Kamis, 02 Agustus 2007

ilangin virus manual

Code nameBUTOIJO@w32.daddy
CRC32 : 7D21DC75
Ukuran : 74.4 kb

Virus ini dibuat dengan visual basic, jadi jika anda terinfeksi cukup booting dengan CD windows XP bootable, kemudian pilih REPAIR dan ubah file dengan nama MSVBVM60.DLL yang ada di direktori c:\windows\sytem32 dengan nama lain, misalnya MSVBXXXX.XXX, kemudian restart, maka virus tidak berjalan lagih...

CIRI – CIRI YANG TERKENA VIRUS
1. Blok regedit / registry windows
2. Disabel task manager
3. Meneyembunyikan folder option
4. menyembunyikan run
5. menyembunyikan find
6. menyembunyikan context menu
7. menyembunyikan control panel
8. Merubah organization menjadi buto ijo
9. merubah owner menjadi buto ijo
10. merubah tampilan wallpaper
Semuanya berukuran 74.4 kb dan mempunyai nilai crc32-nya 7D21DC75

FILE PEMICU VIRUS
File pemicu virus tersebut ada di tiap drive anda, yaitu di:

A:\Butoijo.exe
B:\Butoijo.exe
C:\Butoijo.exe
D:\Butoijo.exe
E:\Butoijo.exe
F:\Butoijo.exe
G:\Butoijo.exe
H:\Butoijo.exe

PESAN – PESAN YANG DIMUNCULKAN
Pesan dari butoijo hanya memunculkan kalau si virus itu ada di komputer anda, begini pesannya:

”virus ButoIjo bersarang di computer anda”


MANIPULASI REGISTRI
Registry yang telah dimanipulasi oleh virus ini:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCpl"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel""HKLM\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization,"BUTOIJO"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOwner, " 1"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies, "ActiveDesktop\NoChangingWallpaper"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"


PENANGGULANGAN
1. Seperti biasa donlot pengontrol virus di www.virologi.info/download/ , yaitu showkillprocess, acep.scr atau acep.exe dan WAV 2005:


Kemudian matikan proses dengan nama berikut ini:

A:\Butoijo.exe
B:\Butoijo.exe
C:\Butoijo.exe
D:\Butoijo.exe
E:\Butoijo.exe
F:\Butoijo.exe
G:\Butoijo.exe
H:\Butoijo.exe


2. Scan Hardisk anda dengan WAV 2005 update terbaru
3. Jika belum puas cari file berekstensi .exe dengan ukuran 74.4kb dan mempunyai icon folder berwarna kuning, kemudian hapus.
4. Cari dan hapus file dengan nama:

A:\Butoijo.exe
B:\Butoijo.exe
C:\Butoijo.exe
D:\Butoijo.exe
E:\Butoijo.exe
F:\Butoijo.exe
G:\Butoijo.exe
H:\Butoijo.exe

5. Hapus registry yang ada di alamat berikut:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCpl"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel""HKLM\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization,"BUTOIJO"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOwner, " 1"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies, "ActiveDesktop\NoChangingWallpaper"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"



6. Kemudian restart komputer anda …
7. Jika masi ada ulangi langkah tadi …


submer: www.virologi.info
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)