Virus That Attacks File MP3

For you who likes the music, especially for files with the MP3 format, you should start be careful because the current program appears to be tracking MP3 confiscate your MP3 files without looking at both pirated and original that all MP3s will be removed and replaced with a duplicate himself, so that the user suspicious he will not still using Windows Media Player icon.

This file is created with C + + language and is derived from the Mr.Coolface have the file size of 64 KB. Files have the extension exe (application) using Windows Media Player icon. On the face we will not know that the computer has been infected with this virus because it will not do much to block the function of Windows / tools but security will be enough to bring the impact of distressing because all the files with the MP3 format,. Inf, .VBS and will be deleted. This virus as W32/SmallwormBZH.

At the time the virus has entered the computer, it will create some files that will be run by parent the first time at the computer switched on and this time it will create itself as a service: C:\Windows\svchost.exe.

So that the file can be active every time the computer is operated, it will create itself as a service under the name Shell Software Detection service which will automatically run the file C:\Windows\svchost.exe.

Delete the file .MP3/.INF/.VBS

the main target of this virus is a file format that has .MP3/.INF/.VBS where he will attempt to delete the file and instead it will create a duplicate file in accordance with the deleted file with the characteristics: use the icon "Windows Media Player", size 64 KB, Exstensi exe, File Type "Application"

How to Smallworm BZH.

  • Disconnect the computer that will be cleared from the network computer,
  • Turn off System Restore during the cleaning process,
  • Turn off the virus active in memory. To kill it you can use Process explorer tools. Please download at www.sysinternals.com,
  • Remove string registry created by the virus to facilitate the elimination process, Please copy the script below on the notepad program, then save with the name repair.inf, Or download here

[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[Defaultinstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM,Software\CLASSES\batfile\shell\open\command,,,""%1""%*"
HKLM,Software\CLASSES\comfile\shell\open\command,,,""%1""%*"
HKLM,Software\CLASSES\exefile\shell\open\command,,,""%1""%*"
HKLM,Software\CLASSES\piffile\shell\open\command,,,""%1""%*"
HKLM,Software\CLASSES\regfile\shell\open\command,,,"regedit.exe"%1""
HKLM,Software\CLASSES\scrfile\shell\open\command,,,""%1""%*"
HKLM,SOFTWARE\Microsoft\WindowsNT\Current\Version\Winlogo,Shell,0,"Explorer.exe"
HKLM,SYSTEM\ControlSet001\Control\SafeBoot,AlternateShell,0,"cmd.exe"
HKLM,SYSTEM\ControlSet002\Control\SafeBoot,AlternateShell,0,"cmd.exe"
HKLM,SYSTEM\CurrentControlSet\Control\SafeBoot,AlternateShell,0,"cmd.exe"
[del]
HKLM,SYSTEM\ControlSet001\Services\Mr_CollFace
HKLM,SYSTEM\ControlSet002\Services\Mr_CollFace
HKLM,SYSTEM\CurrentControlSet\Services\Mr_CollFace

or download here

Run the file as follows : right-click repair.inf and click install

  • Delete the file and the main virus file is created by the virus. To simplify the process of elimination, please use Windows Search,
  • for optimal cleaning and prevent re-infection, protect the computer and network with your antivirus is capable to detect and eradicate this virus with both

loading...