5/18/2015

How to remove shortcut VIRUS from your system : AntiBAK


# How to know if your system is infected by this VIRUS
If your System is infected by this VIRUS then whenever you plug-in any external USB Drive then this VIRUS is going to move all your data from ROOT of that Device to another special directory (A directory without name), and in ROOT of that device, you will find a shortcut that points to windows system rundll32.exe binary file.
When you run this shortcut, now you will be able to access your data of that Device.
And there will be one file, that is main VIRUS BINARY (DLL FILE) if its name follows this pattern.

~$<RANDOM_TEXT_STRING>.bak

# VIRUS: This virus looks simple but it's not, its size is ~28MB, it's a DLL file when it is being distributed via USB (from one PC to another)
When user click that Shortcut, this is going to install into your System (Size ~ 90MB). This virus use windows resources, so no anti-virus softwares are able to detect it.
Its binary file is being protected using ASPACK Exe compressor program, So that no one can decompile it,
# First of all size of this virus is quite large, even after creator of this virus compressed it about 70%,
And second creator of this virus used a commercial program to compress and protect its code, so i do not know what is doing
Behind the scene, but i can tell you that, it must be very powerful and dirty virus.


# AntiBAK, that's my new program (basically script) that helps you to remove
latest VIRUS, that no anti-virus is able to detect or remove.
If your PC is infected by this VIRUS, then you may noticed that whenever you
plug-in USB Drive into your PC, shortcut appears into root of your USB Drive.
If you clicked that shortcut, VIRUS code is going to execute (or virus had been silently installed.) on your System.

# To remove VIRUS, run application and hit  __RUN__  button, that's it, DONE!
# Runs only on Windows7 + Windows8 + Windows8.1
# For Windows Vista or XP, first you need to download and install Windows Management Framework.
# though i write this application to only remove this virus (which using msiexec program), yet this GUI will help you to remove any kind of virus, all you have to do is, manually operate it.

# My application is going to find virus and permanently delete it from your PC, This application GUI is built using AutoHotKey scripting language
and the main logic to remove virus from PC is written in PowerShell Scripting language, So if you are advanced PC User, go for PowerShell script,
it's code is open-source and either you can download pre-compiled binary file or download source file and compile it yourself, or run PowerShell script, just to remove virus from your System.

# Download:
https://sourceforge.net/projects/antibak/

No comments :