Virus lokal
bernama
Siggen yang
bertemakan
cinta akan
memblokir seluruh file
berekstensi .zip, .rar dan .exe.
Tujuannya, agar aplikasi
antivirus tidak dapat mengapus
program jahat ini.
Namun setelah mengetahui ciri
komputer yang terjangkit,
ternyata ada beberapa cara
sederhana untuk membasmi
virus tersebut.
Seperti
dalam keterangan yang diterima
dari vaksincom,
Caranya
dimulai dengan:
1. Matikan proses virus yang
aktif di memori. Sebagai
informasi virus ini dibuat dengan
menggunakan program Visual
Basic (VB), sehingga relatif
mudah untuk mematikan proses
virus yang sedang aktif dengan
menggunakan tools KillVB.
Silahkan download tools
tersebut di alamat http://yohan.es/killvb/
2. Perbaiki registry yang sudah
di ubah oleh virus. Virus ini cukup
banyak melakukan perubahan
pada registry Windows, untuk
mempercepat proses perbaikan
copy script di bawah ini pada
program notepad kemudian
simpan dengan nama
REPAIR.INF. Install file tersebut
dengan cara :
klik kanan REPAIR.INF
Kemudian pilih [INSTALL]
Berikut script yang harus disalin:
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES
\batfile\shell\open
\command,,,"""%1"" %*"
HKLM, Software\CLASSES
\comfile\shell\open
\command,,,"""%1"" %*"
HKLM, Software\CLASSES
\exefile\shell\open
\command,,,"""%1"" %*"
HKLM, Software\CLASSES
\piffile\shell\open
\command,,,"""%1"" %*"
HKLM, Software\CLASSES
\regfile\shell\open
\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES
\scrfile\shell\open
\command,,,"""%1"" %*"
HKLM, SOFTWARE\Classes
\.zip,,, "winzip"
HKLM, SYSTEM
\ControlSet001\Control
\SafeBoot, AlternateShell,0,
"cmd.exe"
HKLM, SYSTEM
\ControlSet002\Control
\SafeBoot, AlternateShell,0,
"cmd.exe"
HKLM, SYSTEM
\CurrentControlSet\Control
\SafeBoot, AlternateShell,0,
"cmd.exe"
[del]
HKCU, Software\noF i T r I on
Computer
HKLM, SYSTEM
\CurrentControlSet\Services
\noF i T r I on Computer
HKLM, SYSTEM
\ControlSet001\Services\noF i T
r I on Computer
HKLM, SOFTWARE\Microsoft
\Windows\CurrentVersion\App
Management\ARPCache\noF i T
r I on Computer
HKLM, SOFTWARE\Microsoft
\Windows\CurrentVersion\Run,
AudioSystem.exe
HKCU, Software\Policies
\Microsoft\Windows\system,
DisableCMD
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\Explorer, NoClose
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\Explorer, NoFind
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\Explorer,
NoFolderOptions
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\Explorer,
NoControlPanel
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\Explorer, NoRun
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\Explorer,
NosaveSettings
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\Explorer,
NoStartMenuMorePrograms
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\Explorer,
NoViewContextMenu
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\Explorer,
NoViewonDrive
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\System,
DisableMsConfig
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\System,
DisableRegistryTools
HKCU, Software\Microsoft
\Windows\CurrentVersion
\Policies\System,
DisableTaskMgr
HKCU, Control Panel
\Desktop,SCRNSAVE.EXE
HKLM, SOFTWARE\Microsoft
\Windows\CurrentVersion\Run,
AudioSystem.exe
HKLM, SOFTWARE\noF i T r I
on Computer
HKLM, SOFTWARE\Policies
\Microsoft\Windows\Installer,
DisableMSI
HKLM, SOFTWARE\Policies
\Microsoft\Windows\Installer,
LimitSystemRestoreCheckPointing
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\0000.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Ahnlab.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\ansavd.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\attrib.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Avas.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\AVG.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Ccapp.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\cclaw.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\ccleaner.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Cleaner.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\cleanmgr.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\DriverDetective.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\DriverScanner.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Fixinstall.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\folderlockbox_setup.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Free Fire Screensaver.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Hunter.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\install.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\install_flash_player.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\ISUNIST.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Kaspersky.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\keygen.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\limeware.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\LNKSTUB.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\mobsync.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\MSOOBE.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\msra.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\NAPSTAT.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\NETSETUP.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Nip.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Nipsvc.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Niu.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Njeeves.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\NOD32krn.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\NOD32kui.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Norman.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Norton.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Nvccf.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Nvcoas.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Nvcod.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Nvcsched.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Panda.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\PCMAV.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\PCMV-RTP.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\ppclean.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Procexp.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\regdir.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Restore my files.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\rminstall.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\RSTRUI.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\SecurityConfig.exe.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\setup.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Smadav 2009 Rev. 3.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\SmaRTP.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Sophos.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\symantec.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\st5unst.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\supercleaner.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Task.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Taskkill.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\tasklist.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\tfnotice.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Tiny.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Trend.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\TrendAntiVirus.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Trojan Hunter.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Trojan.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\TrojanHunter.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\TweakUi.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Unins.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Unins000.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Uninst.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Uninstall.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\unlocer.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\unlocker.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\UNWISE.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Upd.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Update.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\V2iBrowser.exe.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\VProConsole_.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\WinHIIP.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\unwise32.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\youtubesetup.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\ypsr.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\ypsrru.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Zanda.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\Zlh.exe
HKLM, SOFTWARE\Microsoft
\Windows NT\CurrentVersion
\Image File Execution Options
\ZoneLabs.exe
3. Munculkan seluruh file yang
disembuyikan oleh Windows
dengan cara Folder Option, lalu
ke tabulasi View kemudian
centangkan opsi show hidden
files and folder.
4. Hapus file yang dibuat oleh
virus termasuk di USB Flash.
Untuk mempercepat proses
penghapusan, Anda dapat
menggunakan fungsi Search/
Find dari Windows dengan kata
kunci *.exe dan *.scr. Tapi ingat,
jangan sampai salah menghapus
file.
File yang dibuat oleh virus ini
memiliki ciri-ciri, berukuran 76
KB, tidak menyertakan icon, tipe
file Application atau Screen
Saver. Setelah itu kemudian
hapus file berikut ini:
*OBE.sacura [semua drive]
Autorun.inf [semua drive]
Folder [-], semua drive
Folder [Kasihku], semua
drive
Folder [Koleksi
ScreenSaver], semua drive
*C:\WINDOWS
\system32\blank.htm
*C:\Documents and Settings
\%user%\http_www.patah-
hati.com
Untuk pembersihan optimal,
sebaiknya scan dengan
menggunakan antivirus yang up-
to-date, atau bisa menggunakan
tools gratis Dr.Web CureIt yang
bisa didapat melalui link berikut.
Cara Mudah Berantas VirusCinta
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar