Update 05/06/2010
Loikaw.exeFilesize: 244,675 bytes
MD5: EABB037DF4126080B26D2ABFEA51CE9B
SHA-1: F6C1A824B27FCB81976088308900426265DADED4
===================================================
ตัวอย่าง message box หลังจากติด Virus loikaw
Welcome to loikaw in kayah
chi thu loikaw kola par nor
write by comput5r3razygirl@gmail.com
"loikaw hacking day" 3D virus for jan
ข้อความใน
Virus Information.txt
Hi fri “Administrator”
It is nice to meet you . . . .
I ko thi lar, see yin kaw kin mar lar, i ka talk khin tat tal nor . . . .
I ka girl nor, chit mar lar . . . . .
I ka u computer ko bar ma, ma loat par buu khin lo Virus write pi talk sa tar ko , he` he` . . .
Sate so ya buu nor i ka di lo pae` . . . . ya tal ma hote lar I name ko thi chin lar? pyaw pya par buu; bar lo pyaw pya ya mar lae` u ka boy lar, age ka kaw?
i ka 18age girl i gamil ka comput5r3razygirl@gmail.com bye bye . . . luu soe . . . fly kiss . .
------------------------------------------------------------------------
Files created
C:\autorun.inf
C:\Temp.pif
C:\Documents and Settings\[UserName]\Application Data\control.exe
C:\Documents and Settings\[UserName]\Application Data\Microsoft\CD Burning\Mp3.exe
C:\Windows\Loikaw.exe
C:\autorun.inf
C:\Temp.pif
C:\Documents and Settings\[UserName]\Application Data\control.exe
C:\Documents and Settings\[UserName]\Application Data\Microsoft\CD Burning\Mp3.exe
C:\Windows\Loikaw.exe
C:\Windows\Jan.exe
C:\Windows\System32\extramain.exe
C:\Windows\System32\Iexplorer.exe
C:\Windows\%UserName%.exe
MD5: EABB037DF4126080B26D2ABFEA51CE9B
SHA-1: F6C1A824B27FCB81976088308900426265DADED4
------------------------------------------------------------------------
C:\Documents and Settings\[UserName]\Desktop\Virus Information.txt
C:\Documents and Settings\[UserName]\Application Data\Microsoft\CD Burning\autorun.inf
Registry Modifications
Keys Added
HKLM\SOFTWARE\Classes\soesoe
HKLM\SOFTWARE\Classes\soesoe\DefaultIcon
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system
Values Added:
HKUM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
\DefaultIcon :(Default) = "%System%\winlogon.exe,0"
HKLM\SOFTWARE\Classes\soesoe\DefaultIcon
Default = "%System%\mshearts.exe,0"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
load = "%Windir%\Loikaw.exe"
* = "%AppData%\control.exe"
Values Midified
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFind = 0x00000001
NoFolderOptions = 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system
DisableTaskMgr = 0x00000001
DisableRegistryTools = 0x00000001
Value deleted:
HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon:(Default) = "%SystemRoot%\Explorer.exe,0"
(C:\WINDOWS\System32\shell32.dll,15)
------------------------------------------------------------------------
วิธีกำจัด Virus : Loikaw.exe (update 05/06/2010)
------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Loikaw 1.2
C:\Windows\System32\extramain.exe
C:\Windows\System32\Iexplorer.exe
C:\Windows\%UserName%.exe
MD5: EABB037DF4126080B26D2ABFEA51CE9B
SHA-1: F6C1A824B27FCB81976088308900426265DADED4
------------------------------------------------------------------------
C:\Documents and Settings\[UserName]\Desktop\Virus Information.txt
C:\Documents and Settings\[UserName]\Application Data\Microsoft\CD Burning\autorun.inf
Registry Modifications
Keys Added
HKLM\SOFTWARE\Classes\soesoe
HKLM\SOFTWARE\Classes\soesoe\DefaultIcon
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system
Values Added:
HKUM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
\DefaultIcon :(Default) = "%System%\winlogon.exe,0"
HKLM\SOFTWARE\Classes\soesoe\DefaultIcon
Default = "%System%\mshearts.exe,0"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
load = "%Windir%\Loikaw.exe"
* = "%AppData%\control.exe"
Values Midified
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFind = 0x00000001
NoFolderOptions = 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system
DisableTaskMgr = 0x00000001
DisableRegistryTools = 0x00000001
Value deleted:
HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon:(Default) = "%SystemRoot%\Explorer.exe,0"
(C:\WINDOWS\System32\shell32.dll,15)
------------------------------------------------------------------------
วิธีกำจัด Virus : Loikaw.exe (update 05/06/2010)
------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Loikaw 1.2
หมายเหตุ :
version 1.2
- แก้ไขการกำจัดไฟล์ Jan.exe
version 1.1
- แก้ไขคำสั่ง delete ไฟล์ %Username%.exe
- แก้ไขการ Modifoed Registry ส่วนของ .bat และ .cmd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat > (default) = batfile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd > (default) = cmdfile
โหลดไปแล้วนะคะ
ReplyDeleteขอบคุนมากค่ะ
โหลดมาแล้วค่ะ ขอบคุณมากๆนะคะิ ไวรัสตัวนี้น่ารำคาญมากเลยค่ะ
ReplyDeleteThank you........
ReplyDeleteworks fine.
ReplyDeleteThanks a lot.
ไหว้งามๆ 1 ทีครับ ดูคนอวดผีอยู่แม่งขึ้น
ReplyDeleteตกใจคิดว่าผีหลอก = =
how do u get rid of this ? -.-
ReplyDeleteDownload Fix Tool : PeeTechFix-Loikaw 1.2
ReplyDeletehttp://www.mediafire.com/download.php?lydzndmznmz
Hey there I am so grateful I found your blog page, I really found you
ReplyDeleteby error, while I was searching on Askjeeve for something else, Regardless
I am here now and would just like to say kudos for a incredible post and a
all round thrilling blog (I also love the theme/design), I don’t have time to read through
it all at the minute but I have book-marked it and also included your RSS feeds, so when I have
time I will be back to read more, Please do keep up the great b.
You really make it appear so easy along with your presentation however I
ReplyDeletefind this topic to be actually something that I believe I might by no means understand.
It kind of feels too complex and very large for me. I'm having a look forward for your subsequent submit, I will try to get the hang of it!
We absolutely love your blog and find the majority of your post's to be exactly what I'm
ReplyDeletelooking for. Does one offer guest writers to write content
available for you? I wouldn't mind creating a post or elaborating on some of the subjects you write about here.
Again, awesome web log!
Excellent beat ! I wish to apprentice even as you amend your web site, how could i subscribe for a weblog
ReplyDeletewebsite? The account aided me a appropriate deal. I had been a little bit familiar of this your broadcast
provided brilliant transparent idea
Hi there to all, how is all, I think every one is getting more from this
ReplyDeleteweb page, and your views are fastidious in support of new users.
Hi, i think that i noticed you visited my website so i came
ReplyDeleteto go back the prefer?.I'm trying to in finding things
to improve my website!I assume its ok to make use of some of your ideas!!
Thanks for the good writeup. It actually was a leisure account it.
ReplyDeleteLook complex to far added agreeable from you!
By the way, how could we be in contact?
Wonderful article! This is the type of information that are supposed to be shared around the web.
ReplyDeleteShame on Google for not positioning this publish upper!
Come on over and seek advice from my web site . Thanks =)
Fantastic beat ! I would like to apprentice while you amend your website,
ReplyDeletehow can i subscribe for a blog website? The account aided me a acceptable deal.
I had been tiny bit acquainted of this your broadcast provided bright clear concept
If some one needs expert view concerning blogging after that
ReplyDeletei suggest him/her to visit this weblog, Keep up the fastidious work.
I know this web site gives quality based content and extra information, is there any other website which offers such data in quality?
ReplyDeleteI'm not sure where you are getting your info, but great topic.
ReplyDeleteI needs to spend some time learning more or understanding more.
Thanks for great information I was looking for this info for my mission.
Thanks for sharing your thoughts about visit site.
ReplyDeleteRegards
Useful info. Fortunate me I discovered your website by accident, and I'm surprised why this accident didn't took place earlier!
ReplyDeleteI bookmarked it.
When someone writes an post he/she maintains the thought of a user in his/her brain that how a user can be aware of it.
ReplyDeleteSo that's why this piece of writing is outstdanding.
Thanks!
This is really interesting, You're a very
ReplyDeleteskilled blogger. I have joined your feed and look forward to seeking more of your wonderful
post. Also, I have shared your web site in my social networks!
Hey! Someone in my Myspace group shared this website with
ReplyDeleteus so I came to check it out. I'm definitely loving the information. I'm book-marking and will be tweeting this to my followers!
Wonderful blog and terrific design.
Quality articles or reviews is the secret to attract the viewers to pay a quick visit the website, that's what this site is providing.
ReplyDeleteThere's certainly a lot to know about this topic. I really like all of the points you have made.
ReplyDeleteI used to be suggested this web site through my cousin. I am no longer positive whether this post
ReplyDeleteis written by means of him as no one else recognize such precise about
my trouble. You're incredible! Thank you!
Greate post. Keep posting such kind of info on your page.
ReplyDeleteIm really impressed by it.
Hey there, You have performed an incredible job. I'll
certainly digg it and in my opinion recommend to my friends.
I'm confident they'll be benefited from this website.
Piece of writing writing is also a fun, if you be acquainted with afterward you can write or else it is complex to write.
ReplyDeleteCan you tell us more about this? I'd like to find out some additional
ReplyDeleteinformation.
Why users still use to read news papers when in this technological globe all is presented on net?
ReplyDeleteIt's hard to come by experienced people about this topic, however, you seem like you know what you're
ReplyDeletetalking about! Thanks
Howdy would you mind letting me know which web host you're utilizing?
ReplyDeleteI've loaded your blog in 3 different browsers and I must say this blog loads a lot quicker
then most. Can you recommend a good internet hosting provider at a honest
price? Thank you, I appreciate it!
Thanks for finally writing about >"How to remove Loikaw.exe" <Liked it!
ReplyDeleteAmazing! This blog looks just like my old one! It's on a totally different topic but it has pretty much the same layout and design. Wonderful choice of colors!
ReplyDeleteWOW just what I was looking for. Came here by
ReplyDeletesearching for chandigarh to manali tour package
I'm really loving the theme/design of your weblog.
ReplyDeleteDo you ever run into any browser compatibility issues? A number of my blog audience have complained about my site not operating correctly in Explorer but looks great in Chrome.
Do you have any ideas to help fix this problem?
Appreciating the hard work you put into your site and
ReplyDeletein depth information you provide. It's great to come across a blog every once in a while
that isn't the same unwanted rehashed material.
Fantastic read! I've bookmarked your site and I'm including your
RSS feeds to my Google account.
I got this web page from my buddy who informed me concerning this website and at the moment this time I am browsing this website and reading very informative articles or reviews here.
ReplyDeleteWay cool! Some extremely valid points! I appreciate you penning this write-up plus the
ReplyDeleterest of the site is really good.
Very soon this website will be famous amid all blog viewers, due to it's
ReplyDeletefastidious content
Hi there! This post couldn't be written much better! Looking
ReplyDeleteat this post reminds me of my previous roommate!
He always kept talking about this. I'll send this information to him.
Pretty sure he'll have a very good read. Thank you for sharing!
That is really attention-grabbing, You're an overly professional blogger.
ReplyDeleteI have joined your feed and look forward to in quest of extra of your wonderful post.
Also, I've shared your site in my social networks
It's very effortless to find out any matter on net as compared
ReplyDeleteto textbooks, as I found this article at this web page.
Hello mates, pleasant article and pleasant arguments commented at this place, I am
ReplyDeletegenuinely enjoying by these.
Have you ever considered about including a little bit more than just your articles?
ReplyDeleteI mean, what you say is fundamental and everything. But just imagine if you added
some great images or video clips to give your posts more, "pop"!
Your content is excellent but with images and videos, this blog could
definitely be one of the most beneficial in its niche. Terrific blog!
I am curious to find out what blog platform you are using?
ReplyDeleteI'm experiencing some small security issues with my latest blog and I would like to find something more risk-free.
Do you have any suggestions?
This is the right site for everyone who wants to understand this topic.
ReplyDeleteYou know a whole lot its almost hard to argue with you (not that I personally would want to…HaHa).
You certainly put a new spin on a subject that's been written about for years.
Great stuff, just excellent!
What's Taking place i am new to this, I stumbled upon this
ReplyDeleteI have found It absolutely helpful and it has helped me out loads.
I'm hoping to give a contribution & help other users like its helped me.
Good job.
In fact when someone doesn't know afterward its up to other viewers that they will assist,
ReplyDeleteso here it occurs.
This site truly has all the info I wanted concerning this subject and didn't know who to ask.
ReplyDeleteHi friends, how is everything, and what you would like
ReplyDeleteto say concerning this paragraph, in my view its in fact awesome for me.
Because the admin of this web site is working, no hesitation very shortly it will be well-known, due to its quality contents.
ReplyDeleteThank you for the good writeup. It in fact was a amusement account it.
ReplyDeleteLook advanced to more added agreeable from you!
By the way, how can we communicate?
Hi! Do you use Twitter? I'd like to follow you if that would be ok.
ReplyDeleteI'm undoubtedly enjoying your blog and look forward to new posts.
Hey there I am so thrilled I found your webpage, I really found you by accident, while I was
ReplyDeleteresearching on Google for something else, Anyhow I am here now and would just like to say thanks a lot for a remarkable post and
a all round enjoyable blog (I also love the theme/design), I don't have time to browse it all at the minute but I
have book-marked it and also added your RSS feeds, so when I have time I will be back to read a great deal more, Please do keep up the great job.
If some one wants expert view on the topic of running a blog after that i propose him/her
ReplyDeleteto pay a visit this web site, Keep up the fastidious job.
Incredible story there. What happened after? Good luck!
ReplyDeleteWow, this post is pleasant, my sister is analyzing these
ReplyDeletethings, thus I am going to tell her.
Hi! I know this is kinda off topic but I was wondering if you knew where I
ReplyDeletecould find a captcha plugin for my comment form?
I'm using the same blog platform as yours and I'm having trouble finding one?
Thanks a lot!
I couldn't refrain from commenting. Well written!
ReplyDeleteThank you for sharing your thoughts. I really appreciate your efforts and I will be
ReplyDeletewaiting for your further post thank you once again.
Aw, this was a very nice post. Finding the time and actual effort to make a very good article… but what can I
ReplyDeletesay… I procrastinate a lot and don't seem to get nearly anything
done.
This is a really good tip particularly to those fresh to the blogosphere.
ReplyDeleteShort but very precise information… Appreciate your sharing
this one. A must read article!
Nice replies in return of this question with solid arguments and telling all
ReplyDeleteregarding that.
Very descriptive article, I enjoyed that a lot. Will there be a part 2?
ReplyDeleteHello, I enjoy reading all of your article post. I like to write a little
ReplyDeletecomment to support you.
Thanks very nice blog!
ReplyDeleteGreat post. I'm experiencing a few of these issues as well..
ReplyDelete