Monday, February 25, 2008

Introduction of Sujin virus. ( changed home page of IE)

Just check the title and homepage of your browser (IE only I guess). If any one or both have ‘sujin.com.np’ on them then congrats… you have successfully been infected by what is called the “Sujin Virus”. Most people may get frightened how this got into their computer and what does it do. Well, need to get frightened. This is not a harmful virus at all. The only thing that it does now is scare people out and that’s it. It was just some script programmed by some guy from Nepal (who thinks he’s a genius) in Visual Basic that changed some registry settings and copied itself to all drives in root directory. I can’t really understand what he really wanted to do.

Anyways let see what it does with your system

  1. Modifies registry settings (this does things such as disabling access to taskbar, setting the start page of IE to ‘sujin.com.np’ and modifies the UserInit settings to execute Virusremoval.vbs)
  2. Stores a copy of itself to all drives in root directory.
  3. Removes all .vbs files in Windows directory and Root directory and all .inf files in root directories of drives.
  4. Removes ravmon.exe, sxs.exe, winfile.exe and run.wsh(now we have ask him why he wanted them removed)
  5. Stores VirusRemoval.vbs in root and adding the autorun.inf to make sure that it auto executes if it’s installed in a removable disk (i.e. flash drives).
So, basically this script is not that harmful if we come to know it. We have to be careful not to double click the flash drive especially as they are the main carriers of this virus. You can right click though to check if there is any autorun file in you flash drives. While right clicking the flash drive if the default option is ‘Autoplay’ then be alarmed that your flash drives contains an “autorun.inf” file that may be set to execute any other harmful files in your flash drive. So, once you know that there is an autorun file try to delete it form command prompt. There may be other harmful hidden files too, to see and delete which you may have to use a combination of switches.

Read more here to remove this virus.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)