From Emre virus labs:
This motherfucker virus was living in my parents` computers. (Since I use Linux I don`t have any as usual…) And it`s a pain in the ass…
What the virus does:
- Shares your drives to the world as PATRON1, PATRON2, etc…
- Copies itself to any writeable devices around you. USB sticks are great examples.
- On a USB drive, it generates an autorun.inf file and a copy of itself. Each time you connect your USB drive it infects your computer again…
- It uses the CPU at least to 70%… Noisy bitch…
How do you know that you are infected:
- Press CTRL+Shift+Esc buttons. You`ll see the activexdebugger32.exe process running.
- You can see a copy of the executable (activexdebugger32.exe) in your USB drives if you enabled the STUPID Windows to show you hidden files.
How to kill the bastard and have a nice smiley day/night (It`s 3am ok?) If you kill your computer i`m not responsible.
- Plugin your USB stick (if you have one)
- Kill the process activexdebugger32.exe
- Delete the activexdebugger32.exe binary. It usually lives under c:windowssystem32 (or c:winntsystem32 depending your Windows installation)
- open regedit. Go to the top of the tree on the left pane. hit F3 (or CTRL+L) to open the search dialog. type, yes you know it, activexdebugger32.exe, NUKE the damn registry entries wherever it`s found. (Search until the end)
- Go to the root folder of your USB stick and delete, yes you`re right again, activexdebugger32.exe and autorun.inf
- Update: Motherfucker leaves more trails… Delete the file NESNELER.EXE (meaning objects.exe in turkish) under c:Documents and SettingsLocal SettingsTemp
- Update: Delete all the files under C:windowssystem32 named: Ijl11.dll, KMON.OCX, KTKBDHK3.DLL, MSWINSCK.OCX, PAC, scrrntr.dll, scrrun.dll
Lastly, fuck microsoft and windows, have a nice life….
Update after 4 months: Damn I was angry when I wrote this. And it was 3 am. The entry was somewhat full of typos so i edited and changed some info.