berbagi hal-hal yang menarik seputar komputer dan lainnya

Get Paid to Click
Powered by Blogger.
Wednesday, October 20, 2010

PayBox

What exactly Paybox? Paybox is a new site which services or activities such as Paypal is for online transactions. The difference in Paybox there is an opportunity to earn $ $ $ for free.

Is Paybox scam? The answer, perhaps ... There is no guarantee that the Paybox is not a scam but no one can ensure Paybox is a scam. But it would not hurt to sign up.

Paybox remain active in order to accounts, you must log in every day or the contents of a brief survey once a week. One more thing that acquired the dollar but not the U.S. dollar value will be determined sometime after prelaunched Paybox promise but its value is not far from the U.S. dollar.

if you are curious want to see-saw Paybox or want list please visit www.PayBox.me
~VIRGO~ business, old site
Saturday, October 16, 2010

Ruhag (Raghu)

This virus born in GUJRAT,INDIA,ASIA. If your phone infected by this virus, many programs is crack/broke.

One of them is "FExplore", that program not gone/uninstal, but that program is INVISIBLE. If you uninstall the virus, "FExplorer" application is uninstall to and if you uninstall "FExplorer" application, the virus is still at your phone. These procedures can only run on an additional programs that is damaged due to the effects of this virus. How can i know that?. If your phone infected by this virus, you will find some files with name "RAGHU.txt" in some path in your phone (if you want to read/see that file, don't use FExplorer if your phone still infected by this virus, use the other program to browse your file like x-plore, etc). The contents of the file is like this :
----R A G H U-C R A C K----

VIRUS BORN IN SURAT(GUJRAT/INDIA/ASIA).

THE NAME OF THIS VIRUS IS RAGHU....
U KNOW WHY....????????

BECAUSE I LIKE VASTAV MOVIE AND SANJU BABA.

U LIKE THIS VIRUS?


SO MANY SOFTWARE CRACKS AND VIRUS AVAILABLE SOON....

RAGHU NAM HE RAGHU...

(MUSAFIR) ATE HE VIRUS DEKE JATE HE (VASTAV) ME VO VIRUS (SADAK) KE KISI GALLE PE BETHNE
WALE EK SANJU BABA KE FRIEND NE BANAYA HE JISKA (NAAM)......????(BHAI----NAAM TO HUM NAHI BATAENGE APNA..)



I LOVE SURAT----NO ONE CITY HAS THE LOVEBIRD"S LIKE ME N OTHER SURTI"S........



FROM --- (-) RAGHU & RINU (-)


PRODUCTS....

1.RAGHU.SIS (VIRUS)
2.RAGHU§R.SIS (VIRUS)
3.RAGHU§C.SIS (VIRUS)
4.RAGHU§MP3 PLAYER.SIS (TWO IN ONE MP3 PLAYER)





=> raghu.sis (download sample)
Thursday, October 14, 2010

ReadBud

In brief Readbud can be drawn as a site that pays its members to read the articles contained in those sites. Nice right? We can add to knowledge but also could earn in Dollars.

There are hundreds of categories that we can read the article in Readbud, but each member is restricted may only select a maximum of 50 categories. His article is only a short article and its contents are quite interesting, not bad for insight, so actually even if not paid would not hurt to be a member Readbud.

Well, now please friends take advantage of this free online business opportunities. Immediately register here. After registering check your email for confirmation of registration, then log into your account Readbud. The next stage click on "Interest" and select the preferred category of articles. To get earnings click "Articles" and then open the article and after reading do not forget to give rating of the article by clicking on the star image.

Potential revenue: each article which has been read his earnings between $ 0.02 - $ 0.06 plus $ 5 for each referral made withdrawals. Minimum payout in Readbud for $ 50 via paypal.

click "here" to join ReadBud
~VIRGO~ business, old site
Tuesday, October 12, 2010

Red Browser

'RedBrowser' is one of the viruses that had extension 'jar'. This virus is running on symbian-based mobile phone or more precisely symbian 2nd Edition (s60 v1-2). This virus can be run when the user activates it by intentionally or unintentionally. The composition of this virus is similar to the 'java' application program that exists on symbian mobile phone.

if you activate it, then you will be given a written (I do not know what the contents of the article, because a foreign language), then you are given 3 options that I think it will make your cell phone send sms as much as possible (fix me if I am wrong) .
how to make your handphone stop to sending sms, you have to restrat your handphone.

download : redbrowser.jar
Monday, October 11, 2010

hati-hati.a

HatiHati is an alias for a legitimate anti-theft application which suffers from two bugs in the 0.95 beta version of its code, causing worm-like behavior on devices running Symbian Series 60 Second Edition and older. An unauthorized, repackaged version of this flawed version also exists.

The anti-theft application was originally designed to send an SMS alert when it detects a change in the device's SIM card. If the device's MMC card is transferred to a new device however, the first bug in the code causes the application to copy itself onto the new device.

Once installed on the new device, the application considers the SIM card to be changed; the second bug then causes it to send a large number SMS messages to a predefined number, usually +3396003964. This may result in significant financial costs.

hatihati.a sample virus download
click here
Friday, October 8, 2010

phyton programing language

About

Python is a dynamic programming language that supports object-oriented programming. Python can be used for various software development purposes and can run on various operating systems. As with any dynamic programming language, Python is often used as a scripting language with an interpreter who teintergrasi in the operating system. Currently python code can run on a system-based:

* Linux / Unix
* Windows
* Mac OS X
* Java Virtual Machine
* OS / 2
* Amiga
* Palm
* Symbian

Python is distributed with several different licenses from several versions. See history in Python Copyright. However, in principle, Python can be obtained and used freely, even for commercial purposes. Python License does not conflict either by definition of Open Source and the General Public License (GPL).

History

Python was developed by Guido van Rossum in 1990 at CWI, Amsterdam as a continuation of the programming language ABC. The final version issued CWI is 1.2.

In 1995, Guido moved to CNRI Python development while continuing to proceed. The last version released is 1.6. In 2000, Guido and the Python core developers to move to BeOpen.com which is a commercial company and formed BeOpen PythonLabs. Python 2.0 released by BeOpen. After removing Python 2.0, Guido and some members of the team moved to DigitalCreations PythonLabs.

Currently Python development continue to be done by a group of programmers that coordinated Guido and the Python Software Foundation. Python Software Foundation is a non-profit organization that was formed as intellectual copyright holders of Python since version 2.1 and thereby prevent Python owned by commercial companies. Currently Python distribution has reached version 2.6.1 and version 3.0.

The name was chosen by Guido Python as a language of his creations for the love guido on the television show Monty Python's Flying Circus. Therefore, expressions are often typical of such events often appear in the correspondence between users of Python.

Features

Some of the features of Python is:

* Has an extensive bibliography; in the Python distribution has been provided by the modules 'ready-made' for various purposes.
* Have a clear grammar and easy to learn.
* Has a rule that allows the source code layout checks, reading back and rewrite the source code.
* Object-oriented.
* Have a system of automatic memory management (garbage collection, such as java)
* Modular, easy to develop by creating new modules, the modules can be built with Python or C / C + +.
* Have automatic garbage collection facilities, as well as the Java programming language, python has facilities computer memory usage settings so that the programmer does not need to do a computer memory settings directly.

download python + module + shell.sis (s60v1/2)
~VIRGO~ old site, python

ozicom virus / symbos.trojan.skulls

ozicom is symbian virus is a virus which I think is new and modern. if your cell phone infected with this virus, icons and system standard application program to be partially damaged / can not be opened.
of 44 global antivirus, just 1 antivirus that can detect this virus, namely "Fortinet" with the name of the virus ozicom "SymbOS / Skulls.fam! tr". if your cell phone infected with this virus, try to format it, there are 2 ways to format your symbian mobile phone, namely:

1. Soft format: the format of your current cell phone lights up with a way of press * # 7370 # then enter your security code, standard security code is "12345".

2. hard format: the format of your current mobile phones are switched off by pressing the '*' + '3 '+' call 'with the same time.

if you have the other step to remove this virus, please share with us.

ozicom download sample virus
Thursday, September 30, 2010

Create Virus sily.gen html wrapper

First is to create a virus with html code, the effect is to make the Nokia browser applications to not work and make applications TTPOD damaged, the virus is still working up to N70. The virus is detected by antivirus Avira (HTML / sily.gen [html script virus]).
To make it, take x-plore application.
x-plore open applications, (or can also use an application like notepad html file maker, dedit, systool), after the open, select Menu - File - New text file

After that, name the text file with the name "virushtml.html", remember the file name extension must be html (. Html)
Once completed, there will be a blank white screen where to write.
Please download and write the html code:

silly.gen script.txt

Once the code above is complete in his writing so when we save, how to select the file menu and REMEMBER remove the check mark on the option "Save as unicode" and then after the sign centangnya lost then we save / save. Once again REMEMBER Uncheck before the save!

source : "http://www.symbianers.co.cc/2010/04/vacebook-dan-virus-symbian-dengan.html"
Sunday, September 26, 2010

AV test file (EICAR)

The EICAR Standard AntiVirus Test File is a
combined effort by anti-virus vendors
throughout the world to implement one
standard by which customers can verify their
anti-virus installations.

To test your antivirus, copy the following
line into its own file, then save the file
with the name EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

if your av detects the file as a virus, it means that your av meets international standards.

EICAR.ORG
Friday, September 24, 2010

linkstoxx

Probably among my friends there who already know or become a member in Linkstoxx, I had just joined the end of this June. The interesting thing is of course because Linkstoxx earning it offers, the more active in Linkstoxx earnings would be even greater.

Another thing that makes Linstoxx very interesting to follow is the payout be sent automatically to our paypal account with no minimum payout. In addition, other unique thing is that each new member will immediately receive earnings if you join through a referral link but if you join without going through a referral link other people will not get payment from Linkstoxx. So to get the bonus registration please register through my link, www.linkstoxx.com.

The language used in Linkstoxx is French .. But do not worry it can be overcome by using translators or can find tutorials in English, if only add a new park or join a group it's not too difficult except when chatting or receive messages.

To register visit www.linkstoxx.com, then sign up .. Then fill the registration form,
Nom = name
Pronom = family name
Validate email = email address
Homene = male
Femme = woman,
then click the "inscription", the next step check email and follow the link provided for the activation or verification.

Furthermore, after successful verification, you can edit your profile, so click the menu "Parameteres de votre de compte".
If you want to change the password click "changer de mot de passe" and enter your new password in the "nouveau mot de passe".
To enter the address paypal click the "Gestion des paiement".

Furthermore, to raise money Euro, frequently add or invite friends to join in www.linkstoxx.com. In addition, you can also join the group or complete the job on offer www.linkstoxx.com. Now to find a link referral click "mes contacts", use the link to get referrals as much as possible.
~VIRGO~ business, old site
Wednesday, September 22, 2010

online scanner

one day I went to my friend's house to play the Internet. I am tempted by games that exist in a web address. after I download it, I go home and install it on my computer. no I know, apparently the game is a computer virus. I really want to scan it first, but my friend's computer and my computer does not have AV.

from my experience, I do not want it happening to you. so, if you have some suspicious file or a new file, you can scan it from here





Anti-virus check by VIRGO and VX heaven
Sunday, September 19, 2010

ziddu

click here to join

Ziddu.com provides hosting and file sharing service for FREE. You can upload a photo, video, audio and document any file, then share it with others. You will have unlimited capacity and every time I upload a maximum upload size 200MB

Not only that, in addition to free ziddu will also pay you if the file you uploaded and downloaded by others Because Ziddu share some revenue from advertising to our members.

How Ziddu will pay you?
Ziddu will pay $ 1 each file you downloaded 1000 times (accumulated all the download) or $ 0.001 each download.

Each of you has to invite one person to join in Ziddu then the person uploading a file pieces only, then you will get $ 0.1. Well if you can get 10 people then you've pocketed $ 1.

Benefits Join Ziddu:
1. FREE Ziddu aliases do not need to spend money, and you only need to upload a file of at least one fruit.
2. Passive income, because you do not need to do anything other than uploading the files whenever you like and to sharingnya to others.
3. You have the facility for free file storage with unlimited capacity.
4. You can share your files with ease, because it already provided a link to download. You can publish your file download link on the website, blogs, forums or anywhere else you like.

Unlike other programs, Ziddu not promising you rich quick, but at least it can provide additional income for you passively.

Once you join and upload at least one file, your next task is quite easy:
1. Encourage your members to upload a file is also minimal.
2. As a side also promote your file download link.

click here to join
~VIRGO~ business, old site
Tuesday, September 7, 2010

blank font disinfect.

if your phone infect by this virus, we didn't use any AV. we just need "Font Remover".
just follow this step:
1. download and install "font Remover", you can download it from here
2. open it and press "yes" to remove it
3. restart your phone
4. be happy and saftly

if you have some problem, please tell me. maybe i can't help you

blank_font.a

did you know, "blank font" use file '*.gdr' to be main file.
if you want to know how to make '*.gdr' file, please click here

this virus can't spread use bluetooth, mms, or any device, except someone try to spread this virus manually (like me, he...3x)

please look this pic.
pic.1


pic. 2


pic. 1 = phone screen before infect by this virus
pic. 2 = phone screen after infectes by this virus, we can see any word at there is INVISIBLE (not gone)

download:
blank font.sis
Monday, August 30, 2010

unmakesis

With UnMakeSIS you can easily see what files are packaged into the file. Sis. In addition UnMakeSIS also makes files. Pkg capable of knowing what would happen if the files are installed on the phone.

Features:
* Shows all files contained in the file. Sis and its language
* Unpack the file. Sis is

Download

source: http://annisk.blogspot.com/2007/08/aplikasi-unmakesis-dan-makesis.html
Thursday, August 12, 2010

symbian fonts maker

First of all u need:

* Easy GDR creator
* Font Remover
* Some 3rd party file manager like "smartfileman" or "fexplorer" or "x-Plore"

Be careful!!!!! We can't take any responsibility if u damage your phone!! This guide works for 6600/7610/6630 all firmwares, 100% tested by me. There are also some reports about serious problems with font changing on N-GAGE phones. On some devices it works just fine, but from other side, this can cause completely a dead phone

That’s all, let's do it:

Install and run Easy gdr creator, yeah I know, this soft is in thai and so it's a little bit difficult to use, but we will solve that

1.)

* Run it,
* select the first tab to edit menu text
* and choose font (ttf font file)

2.)

* Now choose font size
* type (ASC II or symbol extended)
* and load font (2)

3.)

* U will get something like on the pic above, if u are not satisfied u can change font type and size and than click on load again..
* Now just do the same for the other font types (messaging, soft keys, Header, etc)

4.)

* Choose compile to GDR, type in desired font name and choose save
than, send file GDR to your phone.
use fexplorer or x-plore or smartfileman to move GDR file from inbox to "c:\system\fonts"
you must make "fonts" folder manually

source : http://www.symbian-freak.com/tunning/fontquide/font.htm
Wednesday, August 11, 2010

about

name : mao jei lee (mujaf)
date of born : 25th of january 1994
phone : n3230 (symbian os 7 / s60v2 / symbian 2nd edition)
my place : ****************
~VIRGO~ old site

making simple virus

how to make this virus is very easy. the effect is only to disable the application programs

there is the necessary application program, namely "smartfileman" or "fexplorer" or "x-Plore" which essentially just to copy files from ROM (drive z:) to the main memory (drive c:)

the steps are as follows:

1. select a program application to be disabled. as an example, I would choose for disabled bluetoth
2. entered into the program "smartfileman" or "fexplorer" or "x-Plore" then copy the file named "BtUi.app" located in "Z: \ system \ apps \ BtUi" to the folder located at "C: \ system \ apps \ BtUi "(previously you should create a folder named BtUi in main memory, the folder will be used to attach the file" BtUi.app ")
3. step is completed, then see your bluetoth applications.

some viruses use this step.

if you find a mistake in writing the above, I apologize
Tuesday, July 20, 2010

top 10 virus

Here are the most dangerous cell phone viruses for symbian based cell phone. Like Computer, cell phone are also using system that keep the cell phone running in a proper way. Cell phone are having a problem as well with viruses that attach their operating system. There are quite a lot cell phone viruses. But here’s the most dangerous cell phone viruses for symbian based cell phone as one of the most popular operating system for cell phone. You have to kept away from it.

10. Cabir Virus

The target of this cell phone virus is Symbian s60v2 mobile phone. Cabir is a virus that spreads via a Bluetooth connection and come into your inbox with an interesting message. It won’t cause a fatal damage, but the battery of the cell phone will quickly run out because this virus periodically activate bluetooth of the infected cell phone.

9. Skulls Virus

The target of this virus is symbian cell phone and spread via the internet. The damage resulted is the mobile phone can not be used again except to call and receive calls.

8. CommWarrior Virus

The target of this virus is symbian s60v2 mobile phones. The Virus spreaded via bluetooth and MMS. It will send replication through MMS to all numbers in contacts, so will make your mobile phone bill high.

7. Locknut Virus

The target of this virus is the symbian s60 mobile phone and spread through the internet download. Locknut E, one variant of this virus, will damage important files in a Symbian system and causes the infected application could not be opened. By using that way, step by step the cell phone will be locked totally by this virus.

6. Fontal Virus

The target of this virus is symbian s60 mobile phone and spread through internet download. This virus will lock the cell phone in stages. It will finally lock the phone since it was first turned on.

5. Rommwar Virus

The Targets of this virus is symbian s60 cell phone and it’s spreaded through Bluetooth, MMS, and internet. This virus cause the phone can’t do booting and often restart itself.

4. DoomBoot Virus

The target of this virus is symbian S60 cell phone and spread via Bluetooth. Doomboot make files become corrupted, and after infecting a file, it will put other viruses such as Commwarrior into the mobile phone. Damaged file will prevent the phone to do rebooting. In addition, this virus also causes the battery run out quickly due to constant use bluetooth connection.

3. CardTrap Virus

The target of this virus are the symbian s60 mobile phone and Windows-based PC. It spread through the memory card and cause important applications become malfunctioned, the chaos system, and damage to the function of the keypad.

2. PBstealer Virus

The target of this virus is Symbian S60 cell phone and spread via bluetooth. This virus will copy the necessary data in the mobile phone, for example, contacts, to-do lists, notes to the format. txt and then will be spreaded to other mobile phone, using bluetooth.

1. AppDisabler

The target of this virus is symbian based mobile phone and spread through Bluetooth, MMS, and internet. This virus will install other dangerous viruses like Locknut, Cabir, Skulls, etc. Thus causing the entire operating system broken. You can say, this is the most dangerous viruses that never existed because they combine several types of viruses in once.


source

skulls disinfect. step

If you have a file manager on the phone that still works

This disinfection method works on a single phone if you have a working third party file manager on the phone.

1. Go to c:\System\apps\appinst and delete

• c:\System\apps\appinst
• c:\System\apps\menu
• c:\System\apps\mce

2. Open the applications menu
3. Look for web browser, it's icon should still be normal
4. Download F-Secure Mobile Anti-Virus (http://mobile.f-secure.com) for your device
5. Install F-Secure Mobile Anti-Virus
6. Start F-Secure mobile Anti-Virus
7. Scan your device to remove files used to block critical system applications
8. Go to application manager
9. Uninstall "Extended theme.sis"

skulls

Trojan:SymbOS/Skulls is distributed in a malicious SIS file named "Extended theme.SIS", allegedly a theme manager for Nokia 7610 smart phone (authored by "Tee-222").

Skulls.A and other Skulls trojans are targeted against Symbian Series 60 devices, but can also affect other Symbian devices, for example Nokia 9500, which is a Series 80 device. However when trying to install Skulls trojan on Nokia 9500, the user will get a warning that the SIS file is not intended for the device, so risk of accidental infection is low.



On installation, the trojan will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled. It will also cause all application icons to be replaced with picture of skull and cross bones; the icons don't refer to the actual applications anymore so none of the phone's normal applications will be able to start.



This basically means that if Skulls is installed, only calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function.

If you have installed Skulls, the most important thing is: do not to reboot the phone; follow the disinfection instructions in this description.


Installation

Skulls SIS file does not contain any malicious code as such, it is just a Symbian Installation file that installs critical System ROM binaries into C: drive in with exact same names and locations as in the ROM drive.

Symbian operating system has a feature which causes any file that is in C: drive replace file in ROM drive with identical name and location.

The application files installed by Skulls are normal Symbian OS files extracted from the phone ROM. However due to feature in Symbian OS, copying them into correct locations in the device C: drive, causes critical system applications fail to function.

commwar disinfect. step

disinfection

just can remove use "f-commwarrior" and "anti-commwarr"


or follow this step
CAUTION! this method will remove all data on the device including calendar and phone numbers:

• Power off the phone
• Remove your external memory card
• Hold the following three buttons down - "answer call" + "*" + "3"
• Keep holding down the buttons and power on the phone
• Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
• Your phone is now formatted
• Scan your memory card on your computer with "Avira" or "KAV" or maybe AnVir that has beselo variant in database
• Put your memory card on your phone, your phone is clean now

commwar.variant

Commwarrior is a worm that operates on Symbian Series 60 2nd Edition devices.
The worm is capable of spreading itself via Bluetooth and MMS.

Phones infected with Commwarrior will start searching for other devices within Bluetooth wireless range and will attempt to send infected SIS files to the discovered devices.

The SIS files that Commwarrior transmits are randomly named so that phone users cannot be warned to avoid files with any particular given name.

In addition to using Bluetooth, Commwarrior will also read the user's local address book for phone numbers and will then start sending MMS messages containing Commwarrior.

Name : Worm:SymbOS/Commwarrior
Category : Malware
Type : Worm
Platform : SymbOS
Origin : Russia

commwarrior has 15 variants :

• Commwarrior.B
• Commwarrior.C
• Commwarrior.D
• Commwarrior.E
• Commwarrior.F
• Commwarrior.G
• Commwarrior.H
• Commwarrior.I
• Commwarrior.J
• Commwarrior.K
• Commwarrior.L
• Commwarrior.M
• Commwarrior.N
• Commwarrior.Q
• Commwarrior.Z

free dowmload commwarrior :
commwar.a.sis
commwar.a.exe

commwar.c.sis
commwar.c.exe


commwar.g.sis

commwar.g.exe

beselo remove step


beselo just can remove with "FortiCleanUp Beselo"

or follow this step
CAUTION! this method will remove all data on the device including calendar and phone numbers:

• Power off the phone
• Remove your external memory card
• Hold the following three buttons down - "answer call" + "*" + "3"
• Keep holding down the buttons and power on the phone
• Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
• Your phone is now formatted
• Scan your memory card on your computer with "Avira" or "KAV" or maybe AnVir that has beselo variant in database
• Put your memory card on your phone, your phone is clean now

beselo.variant

Beselo is a MMS and Bluetooth worm family that operates on Symbian S60 Second Edition devices.

The Beselo family is very similar to the Commwarrior family but contains enough differences in the code base and behavior that it is counted as separate family.

beselo has 5 variants :

1. beselo.a
2. beselo.b
3. beselo.c
4. beselo.d
5. beselo.e

Variants Beselo.C, Beselo.D and Beselo.E are closely related to Beselo.B

Beselo.a details

Name : Worm:SymbOS/Beselo.A
Category : Malware
Type : Bluetooth-Worm
Platform : SymbOS
Origin : Asia
Date of Discovery: December 21, 2007

Infection

The worm's SIS installation package contains .exe, .ini, and .dat files named using a random format that has seven letters followed by the extension. For example, qsnpwsg.exe,qsnpwsg.ini, and qsnpwsg.dat.

When Beselo.A is run the installer will copy the worm's main executable to C:\system\data and execute. After execution the worm will copy its executable file to C:\system\apps with the same name as worm's main executable. Additionally, the worm creates a new unique SIS installation package to C:\systems\apps and recognizer to C:\system\recogs with the name that has the same first four letters as worm's executable. If the phone has a memory card the worm will also copy itself there. To summarize, here is a list of all files created in one installation using example filenames.

Files created on the phone:
• C:\system\data\qsnpwsg.exe
• C:\system\apps\qsnpwsg.exe
• C:\system\apps\qsnpwsg.sis
• C:\system\recogs\gsnp.mdl

The following file does not have a variable name:

• C:\system\data\SIMLanguage.dat

Files created on the memory card:
• E:\system\apps\qsnpwsg.exe
• E:\system\recogs\gsnp.mdl

Hiding and Protecting the Process from the User

Beselo.A attempts to hide its process from the user by running as executable, so that it is not visible in the standard application list. The process is visible in third party tools that show system processes. It is named with same random name as the worm's main executable.

The worm protects its process from being killed by setting the process type to "system". It is not possible to kill a system process.

Replication via MMS Messages

Beselo.A replicates using MMS with SIS files that have the text "Photo" as message body and a SIS file attachment named beauty.jpg, sex.mp3, or love.rm.

The MMS messages are sent to numbers found in the device phone book.

Replication via Bluetooth

Beselo.A replicates using Bluetooth in SIS files using the same name as the MMS messages. Bluetooth messages are attempt in one minute intervals to one phone number at a time.

The extension used in the worm installation file causes the message to be shown with an icon that indicates a broken media file.

Replication to an MMC Card

Beselo.A listens for any MMC cards inserted to the infected phone, and copies itself to inserted card. The infected card contains both the worm executable and the bootstrap component, so that if infected card is inserted into another phone it will also be infected.

Beselo.b details

Name : Worm:SymbOS/Beselo.B
Category : Malware
Type : Bluetooth-Worm
Platform : SymbOS
Origin : Asia
Date of Discovery: December 21, 2007

Beselo.B is an MMS and Bluetooth worm that operates on Symbian S60 Second Edition devices.

Beselo.B spreads via MMS messages and Bluetooth using the filenames beauty.jpg, sex.mp3, or love.rm

Infection

The worm's SIS installation package contains .exe, .ini, and .dat files named using a random format that has seven letters followed by the extension. For example, qsnpwsg.exe,qsnpwsg.ini, and qsnpwsg.dat.

When Beselo.B is run the installer will copy the worm's main executable to C:\system\data and execute. After execution the worm will copy its executable file to C:\system\apps with the same name as worm's main executable. Additionally, the worm creates a new unique SIS installation package to C:\systems\apps and recognizer to C:\system\recogs with the name that has the same first four letters as worm's executable. If the phone has a memory card the worm will also copy itself there. To summarize, here is a list of all files created in one installation using example filenames.

Files created on the phone:

• c:\system\data\qsnpwsg.exe
• c:\system\data\qsnpwsg.dat
• c:\system\data\qsnpwsg.ini
• c:\system\apps\qsnpwsg.exe
• c:\system\apps\qsnpwsg.sis
• c:\system\recogs\gsnp.mdl

Files created on the memory card:
• e:\system\apps\qsnpwsg.exe
• e:\system\recogs\gsnp.mdl

Hiding and Protecting the Process from the User

Beselo.B attempts to hide its process from the user by running as executable, so that it is not visible in the standard application list. The process is visible in third party tools that show system processes. It is named with same random name as the worm's main executable.

The worm protects its process from being killed by setting the process type to "system". It is not possible to kill a system process.

Replication via MMS Messages

Beselo.B replicates using MMS with SIS files that have the text "Photo" as message body and a SIS file attachment named beauty.jpg, sex.mp3, or love.rm.

The MMS messages are sent in 1 minute interval to either numbers found in the device phone book or else to internally generated numbers.

Beselo.B also listens for incoming SMS messages and responds to any message with an infected MMS message.

Replication via Bluetooth

Beselo.B replicates using Bluetooth in SIS files using the same name as the MMS messages. Bluetooth messages are attempt in one minute intervals to one phone number at a time.

The extension used in the worm installation file causes the message to be shown with an icon that indicates a broken media file.

Replication to an MMC Card

Beselo.B listens for any MMC cards inserted to the infected phone, and copies itself to inserted card. The infected card contains both the worm executable and the bootstrap component, so that if infected card is inserted into another phone it will also be infected.

free download beselo:
beselo.a.sis
beselo.a.exe


beselo.b.sis

beselo.b.exe

virus scine

Adware
Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. Those advertising spots usually can't be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security.

Backdoors
A backdoor can gain access to a computer by going around the computer access security mechanisms.

A program that is being executed in the background generally enables the attacker almost unlimited rights. User's personal data can be spied with the backdoor's help, but are mainly used to install further computer viruses or worms on the relevant system.

Boot viruses
The boot or master boot sector of hard drives is mainly infected by boot sector viruses. They overwrite important information necessary for the system execution. One of the awkward consequences: the computer system cannot be loaded any more…

Bot-Net
A Bot-Net is collection of softwarre bots, which run autonomously. A Bot-Net can comprise a collection of cracked machines running programs (usually referred to as worms, Trojans) under a common command and control infrastructure. Boot-Nets server various purposes, including Denial-of-service attacks, etc., partly without the affected PC user's knowledge. The main potential of Bot-Nets is that the networks can achieve dimensions on thousands of computers and its bandwidth sum bursts most conventional Internet accesses.

Dialer
A dialer is a computer programm that establishes a connection to the Internet or to another computer network through the telephone line or the digital ISDN network. Fraudsters use dialers to charge users high rates when dialing up to the Internet without their knowledge.

EICAR test file
The EICAR test file is a test pattern that was developed at the European Institute for Computer Antivirus Research for the purpose to test the functions of anti-virus programs. It is a text file which is 68 characters long and its file extension is “.COM” all virus scanners should recognize as virus.

Exploit
An exploit (vulnerability) is a computer program or script that takes advantage of a bug, glitch or vulnerability leading to privilege escalation or denial of service on a computer system. A form of an exploit for example are attacks from the Internet with the help of manipulated data packages. Programs can be infiltrated in order to obtain higher access.

Grayware
Grayware operates in a way similar to malware, but it is not spread to harm the users directly. It does not affect the system functionality as such. Mostly, information on the patterns of use is collected in order to either sell these data or to place advertisements systematically.

Hoaxes
The users have obtained virus alerts from the Internet for a few years and alerts against viruses in other networks that are supposed to spread via email. These alerts are spread per email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger".

Honeypot
A honeypot is a service (program or server), which is installed in a network.

It has the function to monitor a network and to protocol attacks. This service is unknown to the legitime user - because of this reason he is never addressed. If an attacker examines a network for the weak points and uses the services which are offered by a Honeypot, it is protocolled and an alert sets off.

Keystroke logging
Keystroke logging is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Like this, confidential and personal data, such as passwords or PINs, can be spied and sent to other computers via the Internet.

Macro viruses
Macro viruses are small programs that are written in the macro language of an application (e.g. WordBasic under WinWord 6.0) and that can normally only spread within documents of this application. Because of this, they are also called document viruses. In order to be active, they need that the corresponding applications are activated and that one of the infected macros has been executed. Unlike "normal" viruses, macro viruses do consequently not attack executable files but they do attack the documents of the corresponding host-application.

Polymorph viruses
Polymorph viruses are the real masters of disguise. They change their own programming codes - and are therefore very hard to detect.

Program viruses
A computer virus is a program that is capable to attach itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits his virulent code. The program execution of the host itself is not changed as a rule.

Scareware
The term scareware refers to software which has been designed with the intent to cause anxiety or panic. The victim could be tricked and feels threatened and usually accepts an offer to pay and have the inexistent threat removed. In some cases the victim is seduced to cause the attack himself by making him think this intervention will successfully remove the threat.

Script viruses and worms
Such viruses are extremely easy to program and they can spread - if the required technology is on hand - within a few hours via email round the globe.

Script viruses and worms use a script language such as Javascript, VBScript etc. to infiltrate in other new scripts or to spread by activation of operating system functions. This frequently happens via email or through the exchange of files (documents).

A worm is a program that multiplies itself but that does not infect the host. Worms can consequently not form part of other program sequences. Worms are often the only possibility to infiltrate any kind of damaging programs on systems with restrictive security measures.

Security Privacy Risk (SPR)
The term "SPR/" ("Security or Privacy Risk") refers to a program which can damage the security of your system, trigger program activities you do not want or harm your private environment.

Spyware
Spyware are so called spy programs that intercept or take partial control of a computer's operation without the user's informed consent. Spyware is designed to expolit infected computers for commerical gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements. AntiVir is able to detect this kind of software with the category "ADSPY" or "adware-spyware".

Trojan horses (short Trojans)
Trojans are pretty common nowadays. We are talking about programs that pretend to have a particular function, but that show their real image after execution and carry out a different function that, in most cases, is destructive. Trojan horses cannot multiply themselves, which differenciates them from viruses and worms. Most of them have an interesting name (SEX.EXE or STARTME.EXE) with the intention to induce the user to start the Trojan. Immediately after execution they become active and can, for example, format the hard drive. A dropper is a special form of Trojan that 'drops' viruses, i.e. embeds viruses on the computer system.

Zombie
A Zombie-PC is a computer that is infected with malware programs and that enables hackers to abuse computers via remote control for criminal purposes. The affected PC, for example, can start Denial-of-Service- (DoS) attacks at command or send spam and phishing emails.