فايروس HLLP.Irok

كيف تزيل HLLP.Irok فايروس

HLLP.Irok فايروس

معلومات عن الفايروس و كيفية إصابته للكمبيوتر مع طريقة الحماية منه



Details HLLP.Irok This is a very dangerous, non-memory resident parasitic virus. The virus code itself is a DOS EXE program written in high-level language, encrypted and compressed. The virus infects DOS COM and EXE files, as well as Windows EXE files (in the same way - see below), and also has abilities to spread its copies via IRC channels and attached to e-mails. When an infected file is run, the virus scans directories listed in PATH, looks for COM and EXE files in there, and infects them. While infecting a file, the virus moves the file header to the file end, encrypts it and overwrites the file header with virus code. To return control to an infected program, the virus temporarily disinfects it and spawns. As a result of this infection method, the virus is able to infect EXE files of any type - DOS, Win16 and Win32. To spread itself to mIRC channels, the virus creates a SCRIPT.INI file in the MIRC directory and writes a set of commands to there. These commands send an infected file to each user, who joins the infected channel. The virus also checks messages in the channel, and the word "irok" is found in a message, the virus sends to the channel the following text: My computer is 0wned by IRoK v1.1 To send infected messages, the virus creates the IROKRUN.VBS file in the Windows start-up directory and writes a VBS program to there. This program gains access to MS Outlook, opens the address book and sends up to 60 messages by using addresses that are listed in there. The infected message has the following Subject and message body: Subject: I thought you might like to see this. Body I thought you might like this. I got it from paramount pictures website. It's a startrek screen saver. The virus is attached as DOS EXE file with the IROK.EXE name. The virus deletes the following anti-virus data files: ANTI-VIR.DAT, CHKLIST.MS, CHKLIST.CPS, VS.VSN, IVB.NTZ. Depending on some conditions, the virus corrupts disk files and plays the message: Some say the end is near. Some say we'll see Armageddon soon. I certainly hope we will. The only way to fix it is to flush it all away. Any fucking joint, any fuckin Day. Fuck all these gun toting hip gangster wannabes. Fuck your tattoes, fuck all you junkies and your short memory. I'm praying for rain, I'm prayin for tidal waves. I wanna see the ground give way. I wanna watch it all go down. Mah please flush it all away, I wanna see it go riding down. I wanna see it go riding. Watch you flush it all away. Where do bad folks go when they die? They don't goto heaven where the angels fly. They goto a lake of fire and fry. See em again till the 4th of July. People cry and people moan. look for a dry place to call their own, look for a dry place to rest there bones. Thanks for reading the text above, I've had enough time to remove the contents of your hard disk for you. :-) IRoK v1.1 - RaiD/SLAM[2000] The virus also contains the text strings: IRoK v1.1 is initializingall Hey You! <----------- >>> Push enter stupid!
عدد المشاهدات: 1479
يصيب الذاكرة الرئيسية - الرام (RAM): معلومات
يدمر البيانات على القرص الصلب - الهارد ديسك معلومات
يصيب نظام التشغيل - الدوس معلومات
يصيب ملفات التشغيلية (.EXE) معلومات
يصيب ملفات التشغيلية (.COM) معلومات
يصيب ملفات مكتبات الاتصال الخاصة بالبرامج (.DLL) معلومات
يصيب ملفات الويب المخزنة (.HTML, .HTM) معلومات
يصيب ملفات مايكروسوفت أوفيس (الورد, الاكسل, الباور بوينت) معلومات
يصيب البيوس (BIOS) معلومات
يصيب سجل تشغيل القرص الصلب (MBR) معلومات