انطلق في 7 نوفمبر/تشرين الثاني أي الشهر الحالي، أصيب به جهازي وجاري البحث عن حل :ah34:، والآن أقوم تحميل أداة لاجتثاثه، آمل أن تفي بالغرض مع أنّ NODE32 Anti virus 3.0 موجود لكن للأسف آخر تحديث له على جهازي كان في 11/10، لذا وجب التنبيه لاتخاذ الاحتياطات اللازمة.

لمزيدٍ من المعلومات التفصيلية عن هذا اللعين..

File Behavior

V1CBVSMQ.EXE has been seen to perform the following behavior:

* The Process is packed and/or encrypted using a software packing process
* This process creates other processes on disk
* Writes to another Process's Virtual Memory (Process Hijacking)
* The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
* Violates Windows/Vista Physical Memory Protection allowing it to look inside the data areas of other programs
* This Process Deletes Other Processes From Disk
* Adds a Registry Key (RUN) to auto start Programs on system start up
* Executes a Process
* Copies files
* Injects code into other processes

V1CBVSMQ.EXE has been the subject of the following behavior:

* Deleted as a process from disk
* Created as a process on disk
* Executed as a Process
* Has code inserted into its Virtual Memory space by other programs
* Added as a Registry auto start to load Program on Boot up
* Copied to multiple locations on the system

Country Of Origin

The filename V1CBVSMQ.EXE was first seen on Nov 7 2009 in the following geographical regions of the Prevx community:

* The EUROPEAN UNION on Nov 7 2009
* TURKEY on Nov 8 2009
* GREAT BRITAIN on Nov 8 2009
* YEMEN on Nov 16 2009

File Name Aliases

V1CBVSMQ.EXE can also use the following file names:

* L61YYP.EXE
* HERSS.EXE
* DPLYMK~1.EXE
* DPLYMS~1.EXE
* 93968559.EXE

Filesizes

The following file size has been seen:

* 115,973 bytes
* 1,856,773 bytes
* 292,312 bytes
* 292,316 bytes

File Type

The filename V1CBVSMQ.EXE refers to many versions of an executable program.