Orkut Applications

Do you want Virus to Enter in yours Computer System No ,Then Dont Ever Click the Scrap with Video Image as seen in below image , But if you have Click this Video Scrap by mistake then Virus is automatically installed in yours system To Remove this from yours Computer find the solution From Below .

• When a victim clicks on the link, they are redirected to an external site which prompts them to download the file “flashx_player_9.8.0.exe”.
• When executed, flashx_player_9.8.0.exe retrieves the files windosremote.exe, logservicess.exe and win32chekupdate.exe from http://[REMOVED].ifastnet.com. These files download additional files that perform a variety of malicious actions, but logservicess.exe is the main executable for further propagation. Logservicess.exe first copies itself as maindwxp.exe to four different locations on the system to ensure it is executed on startup.

• Maindwxp.exe then checks in with the command and control server via a GET request with specific parameter values. Interestingly, the page returned simply contains the word “Rastreados” followed by a number. In Portuguese, “rastreados” means “crawled” - at last check the number was 13559.
• Maindwxp.exe then executes and begins checking for an active browser window, waiting for the victim to visit Orkut. Once the victim is in an authenticated Orkut session, maindwxp.exe injects Javascript code into the active Orkut web session.

• This Javascript code which is actually based on a popular Greasemonkey script is then executed within the context of the Orkut domain and the user’s authenticated session, resulting in the malicious scrapbook entry being sent to all the victims’ friends, and the cycle begins again.

Now To Remove This Virus You Have To Follow Below Steps Carefully.
1. Disable System Restore (Windows Me/XP).

• Right Click “My Computer” , then select “Properties“.
• Go to “System Restore” tab .
• Then Click/ Check “Turn off System Restore“, then click Ok and Restart your system .

2. Update the virus definitions.

3.Backup your system registry.

• Go to “Start” menu,
• Select “Run“, then type “Regedit” .
• Windows Registry will open ,
• Go to “File” menu then select “Export“.
• Create a new Folder . e.g; “Registry-Backup” .
• Then type a filename which includes current date , this will help you in future maintanace of your Operating System . e.g; “Reg-Backup-05-03-2008″

4.Restart your system in safe mode.

• During BootUp process Press F8 , then the BootUp selection screen will display.
• Use Arrow Up+Down to select SafeMode on the selections menu.
• Hit Enter to proceed.

5. Run a full system scan.

6. Delete these values added to theregistry.

• Windows operating has an in built “Registry Editor” to edit Registry.
• To open system registry .
• Go to “Run” on start menu , then type “regedit“
• Press ‘Ctrl+F‘ to Search/Find any Values or strings in registry .
• Press ‘F3‘ to “Find Next“.

NB: Use this Symantec Tool to reset shell\open\command registry keys if regedit (Registry editor)is not accessible .

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Partizan\”Group” = “Boot But Extender”

Remember you have to delete the above registry value, and to Keep away from all such virus that spread from OrKut or other SocialNetworking websites ,It is necessary to disable javascript from yours system to learn how to disable javascript you can vistit here.