Welcome To REAGEN blog’s

Trada yang tra mungkin to!!!!!

How To Handling Malware [3]

Hawdi????!!!!

heheheh moga-moga aja ga bosen-bosen neeh dengar celotehan na gw di topic yang gw buat sendiri!!!!!!….
gini cerita kali ini………
pasti rekan-rekan sekalian pernah nemuin kasus dimana ada file-file yang ber-ekstensi kan .EXE dan ber-Icon FOLDER….. yang mana ANTIVIRUS membaca na sebagai :

W32/wbworm.mxs
w32/lightmoon.gen5
w32/vbworm.mxd
w32/vbworm.mxr
w32/malware.bhkq

nah virus ini mempunyai gejala dimana setiap PC dalam keadaan aktif akan selalu menjalan pertahanan pada: 

C:\windows\jpv2w5k\oro86s6l.com

ato juga file tersebut akan menjalan file-file yang berada pada: 

C:\windows\jpv2w5k

ato lain na seperti:

services.exe
smss.exe
system.exe
winlogon.exe
lsass.exe

puji TUHAN untuk semua AV updatean terbaru sudah dapat mendeteksi varian tersebut……
nah namun akan menjadi MISSPOSTING jika gw ga beri manualisasi na didalam topic ini…..
lo pade bisa bikin lagi sebuah file BALIKIN.inf dengan source na kira-kira seperti ini: 

[Version]
Signature=”$Chicago$”
Provider=yooogy
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, “about:blank”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Classes\exefile,,,application
[del]
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableCMD
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKLM,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRecentDocsMenu
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSetFolders
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFind
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoTrayContextMenu
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoViewContextMenu
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,ShowSuperHidden
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
HKLM, SOFTWARE\Classes\exefile, NeverShowExt
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoPrinters
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoThemesTab
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,NoDispAppearancePage
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,NoDispScrSavPage
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,NoDispSettingsPage
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,ClassicShell
HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoThemesTab
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoInstrumentation
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoPrinters
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSetTaskbar
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSMHelp
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoStartMenuMorePrograms
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoThemesTabNoThemesTab
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoTrayContextMenu
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoUserNameInStartMenu
HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoClose
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoClose
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,HideClock
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,HideClock
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,NoDispAppearancePage
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,NoDispScrSavPage
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,NoDispSettingsPage
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,ClassicShell
HKLM,SOFTWARE\Policies\Microsoft\Windows\Installer, DisableMSI
HKLM,SOFTWARE\Policies\Microsoft\Windows\Installer,LimitSystemRestoreCheckpointing
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDiskCpl
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDesktop
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp, Disabled
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSaveSettings
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoControlPanel

setelah jadi lo hanya perlu klik kanan pada file BALIKIN.inf lalu klik INSTALL 

Advertisements

February 5, 2008 Posted by | Tips dan Trik | Leave a comment