Thursday 10 June 2010

Gotcha virus.

When i studied thew log i noticed that several users complained about that they can't either log on or load up files and the software they use crash.
One entry stated that a message popped up saying Gotcha.

From my personal experience i recall that this happeninigs happen when your PC is infected with virus. Especialy that hackers leave their "marks".

I researched about Gotcha virus and here is what i found.

Gotcha is a memory resident, file infecting virus. It infects .COM and .EXE files, including COMMAND.COM.

Upon infection, Gotcha becomes memory resident at the top of system memory but below the 640K DOS boundary. Interrupt 21 is hooked by the virus.

Once Gotcha is memory resident, it infects .COM and .EXE files, other than very small ones, as they are executed or opened.

It is not known what Gotcha does besides replicate.

Symptoms -
The following text strings are found in all files infected with the Gotcha virus:

"GOTCHA!"
NEXECOM"

Total system and available free memory decrease by 1,024 bytes. Files infected by Gotcha increase in size by 879 bytes. The virus is located at the end of the infected file.

How to remove Gotcha virus ?
Windows ME and XP utilize a restore utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility to remove the infected files from the C:\_Restore folder.

WindowsME
Right click the My Computer icon on the Desktop and click on Properties.
Click on the Performance tab.
Click on the File System button.
Click on the Troubleshooting tab.
Put a check mark next to 'Disable System Restore'.


Click the 'OK' button.
You will be prompted to restart the computer. Click Yes.
Note: To re-enable the Restore Utility, follow steps one to seven and on step five remove the check mark next to 'Disable System Restore'.

WindowsXP
Disabling the System Restore Utility (Windows XP Users)

Right click the My Computer icon on the Desktop and click on Properties.
Click on the System Restore tab.
Put a check mark next to 'Turn off System Restore on All Drives'.


Click the 'OK' button.
You will be prompted to restart the computer. Click Yes.
Note: To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

Helpfull links
http://vil.nai.com/vil/content/v_514.htm
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)