<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d34315400\x26blogName\x3dPuji+Hartoyo+%5Bpak+lek%5D\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLACK\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://pujihartoyo.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://pujihartoyo.blogspot.com/\x26vt\x3d2597784093978967392', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

01 November 2008

p4kl3k



http://pcmav.biz/top-10-virus-mei-2008.html

5. Lancang


Virus ini menggunakan icon folder lama. Memiliki ukuran sekitar 36.864 bytes, tanpa di-compress. ia dibuat menggunakan Visual Basic. Pada komputer terinfeksi, di root drive C:\ akan terdapat file wintask8201.exe, aku.doc, readme.txt, dan winph.sys yang kesemuanya merupakan file induk virus dengan ukuran yang sama.


cara mengatasinya

File: temuan_bpk.exe
Size: 36864 Bytes
MD5: 39B0C28917CDE0D967DFB9C4A4D330D0
crc32: 182D4E1C
Packer: None / Microsoft Visual Basic 5.0 / 6.0

File Properties: CompanyName MicroSoft
FileVersion 1.00
InternalName wintask
LegalCopyright copyright 2007
OriginalFilename wintask.exe
ProductName p4kl3k


#Registry yang diubah:
######################
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Wintask=c:\wintask8201.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe "Debugger"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe "Debugger"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe "Debugger"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe "Debugger"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe "Debugger"

#File yang dibuat virus:
########################
c:\wintask8201.exe
c:\readme.txt
c:\winph.sys

#comment
########
Jadi Worm ini kerjaannya ngeblok PCMAV, Nod32 (versi 2.x.x), dan Msconfig
buat ngebuka lagi akses buat programĀ² diatas buka aja regedit dan masuk ke
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
kalo ada subkey PCMAV-CLN.exe / PCMAV-RTP.exe / Nod32.exe / NOD32kui.exe / msconfig.exe
HAPUS AJA

kalo pengen yang otomatis, copy paste aja text didalam quote ini ke notepad dan save sebagai "Killtemuanbapak.bat" dan jalankan ^_^
@echo off
echo simple remover for worm temuan_bpk
echo dexlip 2008
echo.
c:
cd\
taskkill /f /im wintask8201.exe
taskkill /f /im readme.txt
taskkill /f /im winph.sys
taskkill /f /im temuan_bpk.exe
del /f /q wintask8201.exe
del /f /q c:\readme.txt
del /f /q winph.sys
del /f /q temuan_bpk.exe
shutdown -a
REG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Wintask /f
REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe" /f
REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe" /f
REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe" /f
REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe" /f
REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe" /f
cls
echo.
echo selesai.. silahkan tekan tombol apapun buat keluar..
pause >>nul

sumber:ansav zone

0 Comments:

Post a Comment

<< Home