Jakarta - W32/DLoader.ITOA mencoba memanipulasi isi berita CNN dengan cara mengirimkan e-mail yang seolah-olah dikirim dari kantor berita internasional tersebut. Di e-mail disertakan link-link berita palsu dengan subyek berjudul CNN.com Daily Top 10.
Virus ini akan membuat komputer seolah-olah error dengan cara menampilkan layar blue screen palsu. Bagaimana cara membasminya? Simak tips berikut ini:1. Lakukan proses pembersihan pada mode "safe mode".
2. Matikan service virus yang aktif. Untuk mematikan service virus lakukan langkah berikut
Klik [start]
Klik [Run]
Ketik [Services.msc]
Klik kanan service CbEvtSvc.exe kemudian pilih Properties
Pastikan pada menu "Services status" = Started
Pada kolom [startup type] pilih "Disable"
Klik "Ok"
3. Perbaiki registry windows yang telah diubah oleh virus. Silahkan salin script di bawah ini pada program notepad kemudian simpan dengan nama repair.inf, jalankan file tersebut dengan cara:
Klik kanan repair.inf
Klik Install[Version]Signature="$Chicago$"Provider=Vaksincom Oyee[DefaultInstall]AddReg=UnhookRegKeyDelReg=del[UnhookRegKey]HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"HKCU, Control Panel\Desktop, ConvertedWallpaper,0, ""HKCU, Control Panel\Desktop, OriginalWallpaper,0, ""HKCU, Control Panel\Desktop, SCRNSAVE.EXE,0, ""HKCU, Control Panel\Desktop, Wallpaper,0, ""HKCU, Software\Microsoft\Internet Explorer\Desktop\General, BackupWallpaper,0, ""HKCU, Software\Microsoft\Internet Explorer\Desktop\General, Wallpaper,0, ""[del]HKLM, Software\Microsoft\Windows\CurrentVersion\Run, lphc7nvj0e52eHKLM, Software\Microsoft\Windows\CurrentVersion\Run, servicesHKLM, Software\Microsoft\Windows\CurrentVersion\Run, SMrhc3nvj0e52eHKLM, Software\Microsoft\Windows\CurrentVersion\Run, rhc3nvj0e52e.exeHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispBackgroundPageHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispScrSavPageHKLM, SYSTEM\CurrentControlSet\Services\6127a5e3HKLM, SYSTEM\ControlSet002\Services\6127a5e3HKLM, SYSTEM\ControlSet001\Services\6127a5e3HKLM, SYSTEM\ControlSet001\Services\CbEvtSvcHKLM, SYSTEM\ControlSet002\Services\CbEvtSvcHKLM, SYSTEM\CurrentControlSet\Services\CbEvtSvcHKLM, SYSTEM\ControlSet001\Services\CbEvtSvcHKLM, SYSTEM\CControlSet002\Services\CbEvtSvcHKLM, SOFTWARE\Microsoft\software notifierHKLM, software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52eHKLM, software\rhc3nvj0e52eHKLM, software\Microsoft\Windows\CurrentVersion, rhc3nvj0e52eHKLM, software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post PlatformHKLM, SOFTWARE\Microsoft\Software NotifierHKLM, SYSTEM\ControlSet001\Services\125c1fb5HKLM, SYSTEM\ControlSet002\Services\125c1fb5HKLM, SYSTEM\CurrentControlSet\Services\125c1fb5
4. Hapus file virus berikut ini:
C:\WINDOWS\system32\CbEvtSvc.exe
C:\Documents and Settings\Elvina\Local Settings\Temp\lfq0kzgs.exe
C:\Documents and Settings\Elvina\Local Settings\Temp\.xx1.tmp.vbs (xx menunjukan karakter acak).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe
C:\WINDOWS\system32\lphc7nvj0e52e.exe
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\blphc7nvj0e52e.scr
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\windows\system32\drivers\xxx.sys (xxx menunjukan karakter acak dengan ukuran 108 KB, contohnya 6127a5e3.sys atau 125c1fb5.sys)
C:\Documents and Settings\LocalService\Application Data\584289103.exe
C:\Program Files\rhc3nvj0e52e
C:\Windows\system32\pphc7nvj0e52e.exe
C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e
C:\Documents and Settings\Elvina\Application Data\rhc3nvj0e52e.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\Elvina\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
5. Hapus file temporary dengan menggunakan tools ATF Cleaner untuk Windows XP, silahkan download tools berikut di alamat: http://www.majorgeeks.com/ATF_Cleaner_d4949.html
6. Untuk pembersihan optimal dan mencegah infeksi ulang silahkan gunakan antivirus yang up-to-date dan dapat mengenali virus ini dengan baik
Sumber : www.detikinet.com
2. Matikan service virus yang aktif. Untuk mematikan service virus lakukan langkah berikut
Klik [start]
Klik [Run]
Ketik [Services.msc]
Klik kanan service CbEvtSvc.exe kemudian pilih Properties
Pastikan pada menu "Services status" = Started
Pada kolom [startup type] pilih "Disable"
Klik "Ok"
3. Perbaiki registry windows yang telah diubah oleh virus. Silahkan salin script di bawah ini pada program notepad kemudian simpan dengan nama repair.inf, jalankan file tersebut dengan cara:
Klik kanan repair.inf
Klik Install[Version]Signature="$Chicago$"Provider=Vaksincom Oyee[DefaultInstall]AddReg=UnhookRegKeyDelReg=del[UnhookRegKey]HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"HKCU, Control Panel\Desktop, ConvertedWallpaper,0, ""HKCU, Control Panel\Desktop, OriginalWallpaper,0, ""HKCU, Control Panel\Desktop, SCRNSAVE.EXE,0, ""HKCU, Control Panel\Desktop, Wallpaper,0, ""HKCU, Software\Microsoft\Internet Explorer\Desktop\General, BackupWallpaper,0, ""HKCU, Software\Microsoft\Internet Explorer\Desktop\General, Wallpaper,0, ""[del]HKLM, Software\Microsoft\Windows\CurrentVersion\Run, lphc7nvj0e52eHKLM, Software\Microsoft\Windows\CurrentVersion\Run, servicesHKLM, Software\Microsoft\Windows\CurrentVersion\Run, SMrhc3nvj0e52eHKLM, Software\Microsoft\Windows\CurrentVersion\Run, rhc3nvj0e52e.exeHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispBackgroundPageHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispScrSavPageHKLM, SYSTEM\CurrentControlSet\Services\6127a5e3HKLM, SYSTEM\ControlSet002\Services\6127a5e3HKLM, SYSTEM\ControlSet001\Services\6127a5e3HKLM, SYSTEM\ControlSet001\Services\CbEvtSvcHKLM, SYSTEM\ControlSet002\Services\CbEvtSvcHKLM, SYSTEM\CurrentControlSet\Services\CbEvtSvcHKLM, SYSTEM\ControlSet001\Services\CbEvtSvcHKLM, SYSTEM\CControlSet002\Services\CbEvtSvcHKLM, SOFTWARE\Microsoft\software notifierHKLM, software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52eHKLM, software\rhc3nvj0e52eHKLM, software\Microsoft\Windows\CurrentVersion, rhc3nvj0e52eHKLM, software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post PlatformHKLM, SOFTWARE\Microsoft\Software NotifierHKLM, SYSTEM\ControlSet001\Services\125c1fb5HKLM, SYSTEM\ControlSet002\Services\125c1fb5HKLM, SYSTEM\CurrentControlSet\Services\125c1fb5
4. Hapus file virus berikut ini:
C:\WINDOWS\system32\CbEvtSvc.exe
C:\Documents and Settings\Elvina\Local Settings\Temp\lfq0kzgs.exe
C:\Documents and Settings\Elvina\Local Settings\Temp\.xx1.tmp.vbs (xx menunjukan karakter acak).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe
C:\WINDOWS\system32\lphc7nvj0e52e.exe
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\blphc7nvj0e52e.scr
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\windows\system32\drivers\xxx.sys (xxx menunjukan karakter acak dengan ukuran 108 KB, contohnya 6127a5e3.sys atau 125c1fb5.sys)
C:\Documents and Settings\LocalService\Application Data\584289103.exe
C:\Program Files\rhc3nvj0e52e
C:\Windows\system32\pphc7nvj0e52e.exe
C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e
C:\Documents and Settings\Elvina\Application Data\rhc3nvj0e52e.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\Elvina\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
5. Hapus file temporary dengan menggunakan tools ATF Cleaner untuk Windows XP, silahkan download tools berikut di alamat: http://www.majorgeeks.com/ATF_Cleaner_d4949.html
6. Untuk pembersihan optimal dan mencegah infeksi ulang silahkan gunakan antivirus yang up-to-date dan dapat mengenali virus ini dengan baik
Sumber : www.detikinet.com
No comments:
Informasi Pilihan Identitas:
Google/Blogger : Khusus yang punya Account Blogger.
Lainnya : Jika tidak punya account blogger namun punya alamat Blog atau Website.
Anonim : Jika tidak ingin mempublikasikan profile anda (tidak disarankan).