, and contains a file named “KoruptorPurwokerto.exe” on each drive that he had found. In the folder C: \ Windows \ System32 \ system also windowss.exe files, and in C: \ Windows \ javaa \ service.exe. At certain times it will show a black screen that contains the text message from the manufacturer. And be careful, this virus will delete some files that he’s met you.

7. Formalin

Icons used by this virus resembles like a folder, and he created using Visual Basic. In Formalin.D, the file size of 18,432 bytes, with on-pack conditions using UPX. This virus creates a folder “disguise” with names such as leaks about the UAN and UAS, My Completed Downloads, Wallpaper Picture, Crack Program, Jgn open!, Nitip Data (jgn removed), and so forth. At the infected computer, the Internet Explorer caption will be changed to “Your computer has been infected the virus Formalin”. He also tried to disable “safe-mode” by deleting a few registry-related. And the properties of the virus file, in the description of version information will be written as “Kasian DCH loe”.

8. Raider.vbs variant

This VBScript virus type virus if the file is opened with Notepad, not a lot of strings that can be read because of the encrypted condition. This has become a habit in each variant. Typically, the Registry, it will give recognition to create a new key in HKEY_LOCAL_MACHINE \ SOFTWARE with the same name as the name of the computer name, the contents of a string value as a virus, Raider, and the date of the first computer infected.

8. Autorunme variant

Viruses are not the production of this pack of local programmers using PECompact. He does not have an icon, just use the default icon from the Windows applications. When infected, he tried to instill the parent file in the directory C: \ Windows \ System with names and msvc32s.exe with hidden and system attributes, and create new autorun in registry with the name “Windows

Source: http://randize.co.cc/news/daftar-virus-tahun-2009.html