Pages

Saturday, February 14, 2009

jwgkvsq.vmx worm/virus RECYCLER folder

To clean up system which automatically creates autorun.inf and RECYCLER folder with jwgkvsq.vmx, download and run this program. After reboot, the system probably will complain about missing dll file. To fix it manually, you can use regedit or msconfig:

Regedit:
  1. run regedit.exe (start menu, run: regedit.exe),
  2. search the dll file name (CTRL+F)
  3. delete the entry which contains the missing dll file. Usually, the entry should be found on registry location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\

Or MsConfig:
  1. run msconfig.exe (start menu, run: msconfig.exe),
  2. go to startup tab
  3. Uncheck the Startup Item which contains missing dll file on the command.

To clean up the infected flash disk or external disk with FAT file system, simply delete the autorun.inf and RECYCLER folder. But if it has NTFS file system, windows will complain about having unauthorized access to the file and folder. You can use Linux and mount the NTFS volume (probably it must be mounted forcefully with options -o force), then delete them. Live CD such as Ubuntu will do.

That's all :)

Updated:
If the above cleaning process didn't work (somehow, the above process works perfectly on my PC but has no effect on my friend's), scan the system using this tool. After scanning, there are probably some unaccessible files (check the log file). then:
  1. find suspicious hidden dll file on \windows\system32\,
  2. boot to save mode
  3. change the ownership of the file (right click, properties, security, click advanced.. the rest I expect you know how.. ;) ), then
  4. change the access permissions for everyone,
  5. delete the dll file manually.

Perhaps, step (3) to (5) can be applied to remove the autorun.inf and RECYCLER folder too..

That's all :)

Updated #2:
For those who have trouble downloading from antivirus website, I add mirrors for the antivirus:
(2012/10/4: Sorry, the mirrors are no longer available).

PS. Turn off System Restore and unplug your network before executing the removal tool. Otherwise, the virus might not be cleaned up. And refer to microsoft bulletin here to update the vulnerable patch.

If none of the above methods works for you, perhaps you should try to follow the cleaning process from microsoft knowledge base here.

That's all :)

Updated #3:
If you still got problem, The FAQ about conficker from kaspersky might be helpful.

That's all :)

Saturday, February 07, 2009

Zend framework mail: broken kanji

I'm using Zend framework for most of my web projects at work. One of the must-have features is must be able to send email either scheduled routinely using cron or executed manually from the web. Somehow, I found that on certain web based email clients the contents of the email with Japanese kanji is unreadable.

I'm quite surprised that after doing many trial and errors converting the encoding type, the solution is very straightforward. Simply add a line to the header of the email contains MIME-Version information as follows:
$class->addHeader('MIME-Version','1.0');

But I still don't know why it should be added manually.. :S

That's all :)