p4kl3k
http://pcmav.biz/top-10-virus-mei-2008.html
5. Lancang
Virus ini menggunakan icon folder lama. Memiliki ukuran sekitar 36.864 bytes, tanpa di-compress. ia dibuat menggunakan Visual Basic. Pada komputer terinfeksi, di root drive C:\ akan terdapat file wintask8201.exe, aku.doc, readme.txt, dan winph.sys yang kesemuanya merupakan file induk virus dengan ukuran yang sama.
cara mengatasinya
File: temuan_bpk.exe
Size: 36864 Bytes
MD5: 39B0C28917CDE0D967DFB9C4A4D330D0
crc32: 182D4E1C
Packer: None / Microsoft Visual Basic 5.0 / 6.0
File Properties: CompanyName MicroSoft
FileVersion 1.00
InternalName wintask
LegalCopyright copyright 2007
OriginalFilename wintask.exe
ProductName p4kl3k
#Registry yang diubah:
######################
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Wintask=c:\wintask8201.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe "Debugger"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe "Debugger"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe "Debugger"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe "Debugger"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe "Debugger"
#File yang dibuat virus:
########################
c:\wintask8201.exe
c:\readme.txt
c:\winph.sys
#comment
########
Jadi Worm ini kerjaannya ngeblok PCMAV, Nod32 (versi 2.x.x), dan Msconfig
buat ngebuka lagi akses buat programĀ² diatas buka aja regedit dan masuk ke
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
kalo ada subkey PCMAV-CLN.exe / PCMAV-RTP.exe / Nod32.exe / NOD32kui.exe / msconfig.exe
HAPUS AJA
kalo pengen yang otomatis, copy paste aja text didalam quote ini ke notepad dan save sebagai "Killtemuanbapak.bat" dan jalankan ^_^
@echo off
echo simple remover for worm temuan_bpk
echo dexlip 2008
echo.
c:
cd\
taskkill /f /im wintask8201.exe
taskkill /f /im readme.txt
taskkill /f /im winph.sys
taskkill /f /im temuan_bpk.exe
del /f /q wintask8201.exe
del /f /q c:\readme.txt
del /f /q winph.sys
del /f /q temuan_bpk.exe
shutdown -a
REG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Wintask /f
REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe" /f
REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe" /f
REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe" /f
REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe" /f
REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe" /f
cls
echo.
echo selesai.. silahkan tekan tombol apapun buat keluar..
pause >>nul
sumber:ansav zone
0 Comments:
Post a Comment
<< Home