Tanggal 28 November 2009, saya dapat pesan di YM dari seseorang yg saya kenal yg berisi attachment / link dan waktu itu memang sy sedang lengah, hingga saya click link tersebut dan ternyata.....
itu mengandung virus...., reaksinya waktu itu tiba2 daftar contact saya yg sedang off-line di Hapus/di sembunyikan dan yg on-line dikirimkan pesan yg saya sendiri tidak merasa menulisnya....
sampai akhirnya saya non aktifkan sementara YM saya....
dan baru tanggal 30 November saya cari2 ini virus apa..... dan ketemu, ternyata memang virus baru yg baru dideteksi tanggal 27 Nov 2009 ditemukan di Indonesia dan India.
Berikut hasil penelusuran saya:
Associated Malware Groups
The filename is associated with the malware group:- Cloaked Malware
File Behavior
WMISRPC.EXE has been seen to perform the following behavior:WMISRPC.EXE has been the subject of the following behavior:
- Added as a Registry auto start to load Program on Boot up
- Executed as a Process
Country Of Origin
The filename WMISRPC.EXE was first seen on Nov 27 2009 in the following geographical regions of the Prevx community:- INDIA on Nov 27 2009
- INDONESIA on Nov 27 2009
File Name Aliases
WMISRPC.EXE can also use the following file names:- DVC-PICTURE002.JPEG_WWW.FACEBOOKGALLERY.COM
- 46247376.EXE
- 6YP[1].ZIP
- EU.EXE
- GE.EXE
- DE.EXE
- msropq.exe
- 1ao[1].zip
Filesizes
This file has been seen with the following file size:- 212,992 bytes
Vendor, Product and Version Information
A file with the name WMISRPC.EXE have been seen to have the following Vendor, Product and Version Information in the file header:- Realtek Semiconductor Corp.; Realtek Azalia Audio - Event Monitor; 1.6.0.2