Don’t open it, or try to see Sandra Dewi in Nude or “Sandra Dewi Bugil” if you see this message, just deleted. This viruses spread using removable disk/USB as a transfer media. Norman Security Suite detect this virus Sandra Dewi varian with name W32/Obfuscated.Bigenr. On the script of this virus also merge a name of STMIK PPKIA one of the college name in East Kalimantan of Indonesia.
Feature of this virus as follows:
- Have file size about 132 kb
- Have a file type “Application.”
- With extension .exe
- Have icon JPEG picture
This viruses is created using visual basic program, if this virus infect then will copy them selves with name of:
- C-Sandra Dewi Bugil.exe (on all of drive root)
- C-Documents and Settings-%user%-Start Menu-Programs-Startup-Sandra Dewi Bugil.exe
- C:-WINDOWS-Sandra Dewi Bugil.exe
- C:-WINDOWS-system32- Sandra Dewi Bugil.exe
- Create a file duplication on every forlder on the removable drive/usb.
This Sandra Dewi virus will view of message before login: like on the picture that is mean: “Very painful if our love being refuse, formerly people using black magic as a media to get their love. As the improvement on technology people using virus to get their love.”
Generally this virus is not destroy the system but just disturb. Virus will try to block of several windows function. Windows function that block such as:
- Folder Options (to prevent from see of hidden file)
- Registry Editor (to prevent on recovering system registry)
- Search/Find (to prevent from cleaning viruses)
- Command Prompt (to prevent kill virus)
- Task manager (prevent from monitoring virus)
- Control Panel (to prevent from control access from OS computer)
- MsConfig/System Configuration Utility (prevent to access on startup)
- Disable right click on the desktop
- Disable “All Program” on Start Menu
- Disable Lof Off/Turn Off on Start Menu
