• Berantas Virus Cinta

    Tanda-tanda Komputer Terjangkit Virus Cinta

    Virus lokal bernama Siggen yang bertemakan cinta sudah mulai terdeteksi keberadaannya. Meski tidak berbahaya, namun virus ini tergolong merepotkan.

    Sebenarnya tidak terlalu sulit untuk mengetahui jika komputer pengguna terjangkit virus ini, seperti gejala umum komputer terinfeksi virus lainnya. bahkan tanpa harus mengerti seluk beluk komputer, ciri-cirinya sebagai berikut:

    • Muncul beberapa file yang di simpan pada folder root setiap hard disk dengan nama file: - %tanggal% _ TrueLove.exe, %tanggal%, menunjukan tanggal system komputer (contoh: 13 March 2011 _ TrueLove.exe) TransparentScreenSaver...scr. Folder [kasihku]. Folder [–], folder ini akan disembunyikan. Folder [Koleksi ScreenSaver].

    • Muncul Screensaver yang akan ditampilkan secara otomatis sesuai dengan waktu yang telah ditentukan. Pada saat Screen Saver itu muncul user tidak dapat melakukan aktivitas di komputer sampai screensaver tersebut selesai dijalankan.

    • Tidak dapat mengakses (double click) file yang dkompresi baik menggunakan program Winzip atau Winrar dengan menampilkan pesan error.

    •  Terjadi perubahan pada icon file dan type file yang mempunyai ekstensi ZIP.

    Virus Siggen merupakan hasil karya programer lokal yang sepertinya sedang mabuk asmara, ia tidak berani mengungkapkan isi hati kepada wanita yang dikaguminya. Hal itu terlihat dari beberapa pesan bertema cinta yang dituliskan pembuat di dalam virusnya.

    Cara Pemberantasan Virus Cinta
    Virus lokal bernama Siggen yang bertemakan cinta akan memblokir seluruh file berekstensi .zip, .rar dan .exe. Tujuannya, agar aplikasi antivirus tidak dapat mengapus program jahat ini.

    Namun setelah mengetahui ciri komputer yang terjangkit, ternyata ada beberapa cara sederhana untuk membasmi virus tersebut. Seperti yang dalam keterangan yang diterima detikINET dari vaksincom, Kamis (30/6/2011). 

    Caranya dimulai dengan:
    • Matikan proses virus yang aktif di memori. Sebagai informasi virus ini dibuat dengan menggunakan program Visual Basic (VB), sehingga relatif mudah untuk mematikan proses virus yang sedang aktif dengan menggunakan tools KillVB. Silahkan download tools tersebut di alamat berikut.

    • Perbaiki registry yang sudah di ubah oleh virus. Virus ini cukup banyak melakukan perubahan pada registry Windows, untuk mempercepat proses perbaikan copy script di bawah ini pada program notepad kemudian simpan dengan nama REPAIR.INF. Install file tersebut dengan cara : klik kanan REPAIR.INF, kemudian pilih [INSTALL] 

    Berikut script yang harus disalin:
    [Version]

    Signature="$Chicago$"
    Provider=Vaksincom Oyee

    [DefaultInstall]
    AddReg=UnhookRegKey

    DelReg=del
    [UnhookRegKey]

    HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
    HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
    HKLM, SOFTWARE\Classes\.zip,,, "winzip"
    HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
    HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"
    HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"

    [del]

    HKCU, Software\noF i T r I on Computer
    HKLM, SYSTEM\CurrentControlSet\Services\noF i T r I on Computer
    HKLM, SYSTEM\ControlSet001\Services\noF i T r I on Computer
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\noF i T r I on Computer
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AudioSystem.exe
    HKCU, Software\Policies\Microsoft\Windows\system, DisableCMD
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoClose
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoControlPanel
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NosaveSettings
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoStartMenuMorePrograms
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoViewContextMenu
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoViewonDrive
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableMsConfig
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
    HKCU, Control Panel\Desktop,SCRNSAVE.EXE
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AudioSystem.exe
    HKLM, SOFTWARE\noF i T r I on Computer
    HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, DisableMSI
    HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, LimitSystemRestoreCheckPointing
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\0000.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ahnlab.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansavd.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avas.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVG.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ccapp.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleaner.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanmgr.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DriverDetective.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DriverScanner.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Fixinstall.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\folderlockbox_setup.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Free Fire Screensaver.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Hunter.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install_flash_player.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISUNIST.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kaspersky.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keygen.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\limeware.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LNKSTUB.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mobsync.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOOBE.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msra.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAPSTAT.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETSETUP.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nip.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nipsvc.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Niu.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Njeeves.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32krn.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32kui.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Norman.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Norton.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvccf.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcoas.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcod.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcsched.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Panda.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMV-RTP.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppclean.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procexp.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regdir.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Restore my files.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rminstall.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTRUI.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityConfig.exe.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Smadav 2009 Rev. 3.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmaRTP.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Sophos.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symantec.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st5unst.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supercleaner.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Task.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Taskkill.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfnotice.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tiny.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trend.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrendAntiVirus.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojan Hunter.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojan.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanHunter.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TweakUi.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Unins.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Unins000.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Uninst.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Uninstall.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unlocer.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unlocker.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNWISE.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Upd.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Update.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V2iBrowser.exe.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VProConsole_.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinHIIP.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unwise32.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\youtubesetup.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ypsr.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ypsrru.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZoneLabs.exe
    • Munculkan seluruh file yang disembuyikan oleh Windows dengan cara Folder Option, lalu ke tabulasi View kemudian centangkan opsi show hidden files and folder.

    • Hapus file yang dibuat oleh virus termasuk di USB Flash. Untuk mempercepat proses penghapusan, Anda dapat menggunakan fungsi Search/Find dari Windows dengan kata kunci *.exe dan *.scr. Tapi ingat, jangan sampai salah menghapus file.

    File yang dibuat oleh virus ini memiliki ciri-ciri, berukuran 76 KB, tidak menyertakan icon, tipe file Application atau Screen Saver. Setelah itu kemudian hapus file berikut ini:

    • OBE.sacura [semua drive]

    • Autorun.inf [semua drive]

    • Folder [-], semua drive

    • Folder [Kasihku], semua drive

    • Folder [Koleksi ScreenSaver], semua drive

    • C:\WINDOWS\system32\blank.htm

    • C:\Documents and Settings\%user%\http_www.patah-hati.com

    Untuk pembersihan optimal, sebaiknya scan dengan menggunakan antivirus yang up-to-date, atau bisa menggunakan tools gratis Dr.Web CureIt yang bisa didapat melalui link berikut.





    Download Skrip Lengkapnya silahkan tekan tombol di bawah !


    Sumber: http://www.detikinet.com

    • 0 komentar:

    Posting Komentar

    ADA YANG BISA KAMI BANTU?

    Silahkan klik dan isi formulir yang telah kami sediakan, pastikan anda mengisi nomer kontak yang bisa kami hubungi.

    PESAN BANTUAN

    HUBUNGI KAMI

    ALAMAT

    Perum Puri Kosambi 1 Blok N No.3 Karawang

    EMAIL

    fastnetpuri@gmail.com
    enlaista@gmail.com

    KONTAK SIANG

    +62 812 86509718
    +62 858 11831768

    KONTAK MALAM

    0812 96508520,
    0822 60584723

    Copyright © 2017 Fast Net. Designed By Portfolio Blogger Dean Maestro™ | Distributed By FastNet
    Made With