bagi2 buat yg kena 81u3f4nt45y

April 2007
M	T	W	T	F	S	S
« Mar		Jun »
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

Posted by fakhrum on April 6, 2007

ada yg bilang ini virus lama…

ada jg yg bilang kalo ini virus baru.

gk salah sih…, soalnya virus baru muncul ini cuma varian dari virus lama, yaitu brontok. ciri2 umumnya ya seperti yg diketahui,bikin file .scr yg nyamar jadi folder. cuma ini lebih keren dikit, soalnya dia maenin registry jg. Dia ngubah show hidden value jadi 0, dan hide file ext jadi 1. Akibatnya, kita gk bakal bisa liat yg di hidden dan gk bisa liat extension file. Dia jg mengganti default type scrfile sebagai file folder. kamuflase yg lebih baik ketimbang variannya yg lain.

Kalo masalah ngapus ato ngilangin virusnya sih udah banyak yg tau, dan mungkin untuk benerin registry jg udah banyak yg bisa.

Nah, buat yg belom tau, virus ini bisa di detect ama AVG, Norman, Killer Machine, dan beberapa antivirus lain yg bisa ditambahkan sendiri.

Kalo buat benerin registrynya, pake script dibawah ini aja kalo bingung.

[Version]

Signature=”$Chicago$”

Provider=Vaksincom Oye – Blue Fantasy

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”

HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”

HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0×00010001,0

HKLM, SOFTWARE\Classes\scrfile,,,”Screen Saver”

[del]

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, LegalNoticeCaption

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, LegalNoticeText

HKLM, SOFTWARE\Classes\scrfile, InfoTip

HKLM, SOFTWARE\Classes\scrfile, NeverShowExt

HKLM, SOFTWARE\Classes\scrfile, TileInfo

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

copy aja scriptnya ke notepad, trus simpan dengan extension .inf, abis itu klik kanan pilih install.

Selamat mencoba :D

manualnya ada di : vaksin.com

This entry was posted on April 6, 2007 at 1:56 am and is filed under KNoW-hoW. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

« AAAAAAAAARRRRRGGGGHHHHHH……..!!!!!

bahaya “berpikir” positif »

Fakhrum’s BLOG

this is what u know as BLOG

Blogroll

Meta

Subscribe

bagi2 buat yg kena 81u3f4nt45y

Leave a Reply