I dedicated this translation upon my previous post(Shuriken), which may be useful for someone like Mr. Mughis Tahir, who have a same problem with this trojan variant as I am.
Shuriken (手裏剣; lit: "hand released blade") is a traditional Japanese concealed weapon that was generally used for throwing, and sometimes stabbing or slashing an opponent’s arteries. They are sharpened hand-held blades made from a variety of everyday items such as needles, nails, and knives, as well as coins, washers, and other flat plates of metal. Shuriken were mainly a supplemental weapon to the more commonly used katana (sword) or yari (spear) in a warrior’s arsenal, though they often played a pivotal tactical role in battle. (http://en.wikipedia.org)
Yaps, that is the name of Trojan I have found from my sister flash disk. I have no idea where is that Trojan come from; internet café is a reasonable place I concluded. The Trojan works just as same as brontok variant, it creates executable files, and makes such folder icon, so that we won’t suspicious that is the Trojan. But if we look at details of the files, we will absolutely know that is a Trojan. The size of the file makes this Trojan easy to find, its 42 kb or 84 kb. I ‘open with’ the file with notepad; here is the content of the file:
Its Javanese language, one of the tribe in Indonesia, one of the most populated island, Java. If I may translate, it sounds like:C : \ W I N D O W S \ W I N D O W S . e x e
S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ A d v a n c e d
H K E Y _ C L A S S E S _ R O O T \ $ H K E Y _ C U R R E N T _ U S E R \ & H K E Y _ L O C A L _ M A C H I N E \ H K E Y _ U S E R S \ ( H K E Y _ C U R R E N T _ C O N F I G \ H K E Y _ D Y N _ D A T A \ , H K E Y _ P E R F O R M A N C E _ D A T A \
N A M A : p e s a n : O I D A B ! ! ! B A G U S S U P A R T O N O H n g g a k a d a p e s e n u n t u k d i r i k u s e n d i r i E R W A N H E R M A W A N < a y o d a b c a r i c h a t i n g a n l a g i . . . S U P R I Y A N T O 9꯮K6C Ã7ü’’ˆ8 p i y e k a b a r e p a r a n g t r i t i s . . . . A D I J A Y U S M A N . s o r r y d i g a w e k a g e t . . . . D J A N A N Z A M Z A M I 4 h e h e h e h , n d a k a d a p e s e n . . . E D I D W I D A R Y A P T O V a s s a l a m u a l a i k u m y a p t o m a s i h j u a l b a t i k ? > ? ? ? A C H M A D M U L T A Z A M 2 w a d u h t e p o y o k e n o t o
Please excuse us for this inconvenient display. We just want to give an important message for my partner wherever he is. We are really grateful if you fill in the name that we suggested. We persuade that this is not Trojan which is damages your system file just like many variant of Trojan lately. This Trojan indeed helps you out get rid of brontok variant virus. Thank you.
The properties of the file are:
Size on disk : 224 KB (229.376 bytes)
File Version : 1.00
Internal Name : SHURIKEN 3
Language : English (United States)
Original File name : SHURIKEN 3.exe
Product Name : Project1
Product Version : 1.00
However as they said that, this Trojan is not dangerous and make system file corrupted, since it spread out at the drive but C, where the Windows installed. Thus, the Trojan does not make the registry keys damaged. And how to get away of this Trojan, you have just search it with category: *.exe and the size is not greater than 244kb. You will see the executable file with yellow folder icon (you have to view it with details).
I’ve found about 500 files so the total sizes of undesired files are 130.514.944bytes (124MB). I am afraid this Trojan doesn’t get along with Freeware What’s Running, an utility I have used it to wipe out brontok variant, and so does Brontok Cleaner which is made by a student at my university.
In spite of that, I shall applaud you guys who made such a phenomenal in computer world.
