Ads

Buku Formula Cinta

Cara Menanggulangi Virus virut.w32.ce & sality..

Cara Menanggulangi Virus virut.w32.ce & sality..

Add Comment Edit
Profil Virus W32/Sality.gen :


Spoiler: show
Quote:W32/Sality.gen
Risk Assessment: Home Low | Corporate Low
Date Discovered: 7/5/2007
Date Added: 7/5/2007
Origin: N/A
Length: N/A
Type: Virus
Subtype: Generic
DAT Required: 5068

W32/Sality.gen adalah virus parasit yg menginfeksi Win32 PE executable files.
Saat di eksekusi, dimulai di service random UDP Port dan mengkloning diri nya
Code:
* %Windir%\System32\Drivers\{random}.sys

serta membuat registry
Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr
HKEY_CURRENT_USER\Software\{%UserName%}914

ga hanya itu ... dia juga memodifikasi reg
Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ Parameters\FirewallPolicy\StandardProfile\Authorized Applications\ListSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
dimana %UserName% adalah sebagai log on dr windows
Code:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\

menginfeksi file *.exe *.scr yg berada di local, network and removable drives
Code:
WINDOWS
SYSTEM
SYSTEM32

serta meletakan dirinya dan mengkloning nya menjadi asc3360pr.scr, asc3360pr.pif or asc3360pr.exe ke dalam drive windows dan membuat Autorun.inf sebagai eksekusi nya
Code:
Unknown drive type (Type 0)
Removable media (Type 2) - e.g. USB drives.
Remote network drive (Type 4) - e.g. shared folders.

beberapa service yg di remove
Code:
* Agnitum Client Security Service
    * ALG
    * aswUpdSv
    * avast! Antivirus
    * avast! Mail Scanner
    * avast! Web ScannerAVP
    * BackWeb Plug-in - 4476822
    * bdss
    * BGLiveSvc
    * BlackICE
    * CAISafe
    * ccEvtMgr
    * ccProxy
    * ccSetMgr
    * Eset Service
    * F-Prot Antivirus Update Monitor
    * fsbwsys
    * FSDFWD
    * F-Secure Gatekeeper Handler Starter
    * fshttps
    * FSMA
    * InoRPC
    * InoRT
    * InoTask
    * ISSVC
    * KPF4
    * LavasoftFirewall
    * LIVESRV
    * McAfeeFramework
    * McShield
    * McTaskManager
    * navapsvc
    * NOD32krn
    * NPFMntor
    * NSCService
    * Outpost Firewall main module
    * OutpostFirewall
    * PAVFIRES
    * PAVFNSVR
    * PavProt
    * PavPrSrv
    * PAVSRV
    * PcCtlCom
    * PersonalFirewal
    * PREVSRV
    * ProtoPort Firewall service
    * PSIMSVC
    * RapApp
    * SmcService
    * SNDSrvc
    * SPBBCSvc
    * Symantec Core LC
    * Tmntsrv
    * TmPfw
    * tmproxy
    * UmxAgent
    * UmxCfg
    * UmxLU
    * UmxPol
    * vsmon
    * VSSERV
    * WebrootDesktopFirewallDataService
    * WebrootFirewall
    * XCOMM

dia juga menghapus file
Code:
* .vdb
* .key
* .avc

Basmi'a ;

1. Pake ini aja http://www.ziddu.com/download/10462229/s...r.zip.html
2. Lalu bersihkan pke antivirus

* Klo pke antivirus langsung suka ilang tuh .exe nya ... karena kan sality nyerang .exe ... :(.

SHARE

Author

hai saya farland.seseorang yg sedang memahami dan menikmati dunia blog... I'am Blogger and Javascript Programmer.

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment

komentar anda sangat penting utk kemajuan blog ini.trimakasih utk kunjungannya...

Subscribe to: Post Comments ( Atom )