Google Local Exploit Virus

Huey, Dewey and Louie is the nephew of Uncle Donald is known for its mischief. But in Indonesia the internet world, at the end of 2009 has also been rang by Trio Kwek-Kwek others.

The first (Huey) is a virus that exploits such as Facebook Bredolab and Zbot, Dewey is a virus that exploits Yahoo Messenger and was analyzed by Vaksinis. The latter is Louie, a virus that directs all security access to Google’s site.

The following analysis of the virus action Google (Louie) who is known by the generic name and the detected W32/SmallTroj.VPCG infect thousands of computers in the country in early December 2009.

This virus needs to watch out because in addition to blocking access to security sites, it is also very difficult to remove manually and requires the Windows Live CD Mini PE to be cleaned thoroughly because it uses rootkit techniques which masquerade as the services and drivers.

Although the virus is created with Visual Basic programming language but the resulting effect is too much trouble, he will do a block of almost all security tools including antivirus commonly used by the user by way of reading the ‘filename’ of the application.

This virus will also block access to security websites and other websites that have been determined by the number switch to IP which is the public ip google. So every time a user tries to access to certain websites, including website security / antivirus, so that appears not you want the web but the website To do this he would add the website address which will be on the block to a file with a name [C: \ Windows \ System32 \ Drivers \ etc \ hosts]


Actually not too difficult to identify the characteristics of this virus, one of them is if the user accessing the web security / antivirus web it will be direct to the website

Another way that can be done is to check your windows host file. If there is IP address which followed the website it’s likely your computer has been infected with this virus.

Leave a Reply

Your email address will not be published. Required fields are marked *