Flash.10.exe Removal Guide

I separated the solution from the last post for better viewing

Solution:

1. Use HijackThis to scan and then remove the entries that contain Flash.10.exe, JambaMu.com, MSN.msn
   


2. Enable Folder Options that disabled by the malware:
   Go to Run -> Type gpedit.msc -> Expand "User Configuration" -> Expand "Administrative Templates" -> Expand "Windows Components" -> Select "Windows Explorer" -> Double click "Removes the Folder Options menu item from the Tools menu" in the right panel -> Select Disabled
   
   Alternative: Open regedit, go to
   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> delete "NoFolderOptions" or "DisableFolderOptions" or similar key if it is there -> Reboot
   


3. Folder Options should be appeared now, go to Folder Options -> Select "show hidden files and folders" & uncheck "hide protected operating system files"
   


4. Go to C:\Windows\System32, delete Flash.10.exe, JambanMu.com, regedit.com, cmd.com, msconfig.com, ping.com, dxdiag.com
   


5. Delete My Secret.fold in My Documents, New Song.lagu & New Video.vidz in My Music, aweks.pikz & seram.pikz in My Pictures
   


6. Delete C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn
   


7. Delete C:\Program Files\Common Files\Microsoft Shared\Macromedia.10.exe
   

- If you cannot delete the files and get messages like "cannot read from the source disk" or others that similar, probably your antivirus has blocked the access to these files, that's why you cannot move, delete or rename the files. Disable your antivirus and try again.

*regedit.exe and cmd.exe actually stay intact, it just disabled by the malware.

8. Enable regedit that disabled by the malware:
   Go to Run -> Type gpedit.msc -> Expand "User Configuration" -> Expand "Administrative Templates" -> Select "System" -> Double click "Prevent access to registry editing tools" in the right panel -> Select Disabled
   


9. Enable command prompt(cmd) that disabled by the malware:
   Go to Run -> Type gpedit.msc -> Expand "User Configuration" -> Expand "Administrative Templates" -> Select "System" -> Double click "Prevent access to the command prompt" in the right panel -> Select Disabled
   

Leave your comment on this solution, I need your feedback, does it helps?

NOD32 failed to detect Flash.10.exe

Recently, Flash.10.exe is spreading through thumbdrive. It affects regedit, msconfig, cmd and removes folder options and generates Flash.10.exe and JambanMu.com under windows\system32 and some files inside Document and Settings and Program Files. NOD32 detected the autorun.inf that came with the malware inside thumbdrive but failed to detect the Flash.10.exe file. NOD32 only detected the files(regedit, cmd, msconfig, dxdiag, ping, JambaMu.com, MSN.msn, ...)as infected after the infection was made. NOD32 gave warning and deleted the infected files and ask the submission of infected files for analysis, it only has the option to close the warning dialogue. However damage already done and Flash.10.exe is still there, not detected as a threat. The Flash.10.exe executed even you explore the thumbdrive instead of directly open the thumbdrive. Flash.10.exe process that running in the background cannot be terminated inside Task Manager because it didn't appeared inside Task Manager, it only visible when using other process monitor like Process Explorer. Have to delete the malware manually and used HijackThis to clear the the rest of the malware. Folder options, regedit, cmd and msconfig have to be recovered.

*Solution has been moved to new post - Flash.10.exe Removal Guide


UPDATE (16th July):
I tried to infect my thumbdrive with this malware, this time it came with Flash.10.Setup.exe, scanner.exe, Flash Jokes.exe and autorun.inf in the thumbdrive. NOD32 detected all the files at this time. At another infected pc, Flash.10.exe and Macromedia.10.exe that running in the background can be seen in Task Manager after infection. Different from the case above.

Hotmail has javascript trojan?

Hotmail contains trojan? One of the javascript loaded in Hotmail was identified as JS/Tivso.14a.gen trojan by NOD32. I think it only happens after NOD32 was updated to virus signature 2365 that released on 30th June. Strange thing is it detects nothing when using Firefox to open the website, but when I tried with IE, after few clicks on the left side menu, NOD32 shown alert when the javascript was loaded. Is it really a threat or NOD32 is just too sensitive?



UPDATE:
It was a false positive, there was a bug in virus signature 2365, problem fixed after updated to virus signature 2366(1st July) that just released.

UPDATE:
According to ESET, false positive was not totally solved, the generic signature covering JS/Tivso.13a.gen also would generate a false positive. Misdetection solved after virus signature 2368 was released. Details at ESET Threat Center Blog.

Dell new Inspiron - Santa Rosa inside

Dell release new Inspiron series with new Centrino Duo platform - Santa Rosa(Details on Santa Rosa).
New Inspiron available in 8 colors, offering red, blue, yellow, green, brown, and pink colors besides black and white one.It also built-in with 2.0MP webcam.














New Inspiron series 1420 (14.1"), 1520(15.4"), 1720(17")
that built on Intel new Santa Rosa come with:

• Processor of new Centrino platform(Santa Rosa) - T7100,T7300,T7500,T7700 with 800Mhz FSB or
  processor from previous Centrino platform - T5250,T5450 with 667Mhz

• 965GM chipset with Intel GMA X3100 graphics or
  965PM chipset for NVIDIA GeForce Go 8400M GS 128MB or NVIDIA GeForce Go 8600M GT 256MB
  

• Wireless 802.11n support (optional)

New Inspiron also comes with AMD. Inspiron 1521 is comes with AMD Turion 64 X2 processors and based on AMD ATI M690T chipset, integrated with ATI Radeon Xpress X1270 graphic. AMD Athlon 64 X2 will be available later for this model.

However gigabit LAN still not implemented in the new Inspiron.
Also notice that desktop product name is substituted from Dimension to Inspiron.

Fresh red brochure

Different color different face
(added 3rd July)

Wondering why Dell didn't show the graphic spec in the brochures. GeForce 8 series graphic is quite attractive...

Streamyx 4.0Mbps ?

Do we really need 4M of speed? Consider the factors:

Stability
-Copper line can support 4M of speed but most of the copper wires here are old and in bad quality. If the SNR margin is low for line capped 1M or below, you will face stability issue if upgrade to a higher speed, the SNR margin will drop when the line is capped to a higher speed, the SNR margin will become too low, then it will brings disconnection issue. Refer to my post - Get rid of Streamyx intermittent connection. I heard that TM only provides this service to customer that meet the minimum requirement of SNR margin(e.g. minimum of 15db for line capped at 1M). It also depends how far you are from the local exchange, cannot be too far from the exchange. Sometimes even you are near to the exchange, you may also have connection problems because of poor copper line. And it is hard to get full speed that offered by the package, speed is only on best efforts basis.

Expensive
-RM198! non-promotional RM268!
In other countries, you can get more than 10M at cheaper price.

Throttling
-4M with throttling , no point to subscribe if you only want higher bt speed (different if using of VPN services or methods of bypassing throttling are working). We no need 4M if just for surfing, may be it will helps in smooth news and multimedia streaming.

This time TM come out with new METRO.e technology that provides speed from 4Mbps to 1Gbps for businesses, so is Streamyx 4.0M package related to the new tech?
Some rumour says that current packages will be upgraded to higher speed soon. We hope it's true.
Anyone has experienced with the 4M package?
Now we can wait for the price to drop, or wait for WiMax to come...

Streamyx bill view in Firefox

I just realized that Streamyx bill now can be viewed in Firefox. Before this, when you select the bill period and click on the preferred language, it had no respond, and we only can viewed the bill in IE. Is it caused by TM MCM&B system update or Firefox latest release? However, account information update is still not working in Firefox, the system cannot save the profile after editing.