A new worm is spreading on Yahoo Messenger, Windows LIve Messenger in the last two days. Apparently it is part of the family Palevo .
The message sent is:
is this you on little? http://tinyurl.com/myspaces-JPG
~ http://66.49.214.28/ avlprod / JPG-www.facebook.com.exe
Shocking! http://smallbiz-host.com/view.php?image =
Photo http://www.dirbay.net/photos.php?=www.FaceBook.com/profile-6658.php
Photo http://www.dirbay.net/photos.php
Photo?! hahaha http://www.proelectrocasa.com/view.php
Photo?! hahaha http://bit.ly/dCFCYp?=www.facebook.com/profile.php?id =
Who DID this pic of you? http://rurl.org/2v66?=www.facebook.com/photo.php
is this you on PICC? http://rurl.org/2vpe?=www.facebook.com/photo.php
is this you on PICC? http://myn-spacing.net/photos.php
Is this you on little? http://4url.cc/3cq?=www.facebook.com/photo.php
http://75.102.36.13/PIC529990492576-JPG-www.facebook.com.exe
Who DID this pic of you? http://194.149.23.55/PIC67576-JPG-www.facebook.com.exe
http://75.102.36.231/PIC6757745336-JPG-www.facebook.com.exe
is this you on little? http://ow.ly/2fSaJ?=www.facebook.com/photo.php
is this you on little? http://205.234.161.142/manual/imagesFaceBook.exe
Is this you on little? http://rurl.org/2ur5?=www.facebook.com/photo.php
Is this you on little? Http://64.202.120.40/PIC3367577776-JPG-www.facebook.com.exe
Is this easy? haha http://www.mostcashfast.com/view.php?image =
Haha Photo http://ow.ly/2fEUo?=www.facebook.com/profile.php?id =
LOL! Is this easy? http://www.wow-invisus.de/view.php
LOL! Is this easy? Http://wow-invisus.de/look.php
is it bit you on? http://ow.ly/2fBL5?=www.facebook.com/photo.php
is this you on little? http://ow.ly/2fJzp?=www.facebook.com/photo.php
is this you on little? 67.19.9.74/PIC33675436-JPG-www.facebook.com.exe
is it bit you on? http://ow.ly/2fBL5?=www.facebook.com/photo.php
is it bit you on? http://67.19.9.74/PIC639633636-JPG-www.facebook.com.exe
is that really you? http://ow.ly/2fl7h?=www.facebook.com/photo.php
is that really you? http://67.19.9.75/PIC6396636-JPG-www.facebook.com.exe
LOL! Is this easy? http://ow.ly/2eQiw?=www.facebook.com/profile.php?id =
LOL! Is this easy? Http://www.dellszerver.hu/view.php
LOL! Is this easy? http://ow.ly/2eM7L?=www.facebook.com/profile.php?id =
LOL! Is this easy? Http://www.vinyl-mania.com/userfiles/profile.php
is this you on little? http://ow.ly/2eFvB?=www.facebook.com/photo.php
is this you on little? http://64.202.120.38/525684446636-JPG-www.facebook.com.exe
i can not believe this is you http://ow.ly/2eAeK?=www.facebook.com/photo.php
i can not believe this is you http://67.19.9.75/444446636-JPG-www.facebook.com.exe
is this you on little? http://ow.ly/2ei1n?=www.facebook.com/photo.php
is this you on little? http://is.gd/dzFFB?=www.facebook.com/photo.php
is this you on little? http://64.202.120.38/24442498736-JPG-www.facebook.com.exe
is is you on this bit? http://ow.ly/2dWT4?=www.facebook.com/photo.php
is this you on little? http://205.234.197.126/suspended.page/photos.exe
is this you on little? http://205.234.197.126/photo.php
is this you on little? http://ow.ly/2eohl?=www.facebook.com/photo.php
is this you on little? http://67.19.9.75/24985425498736-JPG-www.facebook.com.exe
is this you on little? http://ow.ly/2eovc?=www.facebook.com/photo.php
is this you on little? http://64.202.120.38//2666425498736-JPG-www.facebook.com.exe
is this you on little? http://ow.ly/2e6NU?=www.facebook.com/photo.php
is this you in the pic? http://ow.ly/2dOoj?=www.facebook.com/photo.php
is this you in the pic? http://64.202.120.40/2444498736-JPG-www.facebook.com.exe
is this you in the pic? http://ow.ly/2dOyA?=www.facebook.com/photo.php
is this you on little? http://205.234.197.127/2444498736-JPG-www.facebook.com.exe
is this you on little? http://ow.ly/2cWs2?=www.facebook.com/photo.php
is this you on little? http://205.234.197.127/2444498736-JPG-www.facebook.com.exe
is it you on this bit? http://ow.ly/2dHV4?=www.facebook.com/photo.php
is it you on this bit? http://205.234.213.221/2444498736-JPG-www.facebook.com.exe
Photo http://ow.ly/2d3aB?=www.facebook.com/photo.php
Photo http://205.234.213.223/213484541546896-JPG-www.facebook.com.exe
is this you on little? http://ow.ly/2cWs2?=www.facebook.com/photo.php
is this you on little? http://ow.ly/2cTes?=www.facebook.com/photo.php
Photo http://205.234.213.223/3213213484541546896-JPG-www.facebook.com.exe
Photo http://205.234.213.223/012457566896789-JPG-www.facebook.com.exe
Photo http://ow.ly/2bCGF?=www.facebook.com/photo.php
Photo http://ow.ly/2c4Kd?=www.facebook.com/photo.php
Photo http://fracebook-img.net/n719102_09.JPG-www.facebook.exe
Photo http://ow.ly/2bmMb?=www.facebook.com/photo.php
Photo http://ow.ly/2b7Xp?=www.facebook.com/photo.php
Photo http://ow.ly/2bgwQ?=www.facebook.com/photo.php
Photo http://ow.ly/2aY8W?=www.facebook.com/photo.php
Photo http://ow.ly/27Vm6?=http://www.facebook.com/photo.php
Photo http://eliotson.yourfreehosting.net/FaceBook.php
Photo http://ow.ly/2aG6r?=www.facebook.com
Photo http://ow.ly/29Bpi?=http://www.facebook.com/photo.php
Photo http://ow.ly/2arFH?=www.facebook.com
Photo http://ow.ly/2anHr?=www.facebook.com
Photo http://ow.ly/2arJj?=www.facebook.com
Photo http://ow.ly/2aHoc?=www.facebook.com
Photo http://ow.ly/291IF?=http://www.facebook.com/photo.php
Photo http://ow.ly/291db?=http://www.facebook.com/photo.php
Photo http://ow.ly/291aV?=http://www.facebook.com/photo.php
Photo http:// ow.ly/287IF? = http://www.facebook.com/photo.php
Photo http://ow.ly/291db?=http://www.facebook.com/photo.php
Photo http://66.225.241.182/suspended.page/9.JPG-www.facebook.exe
Photo http://208.116.55.90/% 7Echeapptc/667255684-JPG.com.jpg-www.facebook.com.exe
Photo http://64.202.120.38/suspended.page/yyydtq249.JPG-www.facebook.exe
Photo http://ow.ly/27K04?=http://www.facebook.com/photo.php
Photo http://205.234.161.140/n777719102_09.JPG-www.facebook.exe
Photo http://ow.ly/27rnj?=www.facebook.com/photo.php
Photo http://205.234.223.219/n719753102_09.JPG-www.facebook.exe
Photo http://ow.ly/27gE2?=www.facebook.com/photo.php
Photo http://205.234.223.219/n119753100_09.JPG-www.facebook.exe
Photo http://ow.ly/2752E?=http://www.facebook.com/photo.php
Photo http://ow.ly/26x6I?=http://www.facebook.com/photo.php
Photo http://205.234.161.140/n11975310_09.JPG-www.facebook.exe
Photo http://ow.ly/23U3V?=http://facebook.com/photo.php
Photo http://julietgardiner.com/photo.php
Photo? haha http://u.nu/7rhud?=www.facebook.com/profile.php?id =
Photo? haha http://brianawatts.org/view.php
SUMMER? yeaaaaaaahh http://u.nu/8njud?=www.facebook.com/profile.php?id =
SUMMER? yeaaaaaaahh http://www.centralpassage.net/view.php
Hahah funny photo http://u.nu/9f5vd?=www.facebook.com/profile.php?id =
Hahah funny photo http://mardani20edu10.com/view.php
Is this you on little? http://rurl.org/2vci?=www.facebook.com/photo.php
http://194.149.23.55/PI9990576-JPG-www.facebook.com.exe
Is this you on little? http://my-facebooks.net/photos.php
Is this you on little? http://rurl.org/2viq?=www.facebook.com/photo.php
Is this you on little? http://75.102.36.13/PIC524222976-JPG-www.facebook.com.exe
Is this you on little? http://myfrcebooks.net/photos.php
Downloads:
imagesFaceBook.exe
PIC67576-JPG-www.facebook.com.exe
PI9990576-JPG-www.facebook.com.exe
PIC3367577776-JPG-www.facebook.com
DCS117823992.JPG.exe
PHOTO-www.facebook.exe-017620.JPG
PIC67576-JPG-www.facebook.com.exe
PHOTO2551013.scr
JPG-www.facebook.com.exe
PIC83414231-JPG-www.facebook.com.scr
PIC54454435-JPG-www.facebook.com.exe
PIC67576-JPG-www.facebook.com.exe
PIC524222976-JPG-www.facebook.com.exe
PIC529990492576-JPG-www.facebook.com.exe
PIC639633636-JPG-www.facebook.com.exe
PIC6396636-JPG-www.facebook.com.exe
FOTO3436812.JPG.scr
525684446636-jpg-www.facebook.com.exe
444446636-jpg-www.facebook.com.exe
24442498736-jpg-www.facebook.com.exe
photos.exe
24985425498736-JPG-www.facebook.com.exe
2666425498736-jpg-www.facebook.com.exe
2444498736-jpg-www.facebook.com.exe
213484541546896-JPG-www.facebook.com.exe
3213213484541546896-JPG-www.facebook.com
PIC348u6234-www.facebook.com.JPG.exe
n719753102_09.JPG-www.facebook.exe
n11975310_09.JPG-www.facebook.exe
n11975310_09.JPG-www.facebosok.exe
n777719102_09.JPG-www.facebook.exe
102_09.JPG-www.facebook.exe
9.jpg-www.facebook
4-www.facebook.com.exe JPG.com.jpg
667255684-JPG.com.jpg-www.facebook.com
457 854-JPG.com.jpg-www.facebook.com.exe
PIC3428u456234-www.facebook.com.JPG.exe
PIC928519485www.facebook.com_13.JPG.exe
012457566896789-JPG-www.facebook.com.exe
Although at first glance appears to be site facebook.com, just is not. This f these redirect to other sites containing infected files.
The virus creates jusched.exe process in the Windows folder in Users folder.
(C:\WINDOWS\jusched.exe, C:\Users\Public\jusched.exe C:\do.exe C:\wos.exe, C:\WINDOWS\rgemua.exe ).
Detection on VirusTotal.com:
http://www.virustotal.com/analisis/eef52b77b06b ... ..
Automatic in Hong Kong:
Who has installed Kaspersky Antivirus Kaspersky Internet Security 2010/2011 and 2010/2011, to make updates to definitions and run a full system scan.
Warning! Who has another antivirus installed, follow the steps below (installed in 2010 9.0.0.722 Kaspersky Virus Removal Tool does not involve uninstalling your antivirus on the system).
Download
-Kaspersky Virus Removal Tool 9.0.0.722 2010
-Install it, remove the cable internet / modem / etc stop real-time protection (shield) installed on your PC's antivirus and -scan full system this utility.
-On completion of scanning delete all files detected.
-Reboot, enable your antivirus protection, online cable internet / modem / etc.
Download Malwarebytes Anti-Malware 1.46 .
-Install the program and finally make sure you check the following:
-Update Malwarebytes' Anti-Malware
-Launch Malwarebytes' Anti-Malware
-Click Finish.
-Take steps launch the program, select Perform full scan and click Scan.
-After clicking finish OK, then Show Results.
-Make sure everything is ticked and click Remove Selected.
ไฟล์ไวรัสที่ฝังเครื่องคือ jusched.exe โดยจะอยู่ที่ C:\WINDOWS\jusched.exe หรือ C:\Users\Public\jusched.exe หรือ C:\do.exe หรือ C:\wos.exe หรือ C:\WINDOWS\rgemua.exe ให้ทำการเปิดไฟล์ซ่อนทั้งหมด แล้วทำการปิด process และลบไฟล์ดังกล่าว