Kamis, 19 Maret 2009
Identify Virus or Worm Downadup / Kido / Konficker
Downadup virus is infecting millions of computers around the world. He infect a computer through a network password, the Windows software that is not patched, and primarily through a USB stick. Because this virus can be men-disable auto update from Microsoft and the company's corporate anti-virus, the immune system your computer to be weak and vulnerable to attacks from outside.
How do we know whether a computer has this virus fell ill?
Usually after a computer-scanned with anti virus, we will get warning that the computer has been infected by our Downadup, Kido, or Conficker, which is usually mentioned with the names as follows:
• Net-Worm.Win32.Kido
• W32/Conficker.worm.gen
• Worm.Conficker
• W32.Downadup
• W32/Downadup.AL
• W32/Confick-A
• Win32/Conficker.A
• Local / Conficker
Then there connection and Windows Errors, among others:
• Auto update from Microsoft auto update and anti virus repeatedly failed
• Unable to update Windows Defender
• The random errors "svchost"
• Not able to browse sites that provide prophylactic for this virus (for example, can not browse to www.microsoft.com)
In addition, services Windows can not work, for example:
• wuauserv: Windows Automatic Update Service
• Bits: Background Intelligent Transfer Service
• wscsvc: Windows Security Center Service
• WinDefend: Windows Defender Service
• ERSvc: Windows Error Reporting Service
• WerSvc: Windows Error Reporting Service
How does the spread of this virus?
The virus is spread to the four ways, namely:
• With exploit Windows PC that has not been in the patch that is connected to a network
• With the attack of "brute force dictionary" of the administrator password using a weak password
• With menginfeksi removable drive stick (thumb drive)
• By using the Windows Scheduled tasks and Autorun menginfeksi back to a PC that has been cleaned with anti-virus (that is, not the trigger-happy anti-virus if we said that our computer is clean, because after re-start, the virus will be present again when re-scan )
Once on the computer, the virus will be this:
• Replicating itself into the Windows system folder (eg C: \ \ Windows \ System 32)
• Change the Windows registry
• Changing the access and right-click the registry keys so that users can not modify and delete
• able to make me restart when Windows start -
• Contact the site with a public IP address to find the IP address the computer we
• Download-version of a modified version of the virus itself from a number of websites based on the time and date that is very difficult to predict when there will be a
• Starting your own web server on port random from our PC to download the virus that has been modified
How to cope with the virus:
First, try get rid of the virus with a Microsoft Windows Malicious Software Removal Tool. However, if the computer has been infected with our virus, most likely all the sites that host this tool is already in the block-by. So we can download it for free from the Microsoft website's content distribution network in:
http://mscom-dlcecn.vo.llnwd.net/dow...90830-v2.6.exe
Vista for x64-based computer, Windows XP x64 and Windows 2003 x64, you can download the tool free of charge from:
http://mscom-dlcecn.vo.llnwd.net/dow...0-x64-v2.6.exe
If Windows fails tool, we can also try using the K7 or K7 Computing Antivirus Free Virus Removal Tool. Because the domain is also already in the block by the virus, use the link below to download:
http://70.32.74.100/tools/k7downadupremover.zip
After installation, the steps recommended to be done is:
• Meng-update version of this tool
• Me-restart Windows in safe mode
• Launch a full system scan
• Delete all files that have been infected with this virus
• Re-start Windows in normal mode
Fix Windows Registry
This virus, like the kind of other viruses, always momodifikasi Windows Registry. So do not forget to men-mem-scan and fix Windows Registry with regcure / Mindsoft Utilities / RegDefense or other similar tools.
After fixing windows registry, you are advised to always update your Windows.
Disable Autorun and AutoPlay
Highly recommended for men-disable Autorun and Auto (lay to prevent virus infection similar in the future.
Autorun and AutoPlayadalah one feauture default of Windows that enables the media and devices to launch the program by using the commands listed in the "autorun.inf" that are stored on the medium's root directory. The creator of malware is very like Autorun and AutoPlay difficult due to the easy to disable and exploited.
To men-disable Autorun and AutoPlay quickly and easily, we can do the following manner:
• Download a free tool DisableAuto 0.2 (Softpedia) free of charge from the website http://www.softpedia.com/get/Tweak/R...ableAuto.shtml
• Unzip the file to. Then will appear a reg file that is called "disableauto.reg"
• Double click the Reg file to modify the Registry
• Windows Reboot. Now AutoPlay and Autorun is disabled in the status. But we can still access and run all the media manually.
Welcome to try, hopefully successfully.
How do we know whether a computer has this virus fell ill?
Usually after a computer-scanned with anti virus, we will get warning that the computer has been infected by our Downadup, Kido, or Conficker, which is usually mentioned with the names as follows:
• Net-Worm.Win32.Kido
• W32/Conficker.worm.gen
• Worm.Conficker
• W32.Downadup
• W32/Downadup.AL
• W32/Confick-A
• Win32/Conficker.A
• Local / Conficker
Then there connection and Windows Errors, among others:
• Auto update from Microsoft auto update and anti virus repeatedly failed
• Unable to update Windows Defender
• The random errors "svchost"
• Not able to browse sites that provide prophylactic for this virus (for example, can not browse to www.microsoft.com)
In addition, services Windows can not work, for example:
• wuauserv: Windows Automatic Update Service
• Bits: Background Intelligent Transfer Service
• wscsvc: Windows Security Center Service
• WinDefend: Windows Defender Service
• ERSvc: Windows Error Reporting Service
• WerSvc: Windows Error Reporting Service
How does the spread of this virus?
The virus is spread to the four ways, namely:
• With exploit Windows PC that has not been in the patch that is connected to a network
• With the attack of "brute force dictionary" of the administrator password using a weak password
• With menginfeksi removable drive stick (thumb drive)
• By using the Windows Scheduled tasks and Autorun menginfeksi back to a PC that has been cleaned with anti-virus (that is, not the trigger-happy anti-virus if we said that our computer is clean, because after re-start, the virus will be present again when re-scan )
Once on the computer, the virus will be this:
• Replicating itself into the Windows system folder (eg C: \ \ Windows \ System 32)
• Change the Windows registry
• Changing the access and right-click the registry keys so that users can not modify and delete
• able to make me restart when Windows start -
• Contact the site with a public IP address to find the IP address the computer we
• Download-version of a modified version of the virus itself from a number of websites based on the time and date that is very difficult to predict when there will be a
• Starting your own web server on port random from our PC to download the virus that has been modified
How to cope with the virus:
First, try get rid of the virus with a Microsoft Windows Malicious Software Removal Tool. However, if the computer has been infected with our virus, most likely all the sites that host this tool is already in the block-by. So we can download it for free from the Microsoft website's content distribution network in:
http://mscom-dlcecn.vo.llnwd.net/dow...90830-v2.6.exe
Vista for x64-based computer, Windows XP x64 and Windows 2003 x64, you can download the tool free of charge from:
http://mscom-dlcecn.vo.llnwd.net/dow...0-x64-v2.6.exe
If Windows fails tool, we can also try using the K7 or K7 Computing Antivirus Free Virus Removal Tool. Because the domain is also already in the block by the virus, use the link below to download:
http://70.32.74.100/tools/k7downadupremover.zip
After installation, the steps recommended to be done is:
• Meng-update version of this tool
• Me-restart Windows in safe mode
• Launch a full system scan
• Delete all files that have been infected with this virus
• Re-start Windows in normal mode
Fix Windows Registry
This virus, like the kind of other viruses, always momodifikasi Windows Registry. So do not forget to men-mem-scan and fix Windows Registry with regcure / Mindsoft Utilities / RegDefense or other similar tools.
After fixing windows registry, you are advised to always update your Windows.
Disable Autorun and AutoPlay
Highly recommended for men-disable Autorun and Auto (lay to prevent virus infection similar in the future.
Autorun and AutoPlayadalah one feauture default of Windows that enables the media and devices to launch the program by using the commands listed in the "autorun.inf" that are stored on the medium's root directory. The creator of malware is very like Autorun and AutoPlay difficult due to the easy to disable and exploited.
To men-disable Autorun and AutoPlay quickly and easily, we can do the following manner:
• Download a free tool DisableAuto 0.2 (Softpedia) free of charge from the website http://www.softpedia.com/get/Tweak/R...ableAuto.shtml
• Unzip the file to. Then will appear a reg file that is called "disableauto.reg"
• Double click the Reg file to modify the Registry
• Windows Reboot. Now AutoPlay and Autorun is disabled in the status. But we can still access and run all the media manually.
Welcome to try, hopefully successfully.
Tackling RONTOKBRO Virus / BRORONTOK
Virus RONTOKBRO or BRONTOK
Brief Introduction:
This worm virus bertipe (can duplicate itself), and spread through
email attachment (email viruses).
Virus name: brorontok, Rontokbro, ..
The virus is spread kira2 the first time in September 2005, made by
Indonesian people because his email signature in Indonesia
and I also see the contents in the virus and binari and found
the names of the functions in an ascii code is the word language
such as keluarDOng (), etc ...
================================================== ========
Steps to clean your computer from viruses Barontok:
================================================== ========
(To win 95, 98, ME)
- Log in to safe mode: Reboot ago setelahh appear display bios
press Ctrl, select Safe mode and press enter
- Continue straight from step 5
(For Windows ME and XP)
Turn off Windows System Restore
Start-> Settings-> Control panel-> System or
Start-> Control Panel-> System
on the System restore tab ... select the option "Turn off System Restore"
(For Win 2000, XP Home / Pro, Server 2003)
1. Reboot and go into safe mode.
** Restart windows, the display appears after the BIOS and press F8, will be ad
options: Safe mode, Normal ,.... select safe mode and press enter
2. Then enter the windows login with administrator or other user of
have auth as administrator,
3. Create a new user account with the account type: Computer Administrator
ago logoff and login with the new account is created.
------------------------------------------
The Autostart virus in registry
------------------------------------------
4. Open regedit: Start menu-> Run-> Regedit.exe and press enter
In the left panel select key:
HKEY_LOCAL_MACHINE> SOFTWARE> Microsoft> Windows> CurrentVersion> Run
ago in the right pane, delete the key:
Bron-Spizaetus = "........"
In the left panel select key:
HKEY_CURRENT_USER> Software> Microsoft> Windows> CurrentVersion> Run
ago in the right pane, delete the key:
Tok-Cirrhatus = "......"
** Note:
If regedit can not be opened (error messages appear) .. This is
one due to virus barontok.
For files that have been made to overcome the problem page:
After the detach, right-click the file page and select "Install .."
ago continue step 4.
------------------------------------------------
The Autostart virus in Scheduled task
------------------------------------------------
5. Open Secheduled Task in the Control Panel:
Start-> Settings-> Control Panel-> Scheduled Task and press enter
Remove the task with the name "At1" or anything related to the virus.
Tip: Right-click the task-> properties, then see if the content and properties
ad contents of suspicious command example: BArontok.com, etc. .. remove
task is.
-------------------------------------------------- -------
Search and Delete files in the drive virus computer
-------------------------------------------------- -------
6. Enable the option Show hidden Files and Extension:
Start-> Settings-> Control panel or
Start-> Control Panel
Folder Options and click on the tab view options switch:
1. Show hidden files & Folders
and turn off the option
2. Hide Extensions for known file types
3. Hide Protected Operating System
7. Use Windows File Search:
Start-> Search and press enter
Search in all the ad windows drive: C, D, ....
Search for in the input files or folders names include:
*. exe
ago in the search options select option Size Range-> At most: 81 Kb
on the Advanced Options and select the option Search system folders,
search hidden files & folders, subfolders search
other options leave blank
Then click search now ..
In the search results in the right panel delete all the files:
1. size 80 kb ACCURATE AND
2. file its berekstensi *. exe / *. pif / *. com / *. bat AND
3. It has a file folder icon / windows directory
** Attention: delete only the files that meet ALL the above conditions
and NOT the one that meets only.
(Files that are frequently found: Barontok.com, ElnorB.exe, find this file)
* Tip: Sort search results based on size for easy
elimination
* Note: This is a heuristic based on experience
and experiments (eg: they found that virus-sized page 80 Kb)
selected for search is faster than the file see the pattern
satu2 manually:-p
7. Repeat steps 7 to-top search with the input file: *. pif, *. com, *. bat
8. Reboot and enter the windows as usual.
Brief Introduction:
This worm virus bertipe (can duplicate itself), and spread through
email attachment (email viruses).
Virus name: brorontok, Rontokbro, ..
The virus is spread kira2 the first time in September 2005, made by
Indonesian people because his email signature in Indonesia
and I also see the contents in the virus and binari and found
the names of the functions in an ascii code is the word language
such as keluarDOng (), etc ...
================================================== ========
Steps to clean your computer from viruses Barontok:
================================================== ========
(To win 95, 98, ME)
- Log in to safe mode: Reboot ago setelahh appear display bios
press Ctrl, select Safe mode and press enter
- Continue straight from step 5
(For Windows ME and XP)
Turn off Windows System Restore
Start-> Settings-> Control panel-> System or
Start-> Control Panel-> System
on the System restore tab ... select the option "Turn off System Restore"
(For Win 2000, XP Home / Pro, Server 2003)
1. Reboot and go into safe mode.
** Restart windows, the display appears after the BIOS and press F8, will be ad
options: Safe mode, Normal ,.... select safe mode and press enter
2. Then enter the windows login with administrator or other user of
have auth as administrator,
3. Create a new user account with the account type: Computer Administrator
ago logoff and login with the new account is created.
------------------------------------------
The Autostart virus in registry
------------------------------------------
4. Open regedit: Start menu-> Run-> Regedit.exe and press enter
In the left panel select key:
HKEY_LOCAL_MACHINE> SOFTWARE> Microsoft> Windows> CurrentVersion> Run
ago in the right pane, delete the key:
Bron-Spizaetus = "........"
In the left panel select key:
HKEY_CURRENT_USER> Software> Microsoft> Windows> CurrentVersion> Run
ago in the right pane, delete the key:
Tok-Cirrhatus = "......"
** Note:
If regedit can not be opened (error messages appear) .. This is
one due to virus barontok.
For files that have been made to overcome the problem page:
After the detach, right-click the file page and select "Install .."
ago continue step 4.
------------------------------------------------
The Autostart virus in Scheduled task
------------------------------------------------
5. Open Secheduled Task in the Control Panel:
Start-> Settings-> Control Panel-> Scheduled Task and press enter
Remove the task with the name "At1" or anything related to the virus.
Tip: Right-click the task-> properties, then see if the content and properties
ad contents of suspicious command example: BArontok.com, etc. .. remove
task is.
-------------------------------------------------- -------
Search and Delete files in the drive virus computer
-------------------------------------------------- -------
6. Enable the option Show hidden Files and Extension:
Start-> Settings-> Control panel or
Start-> Control Panel
Folder Options and click on the tab view options switch:
1. Show hidden files & Folders
and turn off the option
2. Hide Extensions for known file types
3. Hide Protected Operating System
7. Use Windows File Search:
Start-> Search and press enter
Search in all the ad windows drive: C, D, ....
Search for in the input files or folders names include:
*. exe
ago in the search options select option Size Range-> At most: 81 Kb
on the Advanced Options and select the option Search system folders,
search hidden files & folders, subfolders search
other options leave blank
Then click search now ..
In the search results in the right panel delete all the files:
1. size 80 kb ACCURATE AND
2. file its berekstensi *. exe / *. pif / *. com / *. bat AND
3. It has a file folder icon / windows directory
** Attention: delete only the files that meet ALL the above conditions
and NOT the one that meets only.
(Files that are frequently found: Barontok.com, ElnorB.exe, find this file)
* Tip: Sort search results based on size for easy
elimination
* Note: This is a heuristic based on experience
and experiments (eg: they found that virus-sized page 80 Kb)
selected for search is faster than the file see the pattern
satu2 manually:-p
7. Repeat steps 7 to-top search with the input file: *. pif, *. com, *. bat
8. Reboot and enter the windows as usual.
Recognize Trojan Horse Virus, How to prevent and cope
Trojan virus or Trojan Horse may have been in the often never see or hear how we detect the computer virus that is identified as a Trojan virus. May have thought that the name of a trojan virus is a computer such as the withdrawal of the names for example, a computer virus kangen virus, Brontok virus, and others.
Trojan Horse or Trojan can be called is actually a type / name of the virus not a virus. The term Trojan Horse legend drawn from the Ancient Greek story of the Trojan War or the War TROYA / Troy.
Kisahnya like this, (ndongeng first):
Alkisah Putra Mahkota Kingdom TROYA named Paris perselingkuhan involved with his wife Helen in the Greek officials. This is to make the kingdom of angry Greek and the kingdom TROYA. However bunker TROYA its very strong 10 years also does not give up.
Greek troops who have been desperate to use the underhand tactics, they leave the quasi-city TROYA and hiding behind the hill, but they leave the big horse statue from the wood is filled with elite Greek troops.
Population TROYA bersukaria already know the Greek army back, and a good horse statue monument diarak the Greek army entered the city TROYA.
On the night when residents and troops TROYA terlelap the elite troops in the horse statue TROYA out, opens the gateway to some of the Greek troops hiding in the outside gate, some of the vital objects TROYA kingdom. So hancurlah TROYA kingdom.
Nah, because there are computer viruses that have a character similar story Horses TROYA / some of the Trojan Horse virus to be classified as Trojan Horse virus.
Trojan virus is a program that consists of 2 parts, namely: the disusupkan victim to the computer with all the guile, and the only program that runs a computer hacker.
If the hacker successfully smuggle a computer program to the victim, the hacker can snoop and control (me-remote) computer activity from the victim computer hackers.
Trojan virus is very dangerous for the user that the computer network connected computer or internet, because it could be hackers can steal sensitive data such as email passwords, internet banking, paypal, e-gold, credit cards and others. If you frequently perform the online financial activities must ensure that your computer safe from virus-free.
To prevent and remove the Trojan virus make sure you install anti-virus, which is always ter-update, the default firewall from either Windows or from the outside also reduces the risk of computer diintai us or is from another computer.
Always waspadalah computer if you have something awkwardness, if not able to cope with anti-virus, just format the computer and re-install the operating system and software-sofwarenya. Avoid the use of illegal software / without plowing because we often realize that the software disusupi virus Trojan.
Tips so I hope that's useful.
Tags: anti trojan virus, computer network security, security of transactions on the Internet, prevent and cope with trojan horse virus, secure financial transactions online, the computer controls the other, remove trojan virus, security, trojan horse virus
Trojan Horse or Trojan can be called is actually a type / name of the virus not a virus. The term Trojan Horse legend drawn from the Ancient Greek story of the Trojan War or the War TROYA / Troy.
Kisahnya like this, (ndongeng first):
Alkisah Putra Mahkota Kingdom TROYA named Paris perselingkuhan involved with his wife Helen in the Greek officials. This is to make the kingdom of angry Greek and the kingdom TROYA. However bunker TROYA its very strong 10 years also does not give up.
Greek troops who have been desperate to use the underhand tactics, they leave the quasi-city TROYA and hiding behind the hill, but they leave the big horse statue from the wood is filled with elite Greek troops.
Population TROYA bersukaria already know the Greek army back, and a good horse statue monument diarak the Greek army entered the city TROYA.
On the night when residents and troops TROYA terlelap the elite troops in the horse statue TROYA out, opens the gateway to some of the Greek troops hiding in the outside gate, some of the vital objects TROYA kingdom. So hancurlah TROYA kingdom.
Nah, because there are computer viruses that have a character similar story Horses TROYA / some of the Trojan Horse virus to be classified as Trojan Horse virus.
Trojan virus is a program that consists of 2 parts, namely: the disusupkan victim to the computer with all the guile, and the only program that runs a computer hacker.
If the hacker successfully smuggle a computer program to the victim, the hacker can snoop and control (me-remote) computer activity from the victim computer hackers.
Trojan virus is very dangerous for the user that the computer network connected computer or internet, because it could be hackers can steal sensitive data such as email passwords, internet banking, paypal, e-gold, credit cards and others. If you frequently perform the online financial activities must ensure that your computer safe from virus-free.
To prevent and remove the Trojan virus make sure you install anti-virus, which is always ter-update, the default firewall from either Windows or from the outside also reduces the risk of computer diintai us or is from another computer.
Always waspadalah computer if you have something awkwardness, if not able to cope with anti-virus, just format the computer and re-install the operating system and software-sofwarenya. Avoid the use of illegal software / without plowing because we often realize that the software disusupi virus Trojan.
Tips so I hope that's useful.
Tags: anti trojan virus, computer network security, security of transactions on the Internet, prevent and cope with trojan horse virus, secure financial transactions online, the computer controls the other, remove trojan virus, security, trojan horse virus
what the meaning of viruses ?
A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.[1][2]
Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can use security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but most are surreptitious. This makes it hard for the average user to notice, find and disable and is why specialist anti-virus programs are now commonplace.
Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can use security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but most are surreptitious. This makes it hard for the average user to notice, find and disable and is why specialist anti-virus programs are now commonplace.
Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Langganan:
Postingan (Atom)