virus mawar

Lowyat.NET Lowyat.NET Rules and Regulations

FAQ Help Search Members Calendar

Outline · [ Standard ] · Linear+

virus mawar

Share on

| Track this topic | Email this topic | Print this topic

lyih

Dec 4 2007, 09:39 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #1

Newbie

Group: Junior Member
Posts: 17
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: May 2005

any 1 can help me?
any cure for this virus call virus mawar... i think its local made virus

shah_ho_nam2

Dec 4 2007, 09:42 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #2

らき☆すた

Group: Senior Member
Posts: 3,467
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Aug 2006
From: 任を求めな

and what is it's sympthom btw???

lyih

Dec 4 2007, 09:47 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #3

Newbie

Group: Junior Member
Posts: 17
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: May 2005

i only know that it attach it self to any external device
and when ur comp get hit ur explorer the blue tab will be showing : "virus mawar menganas. wahahahahha "
i think the script change the some regfile of the internet explorer and attach it self on the thumb drive..

any 1 can teach me how to remove it from the thumb drive completely and from the comp?

hafiez

Dec 4 2007, 10:03 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #4

I the RAKYAT lah!™

Group: Senior Member
Posts: 2,148
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2007
From: Huntington Beach

the only way to remove the virus is (this is what i read on the internet)..
download this software 1st.. Winpatrol
then search for the files Haha.js / Autorun.inf / VirusMawar.js
select the files and choose delete on reboot.

after that, download UnhookExec
and run it. the unhookexec software is under symantec.
after that, reboot ur computer.

lyih

Dec 4 2007, 10:40 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #5

Newbie

Group: Junior Member
Posts: 17
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: May 2005

thanks for the info.. i will try

This post has been edited by lyih: Dec 4 2007, 10:41 PM

natakaasd

Dec 5 2007, 10:34 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #6

Look at all my stars!!

Group: Senior Member
Posts: 2,180
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Nov 2005

TS,
Please do not continue putting your computer at risk for further infections (and unproper fixes). Please post your HijackThis Log at an OFFICIAL Anti-Malware Forum, like SWI, TSF or so. You will get Proper, Professional and Adequate help there.

Cheers!

edspano

Dec 20 2007, 10:02 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #7

Newbie

Group: New Member
Posts: 3
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Dec 2007

QUOTE(natakaasd @ Dec 5 2007, 11:34 AM)

TS,
Please do not continue putting your computer at risk for further infections (and unproper fixes). Please post your HijackThis Log at an OFFICIAL Anti-Malware Forum, like SWI, TSF or so. You will get Proper, Professional and Adequate help there.

Cheers!

Hi there,

I have the same problem as lyih. Has anybody succeeded in removing this virus? My symantec virus scanner is not detecting it.

I used winpatrol to disable the virusmawar.js file and was able to erase it from my windows/system32/ folder. However, the message on top of my internet explorer window "Virus Mawar SEDANG MENGGANAS WARHAHAHAHAHA+++++====" is still there.

Hope somebody could help.

edspano

XOFJ

Dec 21 2007, 03:00 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #8

Getting Started

Group: Junior Member
Posts: 126
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2003
From: Malaysia

Usually you can change that by using regedit. Go to start>run and type regedit, run it. Press Ctrl+F and search for "Virus Mawar SEDANG MENGGANAS WARHAHAHAHAHA+++++====".

You should found a key named something like title or display name if I am not mistaken and with a value of "Virus Mawar SEDANG MENGGANAS WARHAHAHAHAHA+++++====". Try to change that value (e.g Microsot Internet Explorer @ Internet Explorer)

Hope it helps!

pengiranijam

Dec 21 2007, 04:00 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #9

Absolute Infinity

Group: Senior Member
Posts: 983
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Dec 2004
From: Malaysia Truly Asia

QUOTE(lyih @ Dec 4 2007, 10:39 PM)

any 1 can help me?
any cure for this virus call virus mawar... i think its local made virus

Don't do anything yet, post your hijackthis here...

edspano

Dec 21 2007, 12:21 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #10

Newbie

Group: New Member
Posts: 3
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Dec 2007

Thanks XOFJ. I succeded in removing the virus mawar message.

Thanks as well to pengiranijam. However, I was able to delete the .js file already win I used winpatrol so the .js file was not in my computer when I run hijackthis.

I'll use hijackthis next time if I ever encounter another problem.

It's good that you are around guys! Persons like me has somebody to ask in computer emergencies.

Keep up the good work!

edspano

louis_nhs

Jan 10 2008, 05:07 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #11

Getting Started

Group: Junior Member
Posts: 133
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Mar 2006
From: Kajang

hi edspano, can u post the proper & comprehensive steps to remove this virus?

Thanks.

eXPeri3nc3

Jan 10 2008, 05:12 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #12

Watashiwa Watashini Nareta

Group: Senior Member
Posts: 8,286
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Aug 2005
From: Lurking In The Forum Status: 1+3+3=7

Aih, another GFN script kiddie.

Wonder where was it made.

ariesboy2020

Jan 16 2008, 07:32 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #13

Getting Started

Group: Junior Member
Posts: 232
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2008

same as haha.js virus ..... just a little modification on title bar

i have see haha variant call len, ahpaw, and this one is mawar....... did the same thing.....

try nod32.... should keep virus at bay

This post has been edited by ariesboy2020: Jan 16 2008, 07:36 PM

rekaito_90

Jan 17 2008, 12:23 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #14

Newbie

Group: Junior Member
Posts: 27
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2008

its weak virus..but can destroy ur windows easily..mean hardcore virus..i delete it using kaspersky..then after dat..sumting bout svchost msg open..then i knew it..its same like jambanmu.V4..haha..stupid my fren usb..i forgot to scan before open dat usb..nah damn virus..malaysian made..

ariesboy2020

Jan 17 2008, 01:24 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #15

Getting Started

Group: Junior Member
Posts: 232
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2008

QUOTE(rekaito_90 @ Jan 17 2008, 12:23 PM)

its weak virus..but can destroy ur windows easily..mean hardcore virus..i delete it using kaspersky..then after dat..sumting bout svchost msg open..then i knew it..its same like jambanmu.V4..haha..stupid my fren usb..i forgot to scan before open dat usb..nah damn virus..malaysian made..

not malaysia... indo....
base on haha.js....

rekaito_90

Jan 17 2008, 01:29 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #16

Newbie

Group: Junior Member
Posts: 27
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2008

indo?haha...tah la..sama aje..haha..suke wat virus bodo..

Dr3aDLoRD

Jan 18 2008, 06:32 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #17

Newbie

Group: New Member
Posts: 1
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2008

QUOTE(XOFJ @ Dec 21 2007, 03:00 AM)

Usually you can change that by using regedit. Go to start>run and type regedit, run it. Press Ctrl+F and search for "Virus Mawar SEDANG MENGGANAS WARHAHAHAHAHA+++++====".

You should found a key named something like title or display name if I am not mistaken and with a value of "Virus Mawar SEDANG MENGGANAS WARHAHAHAHAHA+++++====". Try to change that value (e.g Microsot Internet Explorer @ Internet Explorer)

Hope it helps!

Hi XOFJ,

I've remove all the virus in my PC but now I couldnt open my C and E drive. It says 'Can not find script file "E:\VirusMawar.js".
What should I do with this problem?
Can you help me with this?

Thanks!

AzkA

Jan 19 2008, 01:19 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #18

sep netok

Group: Senior Member
Posts: 772
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Sep 2006
From: somewhere i belong

QUOTE(Dr3aDLoRD @ Jan 18 2008, 06:32 PM)

Hi XOFJ,

I've remove all the virus in my PC but now I couldnt open my C and E drive. It says 'Can not find script file "E:\VirusMawar.js".
What should I do with this problem?
Can you help me with this?

Thanks!

delete file autorun.inf in ur partion...or USB drive...then will be OK la

myee

Jan 19 2008, 05:10 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #19

>>>>>SAMA Inside<<<<<

Group: Senior Member
Posts: 1,076
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Sep 2007
From: Kuantan

QUOTE(ariesboy2020 @ Jan 17 2008, 01:24 PM)

not malaysia... indo....
base on haha.js....

another virus from indo.....after brontok.....

Added on January 19, 2008, 5:13 am

QUOTE(AzkA @ Jan 19 2008, 01:19 AM)

delete file autorun.inf in ur partion...or USB drive...then will be OK la

mind to tell me the step pls....

This post has been edited by myee: Jan 19 2008, 05:13 AM

ariesboy2020

Jan 20 2008, 06:15 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #20

Getting Started

Group: Junior Member
Posts: 232
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2008

im just a noob

u can try online scanner like kav (www.kaspersky.com) or nod (www.eset.com) if u dont want to install other av

to delete it manualy... a little hard..

do u mind to send me a copy of mawar.js??
i'll make fixer for that...
i need to study that dam virus coding first before make fixer..
but first...

SCAN WITH ONLINE SCANNER 1 BUDY

« Next Oldest · Technical Support · Next Newest »