Ahsan virus

Ahsan’s Virus A legendary Computer Virus

Personal Statement by Writer of Article:
Me Hassan Ali I am writing about a master peace virus which attracts my attention & till now I am of same opinion that I haven’t seen any master peace such as “Home Video. Avi.exe” in other words “Ahsan’s Virus” or “Yahoo Messenger virus” those members who are in real infected & have a little knowledge of programming & those who know about virus attacks they will surely agree with me that it was a real master peace. That was a little introduction about the functions which attract my attention the most.
Main reason of writing this article:
I was infected by this virus at the end of January 2007. Before that I had encounter with a lot of virus but let me tell U the truth that I have never ever seen any think like that before. Even though it was a unique but bad experience at that time & I tried my best to remove that virus but, was unable to do that & in that time I got some time to analyze it deeply. So, I thought I should give information to the world about this.
Overview :
Ahsan’s virus (Home video.avi.exe) is a classification of a Worm/Generic which spreads via USB drives, Network, Writeable CDs & DVDs, Yahoo Messenger, & even it can spread itself using unknown devices.It Hides itself by using commonly used filenames. Modifies Memory of Other Processes.
Creates Registry Keys and Data values persistent on OS Reboot.
Enumerates open windows.
Replaces Browser Home page with it’s own url which sends information of infections, but remember it’s not a Trojan. It means it will not steal any personal information or passwords.
Writes Executable in the Windows Folder and other folders.
It uses AutoRun.Inf Files which help the virus to run automatically whenever user opens a drive, such as USB Flash drive or memory Card drives.
Some Best Features:
I noticed many things in that virus which I have never seen before some are as follow;
1- It automatically takes hold on your antivirus & completely Patch it so in other words your antivirus goes under the influence of this virus.
2- It immediately stops all kind of antivirus & security programs which required regular updates from net.
3- It disables your “Registry Editor” command so U can never enter in your windows registry to perform some actions against it.
4- Words censor also a nice feature which is never seen by me before. There are some words in the hit list of this virus for example “Process”, “Task manager”, “Registry” etc when ever these words came in any windows title or main text body the detected window will automatically close down or hidden.
5- Stops all kind of setups to reinstall. Once your system is infected with this virus then it won’t allow U at all to run any kind of setup on ur windows because whenever U try to run any set up your GUI (Graphical user interface) window will immediately close down & won’t appear again.
6- It also disables your windows “System Configuration Utility” Alias “MsConfig.exe”. When ever U type these words in your run box in-order to disable start up process it immediately close that window & it also won’t appear again.
7- It also takes hold on your “Yahoo” messenger. If ur system is infected with it then when ever u are going to chat with somebody it will immediately take hold of ur PC & start chatting with those members who are online by sending them messages for example “Hi”, “How Are U’ etc & then certainly it will attach itself & send it to other online members by saying “This is my Home made video just check it” & until & unless other person accept that file.
8- Task manager & Group Policy (gpedit.exe) are also disabled by this worm. So that you cannot kill its process & within few seconds task manager also disappears.
9- Disables System hidden files and file extensions for making confusion for infected user.
10- The last and the main Best feature of this virus is that it renames all the default icons of desktop to Ahsan’s like:
“My Documents” to “Ahsan’s Documents”
“My Computer” to “Ahsan’s Computer”
“Recycle Bin” to “G.W.Bush”
“My Network Places” to “Ahsan’s Places”
Even the title of your internet explorer will be renamed to new one.
About the Author of Ahsan’s virus:
Later on I got Ahsan’s E-mail address from some forum & try to contact him for the solution. At that time he replied me in a very manner method & sent a software made by him as a antivirus or virus solution for that virus. Later on I inquire from Ahsan’s that why he done all this but according to him he was just testing his skills but by mistake one of his friend got infected by that virus & then the virus was out of control all of sudden. He tried to explain several time on open forums that his intention was not to harm & he tried his best to provide the solution of that virus but no one trust anymore on him as well as his anti virus.
According to Ahsan he learnt computer programming languages like C++, Visual Basic & Some scripting languages by his own & there is no teacher of him & when he made that worm at that time his age was only 16 years. While talking to him he reveals that his worm is using 6thsense technology due to which it pays more attention on its own protection rather than disturbing user. That’s why after getting infected by this virus user can not run *.bat , *.cmd , *.vbs & *.reg files.
Defeat of antivirus companies:
In early days of this virus it was on peak & infect there wasn’t any solution available in initial 6 months of this virus. I was at that time a purchased customer of “Kaspersky Antivirus & Internet Security” but it fails to provide me any solution even though I also ask their experts on their help forum but every time my thread was locked or deleted by their team I have never ever seen such thing before I think their team also doesn’t have any solution for it. Just think if U pay money for any software & it won’t install then how you will feel?
If you still check some antivirus forums especially Kaspersky forum you will see most of the threads are locked & if u made a new post with “Ahsan’s Virus” as a heading then they will either remove your post or lock that post without any answer which is totally unfair. Just think how you will feel if you purchase original software CD & virus won’t allow you to install it in ur PC & the company from which you got it also don’t support you for this purpose.
Even McAfee Antivirus (Updated) was unable to detect it until 05-23-2008 and it shows a perfect defeat of antivirus companies.
Moral:
Hats Off to Ahsan’s virus and the mind behind it’s creation. Although it was Bad but Perfect.
 
< Prev   Next >