TRDOS web site section, original INDEX.HTML : index1.html
TRDOS web site section, original SPECS.HTML : specs1.html
Following URLs are resource of WIN32/Tenga.gen virus file DL.EXE :
If a computer which with infected EXE files with WIN32/Tenga.gen virus, the virus code
trys to download "DL.EXE" at above URLs. If it successes, then DL.EXE will try to download TROJAN files for
grabbing (transfering) paswords and e-mail info to the (vx9) remote computers.
I have found and I have used NOD32 Antivirus program for Windows XP and also for DOS (NOD32DOS.EXE)
If the virus infected Windows XP system initialization files like WINLOGON.EXE (and if you run Windows XP on FAT32 file system) you need to start computer with WINDOWS 98 System Disk and run NOD32DOS.EXE for cleaning the WINDOWS XP system fıles.
You can download NOD32 Antivirus program at: www.eset.com (also you can get info about that virus, there)
NOD32 Antivirus Program successfully detects and cleans files which infected by WIN32/Tenga.gen worm/virus.
Erdogan Tan (14/5/2006)
My Message from one day ago:
Me, Erdogan Tan, I am temporary stopping service of original specs.html and original index.html
web pages due to show/declare about VIRUS senders and virus owners/developers.
I found "dl.exe" trojan program when my Windows XP OS running.
Continuously it was trying to run but it was failing.
Several times i had resetted my Windows configuration but DL.EXE problem restarted again.
Yesterday, i disabled INTERNET configuration and i saw that
some code was trying to access DL.EXE file
for downloading it. At normally, it is hidden but if you setup window XP and prevent to internet access at the beginning. You see the virus URL or download request.
For example: when i have disabled ADSL connection and Windows gave a message to me, "a program is trying to get a file or info from utenti.lycos.it", "a program is trying to get a file or info from vx9.users.freebsd.at".
When i look it. I tried to clean it but when i use my new BINARY FILE EDITOR (CODE GRABBER v1.0) (with Visual Basic 6.0 source code)
i see, most of exe files on my disks, have been infected. Original windows xp files are shorst and infected file has
3 KB additional virus code with an executable (with MZ header) image.
You see screen capture images of virus infected and clean TASMAN.EXE as example.
UTENTI.LYCOS.IT and VX9.USERS.FREEBSD.AT are VIRUS SITES (virus file: DL.EXE)
(NOTE: original virus is not DL.EXE. Original virus does this,downloads and runs the trojan file DL.EXE)
The VIRUS which downloads and run DL.EXE at
singlix.org TR-DOS ORIGINAL SPECS.HTML: specs1.html
singlix.org TR-DOS ORIGINAL INDEX.HTML: index1.html
WINDOWS XP TASKMAN:EXE with VIRUS addition, byte pos: 17785 (NOTE: "MZ" shows virus code is an exe code.)
Notice that virus site names and virus file name are shown at the binary file editor window.
TASKMAN.EXE without VIRUS, notice that file size is 15360 bytes
Continual code of VIRUS:
Notice that: bytes position 17785 is the start of virus code. Virus added file size: 18944 bytes.
Then, the virus code is 3584 bytes. (Note: virus code addition changes the orginal windows XP file date/times with last modification date/time. So
an XP user can understand virus infection: by seeing it has changed windows SYSTEM32 exe file or any exe file size, date/time which had original WINDOWS XP setup -fixed, cd-rom file- time, before. Also file size will be 3-4 KB larger.
FINALY, we can say...
That is a pitty...
or UNTENTI.LYCOS.IT or VX9.FREEBSD.AT guy,gay gamers
have been fucked by CODE GRABBER v1.0 program by Erdogan Tan.
DL.EXE OUT... Code Grabber... IN...
Let developers fuck hackers...
I am an amateur developer... I don't like hackers... Because, They are info SUCKERS...
Hackers are also suckers...
Erdogan Tan (13/5/2006)