My Blog

Manualisasi gw 4[virus]
03 Mar 2008 - 08:56:38 pm
Hawdi????!!!!

heheheh moga-moga aja ga bosen-bosen neeh dengar celotehan na gw di topic yang gw buat sendiri!!!!!!....
gini cerita kali ini.........
pasti rekan-rekan sekalian pernah nemuin kasus dimana ada file-file yang ber-ekstensi kan .EXE dan ber-Icon FOLDER..... yang mana ANTIVIRUS membaca na sebagai :

W32/wbworm.mxs
w32/lightmoon.gen5
w32/vbworm.mxd
w32/vbworm.mxr
w32/malware.bhkq

nah virus ini mempunyai gejala dimana setiap PC dalam keadaan aktif akan selalu menjalan pertahanan pada:

C:\windows\jpv2w5k\oro86s6l.com


ato juga file tersebut akan menjalan file-file yang berada pada:

C:\windows\jpv2w5k

ato lain na seperti:

services.exe
smss.exe
system.exe
winlogon.exe
lsass.exe

puji TUHAN untuk semua AV updatean terbaru sudah dapat mendeteksi varian tersebut......
nah namun akan menjadi MISSPOSTING jika gw ga beri manualisasi na didalam topic ini.....
lo pade bisa bikin lagi sebuah file BALIKIN.inf dengan source na kira-kira seperti ini:

[Version]
Signature="$Chicago$"
Provider=yooogy
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, "about:blank"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SOFTWARE\Classes\exefile,,,application
[del]
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableCMD
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKLM,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRecentDocsMenu
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSetFolders
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFind
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoTrayContextMenu
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoViewContextMenu
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,ShowSuperHidden
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
HKLM, SOFTWARE\Classes\exefile, NeverShowExt
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoPrinters
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoThemesTab
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,NoDispAppearancePage
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,NoDispScrSavPage
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,NoDispSettingsPage
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,ClassicShell
HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoThemesTab
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoInstrumentation
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoPrinters
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSetTaskbar
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSMHelp
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoStartMenuMorePrograms
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoThemesTabNoThemesTab
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoTrayContextMenu
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoUserNameInStartMenu
HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoClose
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoClose
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,HideClock
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,HideClock
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,NoDispAppearancePage
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,NoDispScrSavPage
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,NoDispSettingsPage
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,ClassicShell
HKLM,SOFTWARE\Policies\Microsoft\Windows\Installer, DisableMSI
HKLM,SOFTWARE\Policies\Microsoft\Windows\Installer,LimitSystemRestoreCheckpointing
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDiskCpl
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDesktop
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp, Disabled
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSaveSettings
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoControlPanel

setelah jadi lo hanya perlu klik kanan pada file BALIKIN.inf lalu klik INSTALL

semoga membantu
BRAVO

Issue by yooogy
Issue date Sun Jan 20, 2008 10:18 pm
Admin · 176 views · 0 comments
Categories: Windows, Virus

Permanent link to full entry

http://reagen.perfect-blog.net/My-Blog-b1/Manualisasi-gw-4virus-b1-p12.htm

Comments

No Comment for this post yet...


Leave a comment

New feedback status: Published





Your URL will be displayed.

 
Please enter the code written in the picture.


Comment text

Options
   (Set cookies for name, email and url)


  

Last Comment

replica watches of fake ...

2010-01-18 @ 02:31:51 am
by rolex


tag heuer and rolex ...

2010-01-18 @ 02:29:34 am
by rolex


rolex Replica Watches It may ...

2009-12-23 @ 07:48:17 am
by rolex watches


Even though rolex it is ...

2009-12-23 @ 06:28:00 am
by rolex


His replica watches death replica ...

2009-12-19 @ 02:52:12 am
by cartier watches


Calendar

March 2010
SunMonTueWedThuFriSat
 << < > >>
 123456
78910111213
14151617181920
21222324252627
28293031   


Announce

Who's Online?

Member: 0
Visitor: 1

rss Syndication

Archives

Links