Imago-Labs Comment : on LoveCalculator.exe
|
LoveCalculator.exe is a simple virus writtem in C/C++ and Java. It can be introducesd as a Trojan Horse. When it is executed it generates two files LoveVirus.jar(MD5:6E760653F2E90720D04F0DE1251F21DD) and i4jdel0.exe(MD5:D6C9003CF1B2223FE28C06AACFF9E11F). Then it executes LoveVirus.jar using JavaRuntime environment. LoveVirus.jar is consists of two class files Main.class and CopyFile.class.This virus has no ability to spread itself(Not a worm).
CopyFile.class is responsible for copying LoveCalculator.exe to targeted locations. In main method CopyFile class is implemented to do following things.
- It copies LoveCalculator.exe to the all drives from C: to P: (C:\ , D:\,.....,P:\) if the drive is available.
- Then it copies LoveCalculator.exe to C:\Documents and Settings\All Users\Start Menu\Programs\Startup to run windows startup.
- At the windows start up it forces windows to shutdown by using following java code.
- static String command = "shutdown -s" ;
static String command1 = "shutdown -f" ;
- .........................................
Runtime.getRuntime().exec(command1) ;
Runtime.getRuntime().exec(command) ;
- At each restart it shows
- " You are a FOOL , Calculate Love Next Time ....... or Visit < WWW.SORRY.COM > for more details . "
Removal Instructions:
- Power on your PC.
- After BIOS screen press F8 key and select Safe Mode
- After windows loads in Safe Mode goto start button->All Programs->Startup.
- Delete the file LoveCalculator.exe in the startup folder
- Then Delete all LoveCalculator.exe files in the roots of the partitions(C:, D:....)
- Tip : Use windows search tool if you prefer.
- Finally restart your computer and let windows to load in normal mode.
|
File Details : LoveCalculator.exe
|
Size : 309248 Bytes
Version :
CRC-32 : 77D4FB12
MD5 : 4087E11BFCC8ADB4076ECB7AA6B16590
SHA1 : 9CB1860BAD7BE1D8840094B1EF6137FD43B6247A
Read only : Yes
Hidden : No
System file: No
Directory : No
Archive : Yes
Symbolic link: No
|
Values Added To The Registry:(2)
|
HKU\S-1-5-21-606747145-1580818891-1343024091-1003\Software\ej-technologies\exe4j\jvms\c:/program files/java/jre6/bin/java.exe\LastWriteTime: 00 0D A0 D8 0C 6A CA 01
HKU\S-1-5-21-606747145-1580818891-1343024091-1003\Software\ej-technologies\exe4j\jvms\c:/program files/java/jre6/bin/java.exe\Version: "1.6.0_17"
|
Values Modified In The Registry:(0) [Original Value Value = Green , Modified Value = Red]
|
No registry modification. But add above mentioned registry entries to the registry.
|
Created Files:(4)
|
c:\Documents and Settings\All Users\Start Menu\Programs\Startup\LoveCalculator.exe
c:\Documents and Settings\Kanishka\Local Settings\Temp\i4jdel0.exe
c:\LoveCalculator.exe , d:\LoveCalculator.exe , ....., p:\LoveCalculator.exe
c:\Documents and Settings\Kanishka\Local Settings\Temp\LoveVirus.jar
|
Files Deleted:(0)
|
No file deletion were detected.
|
Files Modified:(0)
|
No file modifications.
|
Network Activities:( )
|
We do not identified any network activity of this file.
|
More Info :( )
|
Java Imports
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.awt.Component;
import javax.swing.JOptionPane;
import javax.swing.UIManager;
|
|
