Author Topic: "mamatay na ang mga taga-lipa"?  (Read 2912 times)

Offline lyvhien

  • Member
  • **
  • Posts: 219
"mamatay na ang mga taga-lipa"?
« on: June 27, 2007, 02:52:36 PM »
good day po..
ask ko lang, sa laptop ng father ko, once nag-open ng internet browser, mozilla at IE, may lumalabas sa title bar sa tabi ng
current application at browser name yung "mamatay na ang mga taga lipa".. sabi ko sa papa ko sa tingin ko virus yun,
sabi nya sa office nila kasi puro may ganun lahat ng pc..
sa laptop nya, so far wala namang effect other than sa dumadami yun laman ng hard disk nya, kaso puro invisible files, pag-scan naman gamit avg, nadedelete ko mga 10 infections, pag-check sa hard disk ganun pa din yun size ng HD.
pag-scan ako ulit avg, meron ulit 10 infections..

im telling my father na i-rereformat ko na yun laptop nya sa weekend. kaya lang kasi kung infected sa office nila, baka mahawa ulit yun laptop. di ko naman alam kung ano pang-block dun.
sa office nila kasi,parang naging part na ng screen nila yun "mamatay . .. "
sabi ko nga ipa-check nila IT nila..

may naka-experience na po ba sa inyo nito?

pa-share naman po what to do..

thanks in advance..
"I will not allow yesterday's success to lull me into today's complacency, for this is the great foundation of failure."

Offline Simbadda

  • Member
  • **
  • Posts: 1916
Re: "mamatay na ang mga taga-lipa"?
« Reply #1 on: June 27, 2007, 03:07:19 PM »
this may be the aftermath of the "taga-lipa are".  ang nangyayari kasi, meron entry sa registry wherein whenever windows loads, the process will be launched and triggers the worm to replicate its files. and since tumatakbo ka under normal mode, naka-load yung process na nag-protect sa worm, kaya kahit every time na matanggal sya, upon boot-up bumabalik kasi hindi natanggal yung worm na yun.

you could check the processes in task manager for wscript, isa to sa process na gamit ng worm na yun. pero since hindi siya "taga-lipa", ibang process ang gamit nya.

you can also look if there is an autorun.inf file in your hard disk, isa rin yan sa pwedeng mag-trigger ng worm para tumakbo.
it puzzles me how women seem so fragile but they can hurt men more than they realize it.

i will give you 2000 czech crowns...

Offline Simbadda

  • Member
  • **
  • Posts: 1916
Re: "mamatay na ang mga taga-lipa"?
« Reply #2 on: June 27, 2007, 03:26:14 PM »
here's what i found in google.

sa case ng MAMATAY NA ANG MGA TAGA LIPA, "desktop.ini.vbs" ang pinapatakbo ng wscript.exe and autorun.inf.

nakalagay sya sa desktop, at hidden ang attribute nya.

tapos eto yung entry sa registry, eto yung cause kaya ganun ang nakalagay sa title bar browser: "HKEY_CURRENT_USER\Software\Mi... Explorer\Main\Window Title","Mamatay na ang mga taga lipa!"

this is just a guess, pero baka pwedeng i-subsitute yung name ng vbs script dun sa steps ng pagtanggal ng "taga-lipa are"
it puzzles me how women seem so fragile but they can hurt men more than they realize it.

i will give you 2000 czech crowns...

Offline Simbadda

  • Member
  • **
  • Posts: 1916
Re: "mamatay na ang mga taga-lipa"?
« Reply #3 on: June 27, 2007, 03:31:34 PM »
based dun sa mcafee site:

http://vil.nai.com/vil/content/v_140962.htm

Overview -

This description is for a malicious VBScript file, which when executed on a windows machine will change the Internet Explorer "Title Bar" and try and spread through connected removable devices.

The characteristics of this VBScript virus with regards to file names/folders created etc. will differ depending on the way in which the attacker had configured it. Hence, this is a general description.

Aliases:

VBS.Flesh.A (Bit Defender)
VBS.Solow (Symantec)
VBS/Solow.I (Norman)
VBS_SOLOW.A (Trend Micro)
VBS/Slogod (CA eTrust)

Characteristics -

When executed, this malware creates the following file:

    * %System%\ desktop.ini.vbs

It then creates the following registry entries:

    * Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run “desktop”
      Data: %system%\desktop.ini.vbs (Responsible for autostartup of malware)
    * Hkey_Current_User\Software\Microsoft\Internet Explorer\Main “Window Title”
      Data: Mamatay na ang mga taga lipa! (Changes Internet Explorer Title Bar)
    * Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools”
      Data: 1 (Disable registry editing)

The malware then scans for any removable devices attached and copies itself into the folders found along with
the autorun.inf file which can cause auto-execution of the malware.

Note:

    * %System% is a variable location and refers to the windows system directory
    * The dropped files may have their attributes changed to hidden/system files

Symptoms -

    * Presence of files and registry entries mentioned earlier

Method of Infection -

This malware can copy itself to removable devices along with an autorun.inf file. Infection starts either with manual execution of the script file or by navigating to folders containing infected files whereby the autorun.inf files can cause auto-execution of the malware.

This malware may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc.

-------------------------
their utility can remove it.

kaya tong matanggal manually, pero ang problem disable yung regedit. there are programs that can restore regedit.
it puzzles me how women seem so fragile but they can hurt men more than they realize it.

i will give you 2000 czech crowns...

Offline AJ

  • Member
  • **
  • Posts: 3297
  • sudo make me a sandwich
Re: "mamatay na ang mga taga-lipa"?
« Reply #4 on: June 27, 2007, 04:01:12 PM »
localized worm. ayus ah.


Offline Simbadda

  • Member
  • **
  • Posts: 1916
Re: "mamatay na ang mga taga-lipa"?
« Reply #5 on: June 27, 2007, 04:11:11 PM »
localized worm. ayus ah.

meron pa nga akong natandaan na dos virus dati, merong sti na nakalagay. maraming details nakalagay dun hehehe
it puzzles me how women seem so fragile but they can hurt men more than they realize it.

i will give you 2000 czech crowns...


Offline lyvhien

  • Member
  • **
  • Posts: 219
Re: "mamatay na ang mga taga-lipa"?
« Reply #7 on: June 27, 2007, 06:36:33 PM »
@sir simbadda

thanks for the replies, i'll try to fix the laptop this weekend using those infos..
thanks so much!! God bless yah.
i'll post here the result..

@bianca

thanks po.. i'll check on it .. God bless yah!

hope to have a positive result..

 ;)
"I will not allow yesterday's success to lull me into today's complacency, for this is the great foundation of failure."

Offline Heishiro

  • Moderators
  • Member
  • *
  • Posts: 17280
  • BIOMENYEKZ
Re: "mamatay na ang mga taga-lipa"?
« Reply #8 on: June 28, 2007, 02:01:21 PM »
use firefox
:lol:
Rick "rolled" Astley would never :
- Give you up
- Let you down
- Run around and desert you
- Make you cry
- Say goodbye
- Tell a lie and hurt you

Offline ^_^japol

  • Veterans
  • Member
  • ***
  • Posts: 2498
  • sus
    • personal folio site
Re: "mamatay na ang mga taga-lipa"?
« Reply #9 on: June 28, 2007, 05:04:51 PM »
that lipa ire fuxxored my work rig a couple of weeks ago, the manual removal works better...

Offline lyvhien

  • Member
  • **
  • Posts: 219
Re: "mamatay na ang mga taga-lipa"?
« Reply #10 on: June 28, 2007, 09:30:41 PM »
use firefox
:lol:

heishi!

actually, both the Firefox and Internet Explorer have it. .

"I will not allow yesterday's success to lull me into today's complacency, for this is the great foundation of failure."

Offline jpidro

  • Member
  • **
  • Posts: 2604
    • Twitter
Re: "mamatay na ang mga taga-lipa"?
« Reply #11 on: July 15, 2007, 10:46:17 AM »
Haha! Bagong giyera na ba 'to?