If your business has suffered a virus attack and your network has been compromised, you'll need to act fast in order to prevent the virus from spreading to other computers on your network. Once a virus penetrates your security defenses, it can quickly rip through your network, destroying files, corrupting data, rendering applications useless and causing expensive lulls in productivity. The following recommendations will help you quickly get your small business back up and running again.
* Disconnect and isolate. If you suspect one of your computers has suffered a virus attack, immediately quarantine the computer by physically disconnecting it, as infected machines pose a danger to all other computers connected to the network. If you suspect other computers may be infected, even if they aren't displaying any symptoms, still treat them like they are. It's counter-productive to clean one machine while an infected computer is still connected to the network.
* Focus on the cleanup. Once you've physically disconnected the computer, focus on removing the malicious code. Use virus removal tools written for the specific virus causing the damage. Many of these tools can be found online. In addition, your antivirus software should have updates or patches available for the specific security threat. If your antivirus software hasn't been updated recently, be sure to do so.
* Reinstall your operating system. After a virus attack, damages may range from changed file names and obliterated files to permanently disabled software applications. The extent of the damage depends on the particular virus. If your operating system is completely destroyed, you'll need to reinstall your operating system by using the quick restore CD that came with your computer. This will restore your computer to its original configuration, meaning you'll lose any applications you may have installed or data files you may have saved. So before you begin the reinstallation process, make sure you have all the necessary information handy, including the original software, licenses, registration and serial numbers.
* Restore your data. This assumes you've been diligent about backing up your files. If you haven't been doing a regular backup of all the data and files on your computer's hard drive, your files will most likely be permanently lost. If this is the case, learn from your mistake and make sure to back up on a regular, ongoing basis. And keep in mind, not all viruses target data files. Some only attack applications.
* Scan for viruses. After restoring and reinstalling, perform a thorough virus scan of your network. Use the most recent virus definitions available for your antivirus software. Be careful not to overlook anything; scan all files and documents on all computers and servers on your network.
* Prevent future attacks. Run antivirus software and keep virus definitions current. Make sure your security patches are up-to-date. And if you haven't been running antivirus software, start doing so immediately to prevent future attacks. Also, if you lost data files in the recent attack, create and enforce a regular backup schedule. Change all of your passwords, including ISP access passwords, FTP, email and Web site passwords. Some viruses can capture or crack passwords, leading to future vulnerabilities. By changing your passwords, you'll be able to boost your security.
Above all, learn from your mistakes. If a virus penetrated your defenses, consider changing or enhancing your current security practices. Ask yourself why your previous security measures weren't effective. Did you need a firewall? Were you lax about updating virus definitions and security patches? Did you download files without scanning them first? Now is an ideal time to comb through, edit and reinforce your IT security policy, as you'll need to shore up the holes in your security practices. After all, prevention is always the best security policy.
Source:
http://www.thestreet.com/_googlen/smallbiz/entrepreneur
Update information about virus, spam, trojan, scam, malware, spyware and how to removal that all malicious program at your computer. Beside that also provide link for removal tool, update antivirus, best free antivirus software
Malware Removal and Prevention
There are a variety of reasons you may have arrived at Malware Removal and Prevention (MRP). If you are here to do a thorough system cleaning or just a checkup, then MRP will guide you through that process. Perhaps your computer is showing symptoms of infection: Popup ads, general sluggishness, or browser redirects, to a name a few. If that is the case, MRP will offer you a good chance at restoring your system to normalcy.
You may well have been instructed to complete Malware Removal before posting a HijackThis (HJT) log. HJT is a program which scans your system and allows you to create a log or report at the end of its analysis. The log created by the HJT lists many places on your computer that spyware and malware are known to target. The HJT staff are trained to interpret your HJT log and provide instructions which you can follow to repair your system.
Before posting your HijackThis log, we will have you run several malware removal programs and a system cleanup utility.HJT is an analysis and repair tool. It will not scan your entire system nor will it detect or delete all the files and registry entries associated with an infection. As such, it is extremely important to use the full system scanning tools we recommend before fixing anything with HJT. These automatic detection and removal programs address a broad spectrum of malware including adware, spyware, trojans, worms, viruses, and browser hijackers. We also advise you to run a system cleaning utility intended to improve your computer's overall performance and remove any infected files which may be hiding in your temporary folders.
This new preliminary scanning procedure will provide a dual benefit: Your computer will benefit from the thorough cleaning it provides. We in return, will benefit from being presented with a cleaner system profile containing only those infections which the automatic removal programs failed to eradicate.
It is possible that you may not even need to post a HijackThis log after completing the scans we suggest. If you are satisfied with your computer's performance, and feel your system is no longer infected, then you may decide to take that option. If that is the case, it is vitally important that you implement the safety suggestions presented in our Malware Prevention section to maintain your continued security. However, if you still feel that your system is infected or hijacked after completing the entire malware removal process, we invite you to post a log on the HijackThis forum.
Your compliance with this precleaning requirement, will allow the HijackThis staff to clean your infected machine much more efficiently. The resultant time savings will enable us to attend to a greater number of logs in a shorter period of time, thereby benefiting everyone involved.
Please follow all directions carefully. If at any point you need some sort of clarification, please, please, please ask us! As applicable, we have included links to the appropriate CastleCops forums. Finally, we would very much appreciate your feedback. Praise, suggestions, complaints, ... anything goes!
Source:
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
You may well have been instructed to complete Malware Removal before posting a HijackThis (HJT) log. HJT is a program which scans your system and allows you to create a log or report at the end of its analysis. The log created by the HJT lists many places on your computer that spyware and malware are known to target. The HJT staff are trained to interpret your HJT log and provide instructions which you can follow to repair your system.
Before posting your HijackThis log, we will have you run several malware removal programs and a system cleanup utility.HJT is an analysis and repair tool. It will not scan your entire system nor will it detect or delete all the files and registry entries associated with an infection. As such, it is extremely important to use the full system scanning tools we recommend before fixing anything with HJT. These automatic detection and removal programs address a broad spectrum of malware including adware, spyware, trojans, worms, viruses, and browser hijackers. We also advise you to run a system cleaning utility intended to improve your computer's overall performance and remove any infected files which may be hiding in your temporary folders.
This new preliminary scanning procedure will provide a dual benefit: Your computer will benefit from the thorough cleaning it provides. We in return, will benefit from being presented with a cleaner system profile containing only those infections which the automatic removal programs failed to eradicate.
It is possible that you may not even need to post a HijackThis log after completing the scans we suggest. If you are satisfied with your computer's performance, and feel your system is no longer infected, then you may decide to take that option. If that is the case, it is vitally important that you implement the safety suggestions presented in our Malware Prevention section to maintain your continued security. However, if you still feel that your system is infected or hijacked after completing the entire malware removal process, we invite you to post a log on the HijackThis forum.
Your compliance with this precleaning requirement, will allow the HijackThis staff to clean your infected machine much more efficiently. The resultant time savings will enable us to attend to a greater number of logs in a shorter period of time, thereby benefiting everyone involved.
Please follow all directions carefully. If at any point you need some sort of clarification, please, please, please ask us! As applicable, we have included links to the appropriate CastleCops forums. Finally, we would very much appreciate your feedback. Praise, suggestions, complaints, ... anything goes!
Source:
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
Anti-Virus Guide
Important Tips
* Watch Out -- Do not buy or download any antivirus software without checking this list first: The 69 Worst Antivirus Scanners, Mary Landesman, antivirus.about.com, September 15, 2008.
* Just One, Not Two -- Never use two anti-virus products at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility or if not available, use the Windows XP add/remove software tool in the control panel.
* Patches & Updates -- Anti-virus software is only as effective as its most recent update because it is inherently reactive treating "known" threats. So when you install anti-virus software, go to the vendor's web site and update the program and virus definitions immediately and then turn on the auto update feature (if it has one). If you want to be ready for the next big bad thing before your anti-virus signatures can be updated, consider Zero-Day Protection.
* Get Online Protection Too -- Consider using an Internet service provider or email service that includes server side anti-virus and spam email filtering as a second layer of defense. If possible, use different anti-virus software on your home computer than your ISP or service uses on their servers.
* Consider a Gateway -- A Broadband Gateway product between your modem and network can screen out viruses before they hit your computer(s).
* Spyware & Trojan Horses -- Some anti-virus software products now include anti-spyware and some anti-spyware products have added anti-virus. In addition, some of these products include anti-trojan, anti-worm and other anti-malware features. Before relying on a single security product, carefully review the vendor's list of features and study comparative test results if available. See Editorial - Do you really need a spyware scanner? Gizmo Richards' Support Alert Newsletter, April 17, 2008. Also see our Security Suite, Anti-Spyware, Anti-Trojan and Zero-Day Protection pages.
* Prices -- See our custom Anti-Virus Price List powered by Amazon.com
Source: http://www.firewallguide.com
* Watch Out -- Do not buy or download any antivirus software without checking this list first: The 69 Worst Antivirus Scanners, Mary Landesman, antivirus.about.com, September 15, 2008.
* Just One, Not Two -- Never use two anti-virus products at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility or if not available, use the Windows XP add/remove software tool in the control panel.
* Patches & Updates -- Anti-virus software is only as effective as its most recent update because it is inherently reactive treating "known" threats. So when you install anti-virus software, go to the vendor's web site and update the program and virus definitions immediately and then turn on the auto update feature (if it has one). If you want to be ready for the next big bad thing before your anti-virus signatures can be updated, consider Zero-Day Protection.
* Get Online Protection Too -- Consider using an Internet service provider or email service that includes server side anti-virus and spam email filtering as a second layer of defense. If possible, use different anti-virus software on your home computer than your ISP or service uses on their servers.
* Consider a Gateway -- A Broadband Gateway product between your modem and network can screen out viruses before they hit your computer(s).
* Spyware & Trojan Horses -- Some anti-virus software products now include anti-spyware and some anti-spyware products have added anti-virus. In addition, some of these products include anti-trojan, anti-worm and other anti-malware features. Before relying on a single security product, carefully review the vendor's list of features and study comparative test results if available. See Editorial - Do you really need a spyware scanner? Gizmo Richards' Support Alert Newsletter, April 17, 2008. Also see our Security Suite, Anti-Spyware, Anti-Trojan and Zero-Day Protection pages.
* Prices -- See our custom Anti-Virus Price List powered by Amazon.com
Source: http://www.firewallguide.com
Using virus protection features in Outlook Express 6
Using Internet Explorer Security Zone to Disable Active Content in Hypertext Markup Language (HTML) E-mail
Security zones enable you to choose whether active content, such as ActiveX Controls and scripts, can be run from inside HTML e-mail messages in Outlook Express. By default, Outlook Express 6 uses the Restricted Zone instead of the Internet Zone. Microsoft Outlook Express 5.0 and Microsoft Outlook Express 5.5 used the Internet zone, which enable most active content to run. To customize your Internet Explorer security zone settings for Outlook Express:
CAUTION: Changing security zone settings can expose your computer to potentially damaging code. Use caution when you change these settings.
1. Start Outlook Express, and then on the Tools menu, click Options.
2. Click the Security tab, and then click either Restricted Sites Zone or Internet Zone (less secure, but more functional) in the Virus Protection section under Select the Internet Explorer security zone to use.
3. Click OK to close the Options dialog box, and then quit Outlook Express.
4. Start Internet Explorer, click Internet Options on the Tools menu, and then click Security.
5. Click Custom Level for the security zone that you selected in Outlook Express. The security settings that you choose apply to Outlook Express as well as Internet Explorer.
How to Read all Messages in Plain Text (Service Pack 1 Only)
Starting with Service Pack 1, you can configure Outlook Express to read all e-mail in plain text format. Some HTML e-mail may not appear correctly in plain text, but no active content in the e-mail is run when you enable this setting. To read all messages as plain text in Outlook Express Service Pack 1:
1. Start Outlook Express, and then on the Tools menu, click Options.
2. Click the Read tab, and then click to select the Read all messages in plain text check box under Reading Messages.
3. Click OK
How to Prevent Programs from Sending E-mail Without Your Approval
If you configure Outlook Express as the default mail handler (or simple MAPI client) on the General tab, Outlook Express processes requests by using Simple MAPI calls. Some viruses can use this functionality and spread by sending copies of e-mail messages that contain the virus to your contacts. By default, Outlook Express 6 prevents e-mail messages from being sent programmatically from Outlook Express without your knowledge by displaying a dialog that enables you to send or not to send the e-mail message.
Using the Internet Explorer Unsafe File List to Filter E-mail Attachments
To use the Internet Explorer unsafe file list to filter e-mail attachments:
1. Start Outlook Express, and then on the Tools menu, click Options.
2. Click the Security tab, and then click to select the Do not allow attachments to be saved or opened that could potentially be a virus check box under Virus Protection.
This option is enabled by default in Outlook Express Service Pack 1 (SP1). If you enable this option, Outlook Express uses the Internet Explorer 6 unsafe file list and the Confirm open after download setting in Folder Options to determine whether a file is safe. Any e-mail attachment with a file type reported as "unsafe" is blocked from being downloaded.
NOTE: The Internet Explorer 6 unsafe file list includes any file types that may have script or code associated with them. To add additional file types to be blocked or remove file types that should not be blocked:
1. Click Start, point to Settings (or click Control Panel), and then click Control Panel (or switch to Classic View or View All Control Panel Options).
2. Double-click Folder Options.
3. On the File Types tab, click to select the file type that you want to block or allow, and then click Advanced. If the file type you want to add is not listed, perform the following steps:
1. Click New.
2. In the Create New Extension dialog box, type the file extension you want to add to the unsafe file list.
3. Click OK, and then click Advanced.
4. Click to place a check mark (block) or remove the check mark (allow) from the Confirm open after download check box.
NOTE: You cannot remove the check from Confirm open after download to allow some file types. For example, .exe files are in the default unsafe file list in Internet Explorer and cannot be allowed.
How to Determine When Outlook Express Has Blocked an Attachment
When Outlook Express blocks an attachment, the following alert is displayed in the message alert bar at the top of the e-mail message:
Outlook Express removed access to the following unsafe attachments in your mail: file_name1, file_name2, and so on.
Source: http://support.microsoft.com
Security zones enable you to choose whether active content, such as ActiveX Controls and scripts, can be run from inside HTML e-mail messages in Outlook Express. By default, Outlook Express 6 uses the Restricted Zone instead of the Internet Zone. Microsoft Outlook Express 5.0 and Microsoft Outlook Express 5.5 used the Internet zone, which enable most active content to run. To customize your Internet Explorer security zone settings for Outlook Express:
CAUTION: Changing security zone settings can expose your computer to potentially damaging code. Use caution when you change these settings.
1. Start Outlook Express, and then on the Tools menu, click Options.
2. Click the Security tab, and then click either Restricted Sites Zone or Internet Zone (less secure, but more functional) in the Virus Protection section under Select the Internet Explorer security zone to use.
3. Click OK to close the Options dialog box, and then quit Outlook Express.
4. Start Internet Explorer, click Internet Options on the Tools menu, and then click Security.
5. Click Custom Level for the security zone that you selected in Outlook Express. The security settings that you choose apply to Outlook Express as well as Internet Explorer.
How to Read all Messages in Plain Text (Service Pack 1 Only)
Starting with Service Pack 1, you can configure Outlook Express to read all e-mail in plain text format. Some HTML e-mail may not appear correctly in plain text, but no active content in the e-mail is run when you enable this setting. To read all messages as plain text in Outlook Express Service Pack 1:
1. Start Outlook Express, and then on the Tools menu, click Options.
2. Click the Read tab, and then click to select the Read all messages in plain text check box under Reading Messages.
3. Click OK
How to Prevent Programs from Sending E-mail Without Your Approval
If you configure Outlook Express as the default mail handler (or simple MAPI client) on the General tab, Outlook Express processes requests by using Simple MAPI calls. Some viruses can use this functionality and spread by sending copies of e-mail messages that contain the virus to your contacts. By default, Outlook Express 6 prevents e-mail messages from being sent programmatically from Outlook Express without your knowledge by displaying a dialog that enables you to send or not to send the e-mail message.
Using the Internet Explorer Unsafe File List to Filter E-mail Attachments
To use the Internet Explorer unsafe file list to filter e-mail attachments:
1. Start Outlook Express, and then on the Tools menu, click Options.
2. Click the Security tab, and then click to select the Do not allow attachments to be saved or opened that could potentially be a virus check box under Virus Protection.
This option is enabled by default in Outlook Express Service Pack 1 (SP1). If you enable this option, Outlook Express uses the Internet Explorer 6 unsafe file list and the Confirm open after download setting in Folder Options to determine whether a file is safe. Any e-mail attachment with a file type reported as "unsafe" is blocked from being downloaded.
NOTE: The Internet Explorer 6 unsafe file list includes any file types that may have script or code associated with them. To add additional file types to be blocked or remove file types that should not be blocked:
1. Click Start, point to Settings (or click Control Panel), and then click Control Panel (or switch to Classic View or View All Control Panel Options).
2. Double-click Folder Options.
3. On the File Types tab, click to select the file type that you want to block or allow, and then click Advanced. If the file type you want to add is not listed, perform the following steps:
1. Click New.
2. In the Create New Extension dialog box, type the file extension you want to add to the unsafe file list.
3. Click OK, and then click Advanced.
4. Click to place a check mark (block) or remove the check mark (allow) from the Confirm open after download check box.
NOTE: You cannot remove the check from Confirm open after download to allow some file types. For example, .exe files are in the default unsafe file list in Internet Explorer and cannot be allowed.
How to Determine When Outlook Express Has Blocked an Attachment
When Outlook Express blocks an attachment, the following alert is displayed in the message alert bar at the top of the e-mail message:
Outlook Express removed access to the following unsafe attachments in your mail: file_name1, file_name2, and so on.
Source: http://support.microsoft.com
Top 6 Most Effective Tips to Avoid Getting Spam Altogether
The best way to avoid spam is not getting on spammers' lists in the first place. Find out how to use disposable addresses, obfuscation and your watchful eye to steer clear of spam altogether.
Already Getting Spam?
If you already get spam, try filtering the existing:
* Best Free Windows Spam Filters
* Top Mac Spam Filters
* Linux and Unix Spam Filters
* Spam Filtering Services
* More Spam Fighting Tips
1. Stop Spam with Disposable Email Addresses
You've read it here, and you know it well: using your real, primary email address anywhere on the Web puts it at risk of being picked up by spammers. And once an email address is in the hands of one spammer, your Inbox is sure to be filled with lots of not-so-delicious spam every day. But what should you use instead of a real email address? Use...
2. Watch Out for Those Checkboxes
When you sign up for something on the Web, there is often some innocent-looking text at the end of the form saying something like: "YES, I want to be contacted by select third parties concerning products I might be interested in." Quite often, the checkbox next to that text is already checked and your email address will be given to you don't know who. To avoid that...
3. Disguise Your Email Address in Newsgroups, Forums, Blog Comments, Chat
Spammers use special programs that extract email addresses from Web sites and Usenet postings. To avoid ending on a spammer's mailing list when you post to a Web forum or a newsgroup, you can...
4. How Long, Complicated Email Addresses Beat Spammers
Spam will, eventually, make it to any mailbox. Any? Here's how to make it hard for spammers to guess your address.
5. Use Disposable Email Addresses at Your Web Site
Using disposable email addresses in forms on the Web and for mailing lists is a great way to stop spam. But with a little effort you can even use them on your home page, too, and allow legitimate mail from unknown senders while keeping out spam...
6. Domain Owners: Set up Throwaway Addresses to Fight Spam
If you own a domain name, you have a great anti-spam tool at hand: your mail server. All mail to a address at your domain that does not already exist (such as "quaxidudel@example.com") is forwarded to your main account by default. You can use this feature to...
Source: http://email.about.com/od/spamandgettingridofit/tp/most_effective.htm
Already Getting Spam?
If you already get spam, try filtering the existing:
* Best Free Windows Spam Filters
* Top Mac Spam Filters
* Linux and Unix Spam Filters
* Spam Filtering Services
* More Spam Fighting Tips
1. Stop Spam with Disposable Email Addresses
You've read it here, and you know it well: using your real, primary email address anywhere on the Web puts it at risk of being picked up by spammers. And once an email address is in the hands of one spammer, your Inbox is sure to be filled with lots of not-so-delicious spam every day. But what should you use instead of a real email address? Use...
2. Watch Out for Those Checkboxes
When you sign up for something on the Web, there is often some innocent-looking text at the end of the form saying something like: "YES, I want to be contacted by select third parties concerning products I might be interested in." Quite often, the checkbox next to that text is already checked and your email address will be given to you don't know who. To avoid that...
3. Disguise Your Email Address in Newsgroups, Forums, Blog Comments, Chat
Spammers use special programs that extract email addresses from Web sites and Usenet postings. To avoid ending on a spammer's mailing list when you post to a Web forum or a newsgroup, you can...
4. How Long, Complicated Email Addresses Beat Spammers
Spam will, eventually, make it to any mailbox. Any? Here's how to make it hard for spammers to guess your address.
5. Use Disposable Email Addresses at Your Web Site
Using disposable email addresses in forms on the Web and for mailing lists is a great way to stop spam. But with a little effort you can even use them on your home page, too, and allow legitimate mail from unknown senders while keeping out spam...
6. Domain Owners: Set up Throwaway Addresses to Fight Spam
If you own a domain name, you have a great anti-spam tool at hand: your mail server. All mail to a address at your domain that does not already exist (such as "quaxidudel@example.com") is forwarded to your main account by default. You can use this feature to...
Source: http://email.about.com/od/spamandgettingridofit/tp/most_effective.htm
Manual Removal of W32/OnLineGames.TRQA Trojan
Manual Removal of W32/OnLineGames.TRQA Trojan
W32/OnLineGames.TRQA is a Trojan. The trojan will infect Windows systems.
The trojan may be dropped by other malware or may be downloaded from remote website by other malware.
This trojan first appeared on December 12, 2008.Other names of W32/OnLineGames.TRQA Trojan:
This trojan is also known as GameThief.Win32.OnLineGames.trqa, TSPY_MMORPG.CE.
Damage Level : High/ Medium
Distribution Level: High/ Medium
There is NO Auto Removal Tool for W32/OnLineGames.TRQA Trojan
Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
* %System32%\msupdt.exe
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
Manually Remove From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.
Registry Entries are Unknown
_+ Any of the Above Listed Files +_
Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.
Exit the Registry Editor,
Restart your Computer.
Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
Source: http://www.windowsvistaplace.com/manual-removal-of-w32onlinegamestrqa-trojan/windows
W32/OnLineGames.TRQA is a Trojan. The trojan will infect Windows systems.
The trojan may be dropped by other malware or may be downloaded from remote website by other malware.
This trojan first appeared on December 12, 2008.Other names of W32/OnLineGames.TRQA Trojan:
This trojan is also known as GameThief.Win32.OnLineGames.trqa, TSPY_MMORPG.CE.
Damage Level : High/ Medium
Distribution Level: High/ Medium
There is NO Auto Removal Tool for W32/OnLineGames.TRQA Trojan
Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
* %System32%\msupdt.exe
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
Manually Remove From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.
Registry Entries are Unknown
_+ Any of the Above Listed Files +_
Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.
Exit the Registry Editor,
Restart your Computer.
Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
Source: http://www.windowsvistaplace.com/manual-removal-of-w32onlinegamestrqa-trojan/windows
XoftSpy Software Trojan Remover
XoftSpy offers a couple extremely useful features including Trojan.Vundo removal which allows you to remove this pop-up trojan virus which displays multiple pop up advertisements on your Internet Explorer browser.
XoftSpy will remove the following trojans:
* Trojan horse Generic8.ODJ
* Trojan horse dropper.generic.OAC
* Trojan horse BackDoor.Generic9.ACJW
* Trojan horse Generic - c.EQ - INFECTED
* Trojan Horse Generic
* Trojan horse Dropper.Delf.3.L
* Trojan horse proxy.BUF
* Trojan horse flooder.ake
* Trojan Horse Psw
* Trojan horse Generic9.AAVJ
* Trojan Horse Generic 10 FX
* Trojan Horse Small 28 AU
* Trojan horse Downloader.Small.18.T
XoftSpy alsos offer email protection, and will protect your computer from harmful .exe attachments that are actually trojans trying to allow hackers to gain access to your computer and display frustrating Pop-Up advertisements to more serious hacker threats.
Spyware is a serious threat and careful consideration should be taken to ensure the right choice for your particular situation. You can consult the reviews below to make certain you find the right solution for your spyware problems.
Source: http://spywareremovercompare.blogspot.com/
XoftSpy will remove the following trojans:
* Trojan horse Generic8.ODJ
* Trojan horse dropper.generic.OAC
* Trojan horse BackDoor.Generic9.ACJW
* Trojan horse Generic - c.EQ - INFECTED
* Trojan Horse Generic
* Trojan horse Dropper.Delf.3.L
* Trojan horse proxy.BUF
* Trojan horse flooder.ake
* Trojan Horse Psw
* Trojan horse Generic9.AAVJ
* Trojan Horse Generic 10 FX
* Trojan Horse Small 28 AU
* Trojan horse Downloader.Small.18.T
XoftSpy alsos offer email protection, and will protect your computer from harmful .exe attachments that are actually trojans trying to allow hackers to gain access to your computer and display frustrating Pop-Up advertisements to more serious hacker threats.
Spyware is a serious threat and careful consideration should be taken to ensure the right choice for your particular situation. You can consult the reviews below to make certain you find the right solution for your spyware problems.
Source: http://spywareremovercompare.blogspot.com/
Win32 Trojan Virus - How to Remove
Trojan.Win32 is a file installed by rogue anti-spyware program. This is caused by a malicious software engineered by internet hackers which when installed generates a pop up message. This is a fake message informing you to purchase their "anti spyware" in order to remove the trojan.
The following manual process will help you remove it from your system safely.
Trojan.Win32 Manual Removal Process:
1. First, Click on the Start Menu button followed by the Control Panel option. Then Double-click on the Add or Remove Programs icon.
2. Locate Trojan.Win32 and double-click on it to uninstall Trojan.Win32. Follow the screen step-by-step screen instructions provided to you to complete uninstallation of Trojan.Win32.
3. Restart the computer.
4. After the un-installation process has completed, close "Add or Remove Programs" and your Control Panel.
5. Close all programs.
6. Stop Trojan.Win32 process. You can do this by
- Right-click the taskbar, and then click Task Manager .
- In Task Manager , click the Processes tab to see a list of running processes.
- Select the process that you want to stop.
- Right-click on the intended process, then select "End task".
- Done.
7. Search for the following files and delete these infected files from your system.
windivx.dll
stream32a.dll
vipextqtr.dll
ecxwp.dll
8. Rename the files that you found above to "foundbadfile1.dll" and "foundbadfile2.dll" (if you can not rename this file, then try to restart your computer in safe mode then try to rename this file.)
9. Go to C:\Program Files\ folder and delete the "VirusProtect 3.8? folder (if you can't delete it, reboot your computer to safe mode then delete the folder)
10. Restart your computer
11. Go to your computer and delete the "foundbadfile1.dll" and "foundbadfile2.dll" file
13. You have just removed Trojan.Win32 from your computer manually.
The easier way is to get a reputable anti trojan program, that removes Win32 Trojan Virus as well as detects intrusions from other worse trojans, such as credit card and password stealing trojans.
The following manual process will help you remove it from your system safely.
Trojan.Win32 Manual Removal Process:
1. First, Click on the Start Menu button followed by the Control Panel option. Then Double-click on the Add or Remove Programs icon.
2. Locate Trojan.Win32 and double-click on it to uninstall Trojan.Win32. Follow the screen step-by-step screen instructions provided to you to complete uninstallation of Trojan.Win32.
3. Restart the computer.
4. After the un-installation process has completed, close "Add or Remove Programs" and your Control Panel.
5. Close all programs.
6. Stop Trojan.Win32 process. You can do this by
- Right-click the taskbar, and then click Task Manager .
- In Task Manager , click the Processes tab to see a list of running processes.
- Select the process that you want to stop.
- Right-click on the intended process, then select "End task".
- Done.
7. Search for the following files and delete these infected files from your system.
windivx.dll
stream32a.dll
vipextqtr.dll
ecxwp.dll
8. Rename the files that you found above to "foundbadfile1.dll" and "foundbadfile2.dll" (if you can not rename this file, then try to restart your computer in safe mode then try to rename this file.)
9. Go to C:\Program Files\ folder and delete the "VirusProtect 3.8? folder (if you can't delete it, reboot your computer to safe mode then delete the folder)
10. Restart your computer
11. Go to your computer and delete the "foundbadfile1.dll" and "foundbadfile2.dll" file
13. You have just removed Trojan.Win32 from your computer manually.
The easier way is to get a reputable anti trojan program, that removes Win32 Trojan Virus as well as detects intrusions from other worse trojans, such as credit card and password stealing trojans.
Virus Di Tahun 2008
Sang Perawan
Sang Perawan pada dua bulan pertama tahun 2008 mencatat kesuksesan besar dalam penyebarannya karena tidak terdeteksi oleh antivirus. Norman Virus Control mendeteksi Sang Perawan sebagai W32/VBWorm.GZH sejak bulan Juli 2007. Virus yang lebih populer dikenal dengan nama W32/Dewi atau Sang Perawan dan mengganas pada bulan Februari 2008 ini memiliki ciri khas menginjeksi file gambar berformat JPEG (Joint Photographics Expert Group). Dua varian Sang Perawan yang ditemukan ini masing-masing memiliki ukuran asli sebesar 301 KB dan 91 KB (lihat gambar 1). Karena itu, file JPEG yang di injeksi kedua virus ini akan berubah menjadi.EXE dan bertambah ukurannya sebesar 301 KB atau 91 KB (tergantung varian yang menginfeksi) dan celakanya, file JPEG tersebut menjadi error dan tidak bisa dibuka kembali.
Stargate
“Jika Ingin Menggapai Mimpi Yang Lebih Indah, Laksanakan dan Kerjakan”. Demikianlah pesan yang muncul setiap kali komputer yang terinfeksi virus Stargate atau W32/Agent.DRUU ini menjalankan Internet Explorer yang akan membuka file St4rgt.html. Stargate akan memalsukan dirinya dengan icon folder dan virus ini termasuk sulit untuk dibersihkan karena ia akan melakukan redirect file eksekusi untuk menjalankan dirinya. Selain itu virus ini juga berusaha melumpuhkan beberapa antivirus sehingga tidak dapat berfungsi dengan baik. Satu hal yang perlu menjadi catatan yang menarik adalah perhatian virus ini pada secpol.msc (Security Policy) dan gpedit.msc (Group Policy Editor) dimana pembuat virus ini secara khusus melakukan pemblokiran pada secpol dan gpedit sehingga akan komputer yang terinfeksi Stargate akan menampilkan pesan error setiap kali menjalankan kedua palikasi di atas.
Hokage
Bagi anda penggemar Manga, tentunya tahu cerita Naruto. Ninja dari desa Konoha yang berambisi menjadi Hokage (Kepala Suku). Rupanya ada pembuat virus yang juga penggemar Naruto dan selain memalsukan dirinya dengan icon Winamp, merubah icon Flash Disk pada Windows Explorer menjadi icon Winamp, virus ini juga menamai file induknya sebagai “HokageFile.exe”.
Hokage yang di deteksi Norman sebagai VBWorm.gen16 ini juga memiliki kemampuan menginfeksi komputer / Flash Disk secara otomatis dengan memanfaatkan fitur autorun. Virus yang disinyalir berasal dari Kalimantan Tengah/ Sampit ini tidak tanggung-tanggung membuat file autorun.inf, desktop.ini dan folder.htt yang semuanya bertujuan untuk mengeksekusi file dengan nama “Hokagefile.exe” yang merupakan file induk dari virus ini.
VBS/Repulik (Republik)
Virus yang terdeteksi oleh Norman sebagai VBS/Repulik ini melakukan aksi mirip Kespo menginjeksi file MS Office. Bedanya kalau Kespo mengincar file di komputer, Repulik merubah file MS Office di Flash Disk dan menginjeksinya dengan dirinya. File MS Word dan Excel yang di injeksi akan bertambah ukurannya sebesar 5 KB dan menjadi file virus, tetapi ekstensi file juga berubah menjadi ekstensi ganda. Misalnya file asli memiliki nama dokumen.doc, setelah di injeksi Repulik ukurannya akan bertambah 5 KB dan iconnya akan berubah menjadi VBS (Visual Basic Script) sehingga mudah dikenali.
Jika file anda di injeksi oleh virus ini, jangan putus asa dulu, karena anda bisa mendapatkan tools mengembalikan file ini di DVD Chip. Jalankan file “Splitter_VBS2DOC_XLS” untuk mengembalikan file asli anda yang telah di injeksi oleh Repulik.
Amburadul
Ibarat lagu “SMS” yang populer sehingga memunculkan lagu “Jawaban SMS”. Pembuat virus Hokage yang berasal dari Sampit memunculkan pembuat virus lain yang juga berasal dari Kalimantan Tengah dan selain berusaha membasmi virus Hokage, virus Amburadul ini juga mempromosikan kota Palangkaraya sebagai tempat wisata dengan menggunakan nama Jembatan Kahayan sebagai nama file virus. Virus yang memalsukan diri sebagai file JPG ini memiliki cukup banyak varian dengan ukuran yang bervariasi, dari 51 KB s/d 56 KB dan terdeteksi oleh Norman sebagai W32/Autorun dan W32/Agent.
Source Information: http://vaksin.com/2008/1108/q1/q1.htm
Sang Perawan pada dua bulan pertama tahun 2008 mencatat kesuksesan besar dalam penyebarannya karena tidak terdeteksi oleh antivirus. Norman Virus Control mendeteksi Sang Perawan sebagai W32/VBWorm.GZH sejak bulan Juli 2007. Virus yang lebih populer dikenal dengan nama W32/Dewi atau Sang Perawan dan mengganas pada bulan Februari 2008 ini memiliki ciri khas menginjeksi file gambar berformat JPEG (Joint Photographics Expert Group). Dua varian Sang Perawan yang ditemukan ini masing-masing memiliki ukuran asli sebesar 301 KB dan 91 KB (lihat gambar 1). Karena itu, file JPEG yang di injeksi kedua virus ini akan berubah menjadi.EXE dan bertambah ukurannya sebesar 301 KB atau 91 KB (tergantung varian yang menginfeksi) dan celakanya, file JPEG tersebut menjadi error dan tidak bisa dibuka kembali.
Stargate
“Jika Ingin Menggapai Mimpi Yang Lebih Indah, Laksanakan dan Kerjakan”. Demikianlah pesan yang muncul setiap kali komputer yang terinfeksi virus Stargate atau W32/Agent.DRUU ini menjalankan Internet Explorer yang akan membuka file St4rgt.html. Stargate akan memalsukan dirinya dengan icon folder dan virus ini termasuk sulit untuk dibersihkan karena ia akan melakukan redirect file eksekusi untuk menjalankan dirinya. Selain itu virus ini juga berusaha melumpuhkan beberapa antivirus sehingga tidak dapat berfungsi dengan baik. Satu hal yang perlu menjadi catatan yang menarik adalah perhatian virus ini pada secpol.msc (Security Policy) dan gpedit.msc (Group Policy Editor) dimana pembuat virus ini secara khusus melakukan pemblokiran pada secpol dan gpedit sehingga akan komputer yang terinfeksi Stargate akan menampilkan pesan error setiap kali menjalankan kedua palikasi di atas.
Hokage
Bagi anda penggemar Manga, tentunya tahu cerita Naruto. Ninja dari desa Konoha yang berambisi menjadi Hokage (Kepala Suku). Rupanya ada pembuat virus yang juga penggemar Naruto dan selain memalsukan dirinya dengan icon Winamp, merubah icon Flash Disk pada Windows Explorer menjadi icon Winamp, virus ini juga menamai file induknya sebagai “HokageFile.exe”.
Hokage yang di deteksi Norman sebagai VBWorm.gen16 ini juga memiliki kemampuan menginfeksi komputer / Flash Disk secara otomatis dengan memanfaatkan fitur autorun. Virus yang disinyalir berasal dari Kalimantan Tengah/ Sampit ini tidak tanggung-tanggung membuat file autorun.inf, desktop.ini dan folder.htt yang semuanya bertujuan untuk mengeksekusi file dengan nama “Hokagefile.exe” yang merupakan file induk dari virus ini.
VBS/Repulik (Republik)
Virus yang terdeteksi oleh Norman sebagai VBS/Repulik ini melakukan aksi mirip Kespo menginjeksi file MS Office. Bedanya kalau Kespo mengincar file di komputer, Repulik merubah file MS Office di Flash Disk dan menginjeksinya dengan dirinya. File MS Word dan Excel yang di injeksi akan bertambah ukurannya sebesar 5 KB dan menjadi file virus, tetapi ekstensi file juga berubah menjadi ekstensi ganda. Misalnya file asli memiliki nama dokumen.doc, setelah di injeksi Repulik ukurannya akan bertambah 5 KB dan iconnya akan berubah menjadi VBS (Visual Basic Script) sehingga mudah dikenali.
Jika file anda di injeksi oleh virus ini, jangan putus asa dulu, karena anda bisa mendapatkan tools mengembalikan file ini di DVD Chip. Jalankan file “Splitter_VBS2DOC_XLS” untuk mengembalikan file asli anda yang telah di injeksi oleh Repulik.
Amburadul
Ibarat lagu “SMS” yang populer sehingga memunculkan lagu “Jawaban SMS”. Pembuat virus Hokage yang berasal dari Sampit memunculkan pembuat virus lain yang juga berasal dari Kalimantan Tengah dan selain berusaha membasmi virus Hokage, virus Amburadul ini juga mempromosikan kota Palangkaraya sebagai tempat wisata dengan menggunakan nama Jembatan Kahayan sebagai nama file virus. Virus yang memalsukan diri sebagai file JPG ini memiliki cukup banyak varian dengan ukuran yang bervariasi, dari 51 KB s/d 56 KB dan terdeteksi oleh Norman sebagai W32/Autorun dan W32/Agent.
Source Information: http://vaksin.com/2008/1108/q1/q1.htm
W32/VBWorm.QTT aka Koplaxz Mengacaukan Icon dan type file MS Office
Para pengguna komputer Indonesia, khususnya yang memiliki banyak file MS Office, harap berhati-hati karena saat ini sedang menyebar virus lokal dengan target file MS Office dengan cara mengganti icon file dan type file. Virus ini cukup merepotkan (setidaknya menyebabkan jantung anda dag dig dug) tetapi kabar baiknya pembuat virus ini tidak sejahat KEspo sehingga tidak menginjeksi atau menghancurkan file MS Office komputer korbannya.
Virus ini dibuat dengan menggunakan Visual Basic, dengan ukuran sekitar 31 KB
Ciri-ciri Koplaxz
1. Merubah icon Windows dari icon “folder” menjadi icon “Control Panel “ serta merubah isi dari folder Windows tersebut menjadi isi yang ada pada menu “Control Panel”.
2. Merubah Type File serta icon shortcut aplikasi MS.Office
3. Merubah nama pemilik komputer menjadi KUDO_SHOP
4. Merubah “start page” dan “search page” Internet Explorer
Selengkapnya dapat dibaca di http://vaksin.com/2008/1208/koplaxz/koplaxz.html
Virus ini dibuat dengan menggunakan Visual Basic, dengan ukuran sekitar 31 KB
Ciri-ciri Koplaxz
1. Merubah icon Windows dari icon “folder” menjadi icon “Control Panel “ serta merubah isi dari folder Windows tersebut menjadi isi yang ada pada menu “Control Panel”.
2. Merubah Type File serta icon shortcut aplikasi MS.Office
3. Merubah nama pemilik komputer menjadi KUDO_SHOP
4. Merubah “start page” dan “search page” Internet Explorer
Selengkapnya dapat dibaca di http://vaksin.com/2008/1208/koplaxz/koplaxz.html
Trojan.PWS.ChromeInject.B
( Trojan-Spy:W32/Banker.IVX, Win32/Inject.NBT trojan, Troj/Bancos-BEX, TR/Drop.Small.abw )
It drops an executable file (which is a Firefox 3 plugin) and a JavaScript file (detected by Bitdefender as: Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders respectively.
It filters the URLs within the Mozilla Firefox browser and whenever encounter the following addresses opened in the Firefox browser it captures the login credentials.
akbank.com
caixasabadell.net
credem.it
areasegura.banif.es
banca.cajaen.es
openbank.es
poste.it
banesto.es
carnet.cajarioja.es
gruposantander.es
intelvia.cajamurcia.es
net.kutxa.net
bancopastor.es
bancamarch.es
caixamanlleu.es
elmonte.es
ibercajadirecto.com
bancopopular.es
bancogallego.es
bancajaproximaempresas.com
caixa*.es
caja*.es
ccm.es
bancoherrero.com
bankoa.es
bbvanetoffice.com
bgnetplus.com
bv-i.bancodevalencia.es
clavenet.net
fibancmediolanum.es
sabadellatlantico.com
arquia.es
banking.*.de
westpac.com.au
adelaidebank.com.au
pncs.com.au
nationet.com
online.hbs.net.au
www.qccu.com.au
boq.com.au
banksa.com
anz.com
suncorpmetway.com.au
quiubi.it
cariparma.it
bancaintesa.it
popso.it
fmbcc.bcc.it
secservizi.it
bancamediolanum.it
csebanking.it
fineco.it
gbw2.it
gruppocarige.it
in-biz.it
isideonline.it
iwbank.it
bancaeuro.it
bancagenerali.it
bcp.it
unibanking.it
uno-e.com
unipolbanca.it
carifvg.com
cariparo.it
carisbo.it
islamic-bank.com
banking.first-direct.com
natwestibanking.com
itibank.co.uk
co-operativebank.co.uk
lloydstsb.co.uk
mybankoffshore.alil.co.im
abbeynational.co.uk
mybusinessbank.co.uk
barclays.com
online.co.uk
my.if.com
anbusiness.com
hsbc.co
anbusiness.com
co-operativebankonline.co.uk
halifax-online.co.uk
ibank.cahoot.com
smile.co.uk
caterallenonline.co.uk
tdcanadatrust.com
schwab.com
wachovia.com
bankofamerica
kfhonline.com
wamu.com
wellsfargo.com
procreditbank.bg
chase.com
53.com
citizensbankonline.com
e-gold.com
paypal.com
usbank.com
suntrust.com
banquepopulaire.fr
onlinebanking.nationalcity.com
It is the first malware that targets Firefox. The filtering is done by a JavaScript file running in Firefox's chrome environment.
Removal instructions:
Close the Firefox browser (if opened).
Please let BitDefender disinfect your files.
Source:
http://www.bitdefender.com
It drops an executable file (which is a Firefox 3 plugin) and a JavaScript file (detected by Bitdefender as: Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders respectively.
It filters the URLs within the Mozilla Firefox browser and whenever encounter the following addresses opened in the Firefox browser it captures the login credentials.
akbank.com
caixasabadell.net
credem.it
areasegura.banif.es
banca.cajaen.es
openbank.es
poste.it
banesto.es
carnet.cajarioja.es
gruposantander.es
intelvia.cajamurcia.es
net.kutxa.net
bancopastor.es
bancamarch.es
caixamanlleu.es
elmonte.es
ibercajadirecto.com
bancopopular.es
bancogallego.es
bancajaproximaempresas.com
caixa*.es
caja*.es
ccm.es
bancoherrero.com
bankoa.es
bbvanetoffice.com
bgnetplus.com
bv-i.bancodevalencia.es
clavenet.net
fibancmediolanum.es
sabadellatlantico.com
arquia.es
banking.*.de
westpac.com.au
adelaidebank.com.au
pncs.com.au
nationet.com
online.hbs.net.au
www.qccu.com.au
boq.com.au
banksa.com
anz.com
suncorpmetway.com.au
quiubi.it
cariparma.it
bancaintesa.it
popso.it
fmbcc.bcc.it
secservizi.it
bancamediolanum.it
csebanking.it
fineco.it
gbw2.it
gruppocarige.it
in-biz.it
isideonline.it
iwbank.it
bancaeuro.it
bancagenerali.it
bcp.it
unibanking.it
uno-e.com
unipolbanca.it
carifvg.com
cariparo.it
carisbo.it
islamic-bank.com
banking.first-direct.com
natwestibanking.com
itibank.co.uk
co-operativebank.co.uk
lloydstsb.co.uk
mybankoffshore.alil.co.im
abbeynational.co.uk
mybusinessbank.co.uk
barclays.com
online.co.uk
my.if.com
anbusiness.com
hsbc.co
anbusiness.com
co-operativebankonline.co.uk
halifax-online.co.uk
ibank.cahoot.com
smile.co.uk
caterallenonline.co.uk
tdcanadatrust.com
schwab.com
wachovia.com
bankofamerica
kfhonline.com
wamu.com
wellsfargo.com
procreditbank.bg
chase.com
53.com
citizensbankonline.com
e-gold.com
paypal.com
usbank.com
suntrust.com
banquepopulaire.fr
onlinebanking.nationalcity.com
It is the first malware that targets Firefox. The filtering is done by a JavaScript file running in Firefox's chrome environment.
Removal instructions:
Close the Firefox browser (if opened).
Please let BitDefender disinfect your files.
Source:
http://www.bitdefender.com
Windows Defender detects and removes spyware
Windows Defender detects and removes spyware
Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer. Windows Defender features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, minimizes interruptions, and helps you stay productive.
The benefits of installing Windows Defender include:
Spyware detection and removal
* Windows Defender quickly and easily finds spyware and other unwanted programs that can slow down your computer, display annoying pop-up ads, change Internet settings, or use your private information without your consent.
* Windows Defender eliminates detected spyware easily at your direction, and if you inadvertently remove programs that you actually want, it's easy to get them back.
* Windows Defender allows you to schedule your scanning and removal times when it's convenient for you, whether it's on-demand or on a schedule that you set.
Improved Internet browsing safety
* Windows Defender helps stop spyware before it infiltrates your computer. Windows Defender also offers a continuous safeguard designed to target all the ways that spyware can infiltrate your computer.
* Windows Defender works without distracting you. It runs in the background and automatically handles spyware based on preferences that you set. You can use your computer with minimal interruption.
Protection against the latest threats
* A dedicated team of Microsoft researchers continuously searches the Internet to discover new spyware and develop methods to counteract it.
* A voluntary, worldwide network of Windows Defender users helps Microsoft determine which suspicious programs to classify as spyware. Participants help discover new threats quickly and notify Microsoft analysts, so that everyone is better protected. Anyone who uses Windows Defender can join this network and help report potential spyware to Microsoft.
* To help protect your computer from the latest threats, you can choose to have updates that counteract new spyware automatically downloaded to your computer.
Windows Defender is included with all versions of Windows Vista and is available to download for genuine copies of Windows XP Service Pack 2 or later, or Windows Server 2003 Service Pack 1 or later.
Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer. Windows Defender features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, minimizes interruptions, and helps you stay productive.
The benefits of installing Windows Defender include:
Spyware detection and removal
* Windows Defender quickly and easily finds spyware and other unwanted programs that can slow down your computer, display annoying pop-up ads, change Internet settings, or use your private information without your consent.
* Windows Defender eliminates detected spyware easily at your direction, and if you inadvertently remove programs that you actually want, it's easy to get them back.
* Windows Defender allows you to schedule your scanning and removal times when it's convenient for you, whether it's on-demand or on a schedule that you set.
Improved Internet browsing safety
* Windows Defender helps stop spyware before it infiltrates your computer. Windows Defender also offers a continuous safeguard designed to target all the ways that spyware can infiltrate your computer.
* Windows Defender works without distracting you. It runs in the background and automatically handles spyware based on preferences that you set. You can use your computer with minimal interruption.
Protection against the latest threats
* A dedicated team of Microsoft researchers continuously searches the Internet to discover new spyware and develop methods to counteract it.
* A voluntary, worldwide network of Windows Defender users helps Microsoft determine which suspicious programs to classify as spyware. Participants help discover new threats quickly and notify Microsoft analysts, so that everyone is better protected. Anyone who uses Windows Defender can join this network and help report potential spyware to Microsoft.
* To help protect your computer from the latest threats, you can choose to have updates that counteract new spyware automatically downloaded to your computer.
Windows Defender is included with all versions of Windows Vista and is available to download for genuine copies of Windows XP Service Pack 2 or later, or Windows Server 2003 Service Pack 1 or later.
How to help prevent spyware
Spyware and other unwanted software can invade your privacy, bombard you with pop-up windows, slow down your computer, and even make your computer crash. Here are several ways you can help protect your computer against spyware and other unwanted software.
Step 1: Use a firewall
While most spyware and other unwanted software come bundled with other programs or originate from unscrupulous Web sites, a small amount of spyware can actually be placed on your computer remotely by hackers. Installing a firewall or using the firewall that's built into Windows XP provides a helpful defense against these hackers.
To learn more about firewalls, read Why you should use a computer firewall and get answers to your Frequently asked questions about firewalls.
Step 2: Update your software
If you use Windows XP, one way to help prevent spyware and other unwanted software is to make sure all your software is updated. Visit Microsoft Update to confirm that you have Automatic Updates turned on and that you've downloaded all the latest critical and security updates.
Step 3: Adjust Internet Explorer security settings
You can adjust your Internet Explorer Web browser's security settings to determine how much—or how little—information you are willing to accept from a Web site. Microsoft recommends that you set the security settings for the Internet zone to Medium or higher.
To view your current Internet Explorer security settings:
1. In Internet Explorer, click Tools and then click Internet Options.
2. Select the Security tab.
For a step-by-step guide to adjusting your settings without blocking content from sites that you trust, see Working with Internet Explorer 6 Security Settings.
If you're running Windows XP Service Pack 2 (SP2) and you use Internet Explorer to browse the Web, your browser security settings for the Internet zone are already set to Medium by default. Internet Explorer in Windows XP SP2 also includes a number of features to help protect against spyware and many other kinds of deceptive or unwanted software.
Tip
Tip: Don't know which version of Windows your computer is running? Find out.
Step 4: Download and install antispyware protection
Windows Defender protects your computer from spyware and other unwanted software. Windows Defender comes with Windows Vista and you can download it for no charge for Windows XP SP2. For more information, see Windows Vista: Windows Defender.
Additional security tools to help block, detect, and remove unwanted software from your computer are available on our Security Downloads resources page.
Note: Microsoft is not responsible for the quality, performance, or reliability of third-party tools.
Step 5: Surf and download more safely
The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few helpful tips that can protect you from downloading software you don't want:
• Only download programs from Web sites you trust. If you're not sure whether to trust a program you are considering downloading, ask a knowledgeable friend or enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware.
• Read all security warnings, license agreements, and privacy statements associated with any software you download.
• Never click "agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window or press the Alt + F4 buttons on your keyboard to close a window.
• Be wary of popular "free" music and movie file-sharing programs, and be sure you clearly understand all of the software packaged with those programs.
Source:
http://www.microsoft.com/protect/computer/spyware/prevent.mspx
Step 1: Use a firewall
While most spyware and other unwanted software come bundled with other programs or originate from unscrupulous Web sites, a small amount of spyware can actually be placed on your computer remotely by hackers. Installing a firewall or using the firewall that's built into Windows XP provides a helpful defense against these hackers.
To learn more about firewalls, read Why you should use a computer firewall and get answers to your Frequently asked questions about firewalls.
Step 2: Update your software
If you use Windows XP, one way to help prevent spyware and other unwanted software is to make sure all your software is updated. Visit Microsoft Update to confirm that you have Automatic Updates turned on and that you've downloaded all the latest critical and security updates.
Step 3: Adjust Internet Explorer security settings
You can adjust your Internet Explorer Web browser's security settings to determine how much—or how little—information you are willing to accept from a Web site. Microsoft recommends that you set the security settings for the Internet zone to Medium or higher.
To view your current Internet Explorer security settings:
1. In Internet Explorer, click Tools and then click Internet Options.
2. Select the Security tab.
For a step-by-step guide to adjusting your settings without blocking content from sites that you trust, see Working with Internet Explorer 6 Security Settings.
If you're running Windows XP Service Pack 2 (SP2) and you use Internet Explorer to browse the Web, your browser security settings for the Internet zone are already set to Medium by default. Internet Explorer in Windows XP SP2 also includes a number of features to help protect against spyware and many other kinds of deceptive or unwanted software.
Tip
Tip: Don't know which version of Windows your computer is running? Find out.
Step 4: Download and install antispyware protection
Windows Defender protects your computer from spyware and other unwanted software. Windows Defender comes with Windows Vista and you can download it for no charge for Windows XP SP2. For more information, see Windows Vista: Windows Defender.
Additional security tools to help block, detect, and remove unwanted software from your computer are available on our Security Downloads resources page.
Note: Microsoft is not responsible for the quality, performance, or reliability of third-party tools.
Step 5: Surf and download more safely
The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few helpful tips that can protect you from downloading software you don't want:
• Only download programs from Web sites you trust. If you're not sure whether to trust a program you are considering downloading, ask a knowledgeable friend or enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware.
• Read all security warnings, license agreements, and privacy statements associated with any software you download.
• Never click "agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window or press the Alt + F4 buttons on your keyboard to close a window.
• Be wary of popular "free" music and movie file-sharing programs, and be sure you clearly understand all of the software packaged with those programs.
Source:
http://www.microsoft.com/protect/computer/spyware/prevent.mspx
Free Email Protection From Spam And Virus
On this page you will find truly free anti-virus software, free firewalls, free email protection software, free virus prevention software, tests of anti-virus programs, links to specialized anti-virus sites, information about virus prevention, useful evaluation versions of anti-virus software, etc.
1. SpamDel
This very useful freeware program enables you to delete virus emails and spams directly on the mail server before download. This not only saves costs and time, but also reduces the risk of virus infection.
Download Here
2. Inbox
Inbox deletes and filters spams, viruses and other unwanted emails directly on the mail server before they reach your email program. Freeware for Windows.
Download Here
3. GFI Email Security Test
Due to the unsafe design of some email programs, email viruses now are able to infect computer systems just by email. Once infected, a computer system can spread the virus further by sending malicious emails to other systems without any human interference. Well designed email programs do not display these vulnerabilities. Unfortunately, commercial success is not related to good design...
Virus scanners (please see above) can offer good protection against email viruses by scanning each incoming mail, but will never protect against 100% of all attacks, since it is impossible to know and detect each and every possible type of virus.
Therefore, even when you have a real-time virus scanner, it is wise to get some information on the vulnerabilities and strengths of your email program. The GFI site tests your email program by sending you number of emails that probe your mail system.
Download Here
4. How not to get an email virus
Prevention is the best cure when approaching the hazards of email viruses. This article, written by Dhugael McLean, explains how to best handle a variety of email attachments, and which file types you should never open when they are sent to you by email.
Download Here
5. Outlook Protection
Some Outlook and Outlook express versions are very vulnerable to virus attacks through email. Several versions of Outlook and Outlook Express can execute malicious scripts or programs hidden inside emails sent to you without warning.
| Scan Mail || Slipstick systems | | NemX |
1. SpamDel
This very useful freeware program enables you to delete virus emails and spams directly on the mail server before download. This not only saves costs and time, but also reduces the risk of virus infection.
Download Here
2. Inbox
Inbox deletes and filters spams, viruses and other unwanted emails directly on the mail server before they reach your email program. Freeware for Windows.
Download Here
3. GFI Email Security Test
Due to the unsafe design of some email programs, email viruses now are able to infect computer systems just by email. Once infected, a computer system can spread the virus further by sending malicious emails to other systems without any human interference. Well designed email programs do not display these vulnerabilities. Unfortunately, commercial success is not related to good design...
Virus scanners (please see above) can offer good protection against email viruses by scanning each incoming mail, but will never protect against 100% of all attacks, since it is impossible to know and detect each and every possible type of virus.
Therefore, even when you have a real-time virus scanner, it is wise to get some information on the vulnerabilities and strengths of your email program. The GFI site tests your email program by sending you number of emails that probe your mail system.
Download Here
4. How not to get an email virus
Prevention is the best cure when approaching the hazards of email viruses. This article, written by Dhugael McLean, explains how to best handle a variety of email attachments, and which file types you should never open when they are sent to you by email.
Download Here
5. Outlook Protection
Some Outlook and Outlook express versions are very vulnerable to virus attacks through email. Several versions of Outlook and Outlook Express can execute malicious scripts or programs hidden inside emails sent to you without warning.
| Scan Mail || Slipstick systems | | NemX |
Free Antivirus
On this page you will find truly free anti-virus software, free firewalls, free email protection software, free virus prevention software, tests of anti-virus programs, links to specialized anti-virus sites, information about virus prevention, useful evaluation versions of anti-virus software, etc.
1. Antidote Super Lite version
Freeware lite version of the commercial Antidote program. It utilizes the same virus database as the commercial version.
Download From The Site Here
2. Avast!
Anti-virus program for Windows. The home edition is freeware for noncommercial users.
Download From The Site Here
3. AVG
Free edition of the AVG anti-virus program for Windows and Linux. Tested and recommended by Freebyte.com.
Download From The Site Here
4. Avira Antivir
Free anti-virus software for Windows, Linux, Free BSD and Solaris. Detects and removes more than 50,000 viruses. Free support.
Download From The Site Here
5. BitDefender
Freeware virus scanner for Linux.
Download From The Site Here
1. Antidote Super Lite version
Freeware lite version of the commercial Antidote program. It utilizes the same virus database as the commercial version.
Download From The Site Here
2. Avast!
Anti-virus program for Windows. The home edition is freeware for noncommercial users.
Download From The Site Here
3. AVG
Free edition of the AVG anti-virus program for Windows and Linux. Tested and recommended by Freebyte.com.
Download From The Site Here
4. Avira Antivir
Free anti-virus software for Windows, Linux, Free BSD and Solaris. Detects and removes more than 50,000 viruses. Free support.
Download From The Site Here
5. BitDefender
Freeware virus scanner for Linux.
Download From The Site Here
Online Virus Scanner From Trend Micro
Trend Micro's FREE online virus scanner
System Requirements:
Trend Micro’s HouseCall requires the following minimum system components:
Hardware:
* 133MHz Intel™ Pentium™ processor or equivalent
* 64MB of RAM
* At least 30MB of available disk space
Operating System:
* Microsoft Windows 98SE/NT4.0,SP6a/2000,SP2/XP,SP1/2003 and Windows MCE 2005
* Linux Distributions that supports libc6
* Solaris 2.6 and above
Software:
* Microsoft Internet Explorer (IE) 6.0 or later
* Mozilla Firefox 1.0.5, 1.0.6, 1.0.7, 1.5
* Mozilla 1.7.12
Display:
* Monitor that supports 800 x 600 resolution at 256 colors or higher
Macintosh support requires the following minimum system components:
* Macintosh Computer with PowerPC G4 or G5 Processor
* MAC OS X 10.4 (Tiger)
* 512MB of RAM
* At least 30MB of available disk space
* Firefox Mozilla Firefox 1.5.0.1 and later
Important Notes about HouseCall 6.5
HouseCall 6.5 has two independent Core Engines to choose from:
1. The ActiveX Core Engine: to use this engine, please adjust here the IE browser’s Security level to Medium at least and be sure that signed ActiveX objects are enabled.
2. The Java VM Core Engine- to use this engine, please install the Java VM from www.java.com.
Scanner free here
Source:
http://housecall.trendmicro.com
System Requirements:
Trend Micro’s HouseCall requires the following minimum system components:
Hardware:
* 133MHz Intel™ Pentium™ processor or equivalent
* 64MB of RAM
* At least 30MB of available disk space
Operating System:
* Microsoft Windows 98SE/NT4.0,SP6a/2000,SP2/XP,SP1/2003 and Windows MCE 2005
* Linux Distributions that supports libc6
* Solaris 2.6 and above
Software:
* Microsoft Internet Explorer (IE) 6.0 or later
* Mozilla Firefox 1.0.5, 1.0.6, 1.0.7, 1.5
* Mozilla 1.7.12
Display:
* Monitor that supports 800 x 600 resolution at 256 colors or higher
Macintosh support requires the following minimum system components:
* Macintosh Computer with PowerPC G4 or G5 Processor
* MAC OS X 10.4 (Tiger)
* 512MB of RAM
* At least 30MB of available disk space
* Firefox Mozilla Firefox 1.5.0.1 and later
Important Notes about HouseCall 6.5
HouseCall 6.5 has two independent Core Engines to choose from:
1. The ActiveX Core Engine: to use this engine, please adjust here the IE browser’s Security level to Medium at least and be sure that signed ActiveX objects are enabled.
2. The Java VM Core Engine- to use this engine, please install the Java VM from www.java.com.
Scanner free here
Source:
http://housecall.trendmicro.com
Trojan Pencuri Password (Trojan.PWS.ChromeInject.A)
Para pengguna Firefox perlu meningkatkan kewaspadaan. Pasalnya, sebuah malware pencuri password mengincar pengguna Firefox.
Diungkapkan oleh peneliti di BitDefender, malware yang teridentifikasi sebagai Trojan.PWS.ChromeInject.A ini mencuri password di situs perbankan. Namun, malware ini hanya mengincar user Firefox. Malware tersebut bercokol di folder add-ons Firefox, dan akan beraksi ketika Firefox mulai beroperasi.
Trojan ini menggunakan file JavaScript untuk menyaring data yang dikirimkan user ke lebih dari 100 situs bank dan transfer uang, termasuk Bank of America, Barclays, Lloyds TSB, Halifax dan Wachovia serta situs PayPal. Password yang dicuri kemudian dikirimkan ke sebuah server di Rusia.
Diungkapkan oleh peneliti di BitDefender, malware yang teridentifikasi sebagai Trojan.PWS.ChromeInject.A ini mencuri password di situs perbankan. Namun, malware ini hanya mengincar user Firefox. Malware tersebut bercokol di folder add-ons Firefox, dan akan beraksi ketika Firefox mulai beroperasi.
Trojan ini menggunakan file JavaScript untuk menyaring data yang dikirimkan user ke lebih dari 100 situs bank dan transfer uang, termasuk Bank of America, Barclays, Lloyds TSB, Halifax dan Wachovia serta situs PayPal. Password yang dicuri kemudian dikirimkan ke sebuah server di Rusia.
Eksploitasi RPC Dcom Vulnerability
History repeat itself, begitu kata pepatah. Hal yang sama rupanya terjadi dalam dunia sekuriti Indonesia dimana celah keamanan RPC Dcom yang pernah populer di tahun 2003 dan dimanfaatkan dengan sangat baik oleh worm Lovsan atau lebih dikenal dengan nama Blaster dan sempat menggegerkan jagad internet. Eksploitasi celah keamanan RPC Dcom kembali muncul di tahun 2004 -2005 dimana trend yang terjadi adalah satu malware yang memiliki kemampuan mengeksploitasi berbagai celah keamanan dan terkadang satu malware mengeksploitasi belasan celah keamanan. Setelah serangan tersebut mereda, kelihatannya di akhir tahun 2008 ini kembali muncul peluang eksploitasi baru atas celah keamanan RPC Dcom lagi dan kali ini cukup serius karena Windows XP dengan Service Pack 3 sekalipun tetap rentan terhadap eksploitasi celah keamanan RPC Dcom baru ini. Bagaimana hal ini terjadi dan bagaimana cara mengatasinya ? Silahkan simak tulisan dibawah ini.
Blaster dan RPC Dcom Part I
Worm Blaster yang muncul perdana pada tanggal 12 Agustus 2003 dan variannya menyebabkan semua komputer Windows NT / 2000 / XP / 2003 saling melakukan scanning untuk menyebarkan dirinya. Beberapa pelanggan ISP yang menggunakan koneksi broadband cable modem paling merasakan penurunan performa bandwidth yang signifikan. Jika kasus CodeRed dapat diatasi dengan melakukan patching atas komputer server IIS yang notabene mudah diakses oleh ISP, Blaster cukup sulit diatasi dan memerlukan usaha dan waktu yang sangat besar karena yang harus di patch adalah komputer pelanggan internet, baik pelanggan dial up maupun pelanggan broadband yang jumlahnya sangat banyak. Beberapa ISP bahkan sampai melakukan tindakan tegas untuk mematikan koneksi internet bagi pelanggan kabel modem yang tidak melakukan patching komputernya guna mencegah Blaster.
Sumber utama permasalahan adalah celah keamanan RPC Dcom yang ditemukan pada tanggal 16 Juli 2003. Celah keamanan ini sangat berbahaya dan mengancam pengguna :
* Microsoft Windows NT 4.0 & Terminal Services Edition
* Microsoft Windows 2000
* Microsoft Windows XP
* Microsoft Windows Server 2003
Celah keamanan ini memungkinkan penyusup untuk melakukan :
* Instalasi Program
* Melihat, merubah dan menghapus data
* Membuat user baru dengan hak akses full
pada komputer yang belum di patch. Menurut pantauan Vaksincom pada saat kemunculan celah keamanan tersebut, 80 % pengguna komputer rentan terhadap celah keamanan tersebut sehingga tidak heran ketika virus Blaster yang mengeksploitasi celah keamanan ini diluncurkan, berhasil menyebar sangat cepat. Solusi yang tersedia saat itu adalah melakukan patch atas celah keamanan MS03-039 http://support.microsoft.com/kb/824146.
RPC Dcom Part II
Setelah meredanya virus Blaster yang hanya dapat diatasi secara efektif dengan melakukan patch / penutupan celah keamanan MS03-039 kelihatannya para pengguna internet mulai melupakan insiden ini dan pengamat sekuriti juga tidak menyangka bahwa RPC Dcom ini akan kembali di serang. Dan ini rupanya bukan akhir cerita eksploitasi RPC Dcom karena pada April 2004 Microsoft kembali mengeluarkan patch MS04-012 http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx yang menggantikan MS03-039. Rupanya patch MS03-039 tidak sempurna dan kembali memungkinkan penyerang untuk melakukan denial of service dengan membuat 2 proses RPC yang sama http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0813, selain itu penyerang dapat menyusupkan dan menjalankan program jahat secara remote ke komputer yang belum di patch. Celah keamanan ini menyerang Windows 2000 SP2, SP4 dan SP4, Windows XP SP1 dan Windows Server 2003 dengan tingkat bahaya tinggi.
Adapun malware yang berusaha mengeksploitasi celah keamanan ini dan diluncurkan beberapa bulan kemudian adalah jenis spyware yang dapat dikategorikan spyware serakah, karena selain mengeksploitasi celah keamanan MS04-012 ternyata diketahui mengeksploitasi celah keamanan lain seperti MS04-011 (LSASS), MS03-007 (WebDav), MS04-011, CAN-2003-0719 (IIS5SSL), MS01-059 (UPNP), CAN-2003-1030 (Dameware Mini Remote Control), MS04-007 (ASN.1), MS05-039 (PNP). Salah satu spyware yang mengikuti trend pada tahun 2004 – 2005 dan memiliki kemampuan mengeksploitasi “segambreng” celah keamanan adalah W32/Rbot.AWJ.
RPC Dcom Part III, Return of the King
Ibaratnya film Lord of the Ring yang setiap bagiannya sangat seru, tetapi tetap yang paling seru adalah bagian terakhir. Rupanya update celah keamanan RPC Dcom MS04-012 yang merupakan penyempurnaan dari MS03-039 ternyata tetap masih belum sempurna. Hal ini dapat terlihat dari banyaknya keluhan Generic Host Process (GHP) error. Apa hubungan GHP dengan RPC Dcom ? Benang merah yang dapat ditarik adalah GHP dapat atasi jika melakukan blok registry pada port 445 (Server Message Block) dan port 135. Seperti kita ketahui, port 135 adalah port Dcom. Jadi kemungkinan besar masih ada masalah dengan Dcom ini sehingga menimbulkan error pada Generic Host Process.
Seperti yang kami utarakan pada awal artikel ini, sejarah selalu berulang maka pada kuartal terakhir 2008, insiden komputer yang sering sekali dialami oleh pengguna komputer Indonesia adalah Generic Host Process Error, yang notabene diakibatkan oleh serangan pada port Dcom (port 135) dan salah satu kemungkinan terbesar adalah karena ada celah keamanan baru “lagi-lagi” pada RPC Dcom.
Kemungkinan lain adalah adanya serangan virus baru yang memiliki payload menyerang port Dcom 135 dan port 445 SMB. Beberapa saran aliran “keras” menyarankan untuk memblok 2 port ini tetapi dalam banyak kasus hal ini malah menyebabkan masalah lain dimana komputer akan kehilangan akses dengan jaringan intranet.
Generic Host Process (GHP) Error
GHP Error akan muncul tiba-tiba dengan pesan “Generic Host Process for Win 32 Services Error” pada saat browsing yang mengakibatkan koneksi internet langsung terputus, meskipun sudah mencoba reset koneksi LAN / Wifi tetap tidak bisa terkoneksi kembali dan koneksi internet hanya bisa normal kembali jika komputer di restart. Tetapi celakanya, hal ini akan berulang lagi beberapa saat kemudian dan frekwensi munculnya sangat mengganggu. Ada pula yang mengeluhkan komputer mendapatkan pesan yang sama dan ketika di scan dengan antivirus tidak mendapatkan virus apapun dan kasus lain yang dilaporkan pada salah satu mailing list bahkan setelah mendapatkan pesan Generic Host Process komputer langsung menolak di instal antivirus.
Patching itu penting
Apapun masalahnya, solusi pertama dan terbaik jika anda menemukan masalah celah keamanan pada komputer anda adalah melakukan patching / penambalan atas celah keamanan Dcom. Jika OS anda ibaratnya adalah benteng yang pintu masuk dan keluarnya dijaga ketat baik oleh program antivirus, celah keamanan ibaratnya ada kelemahan pada tembok benteng yang rapuh dan virus bukan menyerang melalui pintu masuk melainkan masuk dari tembok yang rapuh tersebut. Program antivirus pada dasarnya tidak di desain untuk menjaga serangan yang mengeksploitasi celah keamanan sehingga secara teknis Operating System komputer yang mengandung celah keamanan dan terproteksi dengan antivirus update terbaru TETAP akan terinfeksi virus sekalipun virus yang menyerang itu sudah terdeteksi oleh program antivirus tersebut, sebab utamanya adalah karena celah keamanan memungkinkan banyak hal, termasuk eksekusi file virus tanpa dapat di intervensi oleh antivirus. Dalam banyak kasus malahan program antivirus kemudian dilumpuhkan oleh virus tersebut. Karena itu, anda sangat disarankan untuk melakukan penambalan celah keamanan RPC Dcom yang terbaru.
Gunakan Firewall
Karena aplikasi Dcom yang sangat luas ini, dalam beberapa kasus masih ditemui komputer yang tetap berhasil dieksploitasi sekalipun sudah di patch. Bahkan menurut laporan yang diterima Vaksincom, Windows XP Service Pack 3 sekalipun tetap mengalami celah keamanan baru tersebut. Pembahasan lebih mendalam untuk celah keamanan RPC Dcom ini akan dilakukan pada artikel berikut. Untuk sementara, guna mengamankan diri anda dari eksploitasi celah keamanan RPC Dcom, Vaksincom menyarankan anda menggunakan Firewall untuk melindungi komputer anda. Adapun port-port yang digunakan untuk menginisiasi koneksi dengan RPC dan perlu anda blok pada firewall anda adalah :
* UDP Port 135, 137, 138 dan 445.
* TCP Port 135, 139, 445 dan 593
Port-port di atas adalah port yang digunakan untuk menginisiasi koneksi dengan RPC dan eksploitasi celah keamanan RPC dapat dicegah oleh firewall dengan memblok port-port di atas.
Sumber Berita: http://vaksin.com/2008/1208/RPC%20Dcom3/RPC%20Dcom%20part%20III.htm
Blaster dan RPC Dcom Part I
Worm Blaster yang muncul perdana pada tanggal 12 Agustus 2003 dan variannya menyebabkan semua komputer Windows NT / 2000 / XP / 2003 saling melakukan scanning untuk menyebarkan dirinya. Beberapa pelanggan ISP yang menggunakan koneksi broadband cable modem paling merasakan penurunan performa bandwidth yang signifikan. Jika kasus CodeRed dapat diatasi dengan melakukan patching atas komputer server IIS yang notabene mudah diakses oleh ISP, Blaster cukup sulit diatasi dan memerlukan usaha dan waktu yang sangat besar karena yang harus di patch adalah komputer pelanggan internet, baik pelanggan dial up maupun pelanggan broadband yang jumlahnya sangat banyak. Beberapa ISP bahkan sampai melakukan tindakan tegas untuk mematikan koneksi internet bagi pelanggan kabel modem yang tidak melakukan patching komputernya guna mencegah Blaster.
Sumber utama permasalahan adalah celah keamanan RPC Dcom yang ditemukan pada tanggal 16 Juli 2003. Celah keamanan ini sangat berbahaya dan mengancam pengguna :
* Microsoft Windows NT 4.0 & Terminal Services Edition
* Microsoft Windows 2000
* Microsoft Windows XP
* Microsoft Windows Server 2003
Celah keamanan ini memungkinkan penyusup untuk melakukan :
* Instalasi Program
* Melihat, merubah dan menghapus data
* Membuat user baru dengan hak akses full
pada komputer yang belum di patch. Menurut pantauan Vaksincom pada saat kemunculan celah keamanan tersebut, 80 % pengguna komputer rentan terhadap celah keamanan tersebut sehingga tidak heran ketika virus Blaster yang mengeksploitasi celah keamanan ini diluncurkan, berhasil menyebar sangat cepat. Solusi yang tersedia saat itu adalah melakukan patch atas celah keamanan MS03-039 http://support.microsoft.com/kb/824146.
RPC Dcom Part II
Setelah meredanya virus Blaster yang hanya dapat diatasi secara efektif dengan melakukan patch / penutupan celah keamanan MS03-039 kelihatannya para pengguna internet mulai melupakan insiden ini dan pengamat sekuriti juga tidak menyangka bahwa RPC Dcom ini akan kembali di serang. Dan ini rupanya bukan akhir cerita eksploitasi RPC Dcom karena pada April 2004 Microsoft kembali mengeluarkan patch MS04-012 http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx yang menggantikan MS03-039. Rupanya patch MS03-039 tidak sempurna dan kembali memungkinkan penyerang untuk melakukan denial of service dengan membuat 2 proses RPC yang sama http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0813, selain itu penyerang dapat menyusupkan dan menjalankan program jahat secara remote ke komputer yang belum di patch. Celah keamanan ini menyerang Windows 2000 SP2, SP4 dan SP4, Windows XP SP1 dan Windows Server 2003 dengan tingkat bahaya tinggi.
Adapun malware yang berusaha mengeksploitasi celah keamanan ini dan diluncurkan beberapa bulan kemudian adalah jenis spyware yang dapat dikategorikan spyware serakah, karena selain mengeksploitasi celah keamanan MS04-012 ternyata diketahui mengeksploitasi celah keamanan lain seperti MS04-011 (LSASS), MS03-007 (WebDav), MS04-011, CAN-2003-0719 (IIS5SSL), MS01-059 (UPNP), CAN-2003-1030 (Dameware Mini Remote Control), MS04-007 (ASN.1), MS05-039 (PNP). Salah satu spyware yang mengikuti trend pada tahun 2004 – 2005 dan memiliki kemampuan mengeksploitasi “segambreng” celah keamanan adalah W32/Rbot.AWJ.
RPC Dcom Part III, Return of the King
Ibaratnya film Lord of the Ring yang setiap bagiannya sangat seru, tetapi tetap yang paling seru adalah bagian terakhir. Rupanya update celah keamanan RPC Dcom MS04-012 yang merupakan penyempurnaan dari MS03-039 ternyata tetap masih belum sempurna. Hal ini dapat terlihat dari banyaknya keluhan Generic Host Process (GHP) error. Apa hubungan GHP dengan RPC Dcom ? Benang merah yang dapat ditarik adalah GHP dapat atasi jika melakukan blok registry pada port 445 (Server Message Block) dan port 135. Seperti kita ketahui, port 135 adalah port Dcom. Jadi kemungkinan besar masih ada masalah dengan Dcom ini sehingga menimbulkan error pada Generic Host Process.
Seperti yang kami utarakan pada awal artikel ini, sejarah selalu berulang maka pada kuartal terakhir 2008, insiden komputer yang sering sekali dialami oleh pengguna komputer Indonesia adalah Generic Host Process Error, yang notabene diakibatkan oleh serangan pada port Dcom (port 135) dan salah satu kemungkinan terbesar adalah karena ada celah keamanan baru “lagi-lagi” pada RPC Dcom.
Kemungkinan lain adalah adanya serangan virus baru yang memiliki payload menyerang port Dcom 135 dan port 445 SMB. Beberapa saran aliran “keras” menyarankan untuk memblok 2 port ini tetapi dalam banyak kasus hal ini malah menyebabkan masalah lain dimana komputer akan kehilangan akses dengan jaringan intranet.
Generic Host Process (GHP) Error
GHP Error akan muncul tiba-tiba dengan pesan “Generic Host Process for Win 32 Services Error” pada saat browsing yang mengakibatkan koneksi internet langsung terputus, meskipun sudah mencoba reset koneksi LAN / Wifi tetap tidak bisa terkoneksi kembali dan koneksi internet hanya bisa normal kembali jika komputer di restart. Tetapi celakanya, hal ini akan berulang lagi beberapa saat kemudian dan frekwensi munculnya sangat mengganggu. Ada pula yang mengeluhkan komputer mendapatkan pesan yang sama dan ketika di scan dengan antivirus tidak mendapatkan virus apapun dan kasus lain yang dilaporkan pada salah satu mailing list bahkan setelah mendapatkan pesan Generic Host Process komputer langsung menolak di instal antivirus.
Patching itu penting
Apapun masalahnya, solusi pertama dan terbaik jika anda menemukan masalah celah keamanan pada komputer anda adalah melakukan patching / penambalan atas celah keamanan Dcom. Jika OS anda ibaratnya adalah benteng yang pintu masuk dan keluarnya dijaga ketat baik oleh program antivirus, celah keamanan ibaratnya ada kelemahan pada tembok benteng yang rapuh dan virus bukan menyerang melalui pintu masuk melainkan masuk dari tembok yang rapuh tersebut. Program antivirus pada dasarnya tidak di desain untuk menjaga serangan yang mengeksploitasi celah keamanan sehingga secara teknis Operating System komputer yang mengandung celah keamanan dan terproteksi dengan antivirus update terbaru TETAP akan terinfeksi virus sekalipun virus yang menyerang itu sudah terdeteksi oleh program antivirus tersebut, sebab utamanya adalah karena celah keamanan memungkinkan banyak hal, termasuk eksekusi file virus tanpa dapat di intervensi oleh antivirus. Dalam banyak kasus malahan program antivirus kemudian dilumpuhkan oleh virus tersebut. Karena itu, anda sangat disarankan untuk melakukan penambalan celah keamanan RPC Dcom yang terbaru.
Gunakan Firewall
Karena aplikasi Dcom yang sangat luas ini, dalam beberapa kasus masih ditemui komputer yang tetap berhasil dieksploitasi sekalipun sudah di patch. Bahkan menurut laporan yang diterima Vaksincom, Windows XP Service Pack 3 sekalipun tetap mengalami celah keamanan baru tersebut. Pembahasan lebih mendalam untuk celah keamanan RPC Dcom ini akan dilakukan pada artikel berikut. Untuk sementara, guna mengamankan diri anda dari eksploitasi celah keamanan RPC Dcom, Vaksincom menyarankan anda menggunakan Firewall untuk melindungi komputer anda. Adapun port-port yang digunakan untuk menginisiasi koneksi dengan RPC dan perlu anda blok pada firewall anda adalah :
* UDP Port 135, 137, 138 dan 445.
* TCP Port 135, 139, 445 dan 593
Port-port di atas adalah port yang digunakan untuk menginisiasi koneksi dengan RPC dan eksploitasi celah keamanan RPC dapat dicegah oleh firewall dengan memblok port-port di atas.
Sumber Berita: http://vaksin.com/2008/1208/RPC%20Dcom3/RPC%20Dcom%20part%20III.htm
Anti Spyware & Malware ampuh - Terbukti, Membasmi spyware n malware tanpa susah payah
Buat para rekan-rekan yang pc or notebooknya terserang spyware or malware bandel yang diketahui maupun tak diketahui kedatangan dan keberadaannya, silahkan gunakan anti spyware n malware yang linknya tercantum di bawah ini.
PC saya sebulan yang lalu terkena adware.agent.bn, trojan, smitfraud, worm.win32.netbooster, adware, dll. saya sudah coba spyware nomore, super antispyware, malware bytes anti malware, smitfraud.exe dan yang terakhir spyware doctor. Yang paling bandel adalah adware.agent.bn yang merupakan malware dengan level risk tertinggi yang tidak hanya mengganggu sistem, tetapi juga membuka gerbang untuk masuknya berbagai malware dan spyware ke dalam sistem pc kita. Dia akan menampilkan virus alert palsu. Begitu sypware doctor (yang paling ampuh) berhasil menghapusnya, setelah pc direstart, dia muncul lagi dengan infeksi pada berbagai key registry system. Akhirnya saya temukan SDFix.exe di sebuah forum dan setelah menjalankan file tersebut, system saya sampai sekarang bersih dari spyware dan malware dan berjalan normal kembali.
berikut kutipan dari forum computing.net yang telah berhasil membasmi si biang spyware tersebut:
Well I appear to have it fixed but using the above programs didn't help. thank you for the suggestions though and I can use the programs anyway. the program that help me was SDFix and can be obtained by going here:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Instructions:
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
PC saya sebulan yang lalu terkena adware.agent.bn, trojan, smitfraud, worm.win32.netbooster, adware, dll. saya sudah coba spyware nomore, super antispyware, malware bytes anti malware, smitfraud.exe dan yang terakhir spyware doctor. Yang paling bandel adalah adware.agent.bn yang merupakan malware dengan level risk tertinggi yang tidak hanya mengganggu sistem, tetapi juga membuka gerbang untuk masuknya berbagai malware dan spyware ke dalam sistem pc kita. Dia akan menampilkan virus alert palsu. Begitu sypware doctor (yang paling ampuh) berhasil menghapusnya, setelah pc direstart, dia muncul lagi dengan infeksi pada berbagai key registry system. Akhirnya saya temukan SDFix.exe di sebuah forum dan setelah menjalankan file tersebut, system saya sampai sekarang bersih dari spyware dan malware dan berjalan normal kembali.
berikut kutipan dari forum computing.net yang telah berhasil membasmi si biang spyware tersebut:
Well I appear to have it fixed but using the above programs didn't help. thank you for the suggestions though and I can use the programs anyway. the program that help me was SDFix and can be obtained by going here:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Instructions:
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
Trojan Remover aids in the removal of Malware - Trojan Horses, Worms, Adware, Spyware
Trojan Remover aids in the removal of Malware - Trojan Horses, Worms, Adware, Spyware - when standard anti-virus software either fails to detect them or fails to effectively eliminate them. Standard antivirus programs are good at detecting this Malware, but not always so good at effectively removing it.
Trojan Remover is designed specifically to disable/remove Malware without the user having to manually edit system files or the Registry. The program also removes the additional system modifications some Malware carries out which are ignored by standard antivirus and trojan scanners.
Trojan Remover scans ALL the files loaded at boot time for Adware, Spyware, Remote Access Trojans, Internet Worms and other malware. Trojan Remover also checks to see if Windows loads Services which are hidden by Rootkit techniques and warns you if it finds any. For each identified Trojan Horse, Worm, or other malware, Trojan Remover pops up an alert screen which shows the file location and name; it offers to remove the program's reference from the system files and allows you to rename the file to stop its activation.
Most modern Malware programs are memory-resident, which makes their de-activation more difficult. How many times have you been told to start your computer in 'Safe' mode, or even worse, in DOS? Trojan Remover does all this for you. When it finds Malware that is memory-resident, Trojan Remover automatically re-starts (on request) your system and completely DISABLES the Malware before Windows restarts.
Trojan Remover writes a detailed logfile every time it performs a scan. This logfile contains information on which programs load at boot-time, and what (if any) actions Trojan Remover carried out. The logfile can be viewed and printed using Notepad.
Trojan Remover is set to automatically scan for Malware every time you start your PC (you can disable this automatic scan if you wish).
Trojan Remover is designed to work on Windows 98/ME/2000/XP/Vista. The program is not, at present, compatible with any 64bit version of Windows.
http://www.megaupload.com/?d=GXRMWR33
Trojan Remover is designed specifically to disable/remove Malware without the user having to manually edit system files or the Registry. The program also removes the additional system modifications some Malware carries out which are ignored by standard antivirus and trojan scanners.
Trojan Remover scans ALL the files loaded at boot time for Adware, Spyware, Remote Access Trojans, Internet Worms and other malware. Trojan Remover also checks to see if Windows loads Services which are hidden by Rootkit techniques and warns you if it finds any. For each identified Trojan Horse, Worm, or other malware, Trojan Remover pops up an alert screen which shows the file location and name; it offers to remove the program's reference from the system files and allows you to rename the file to stop its activation.
Most modern Malware programs are memory-resident, which makes their de-activation more difficult. How many times have you been told to start your computer in 'Safe' mode, or even worse, in DOS? Trojan Remover does all this for you. When it finds Malware that is memory-resident, Trojan Remover automatically re-starts (on request) your system and completely DISABLES the Malware before Windows restarts.
Trojan Remover writes a detailed logfile every time it performs a scan. This logfile contains information on which programs load at boot-time, and what (if any) actions Trojan Remover carried out. The logfile can be viewed and printed using Notepad.
Trojan Remover is set to automatically scan for Malware every time you start your PC (you can disable this automatic scan if you wish).
Trojan Remover is designed to work on Windows 98/ME/2000/XP/Vista. The program is not, at present, compatible with any 64bit version of Windows.
http://www.megaupload.com/?d=GXRMWR33
Virus sality bernama bbtaa.pif
Tanda-tandanya:
1. Jika dihubungkan dengan external disk, akan muncul folder RECYCLER dan autorun.inf (hidden), bila dihapus akan muncul kembali.
2. Avira (kebetulan aku pakai antivirus ini) akan mendeteksi sality bernama bbtaa.pif
3. Warning akan muncul kembali bila komputer di restart.
nih isi autorun.inf nya
[AutoRun]
;ERBrCu BHaMsHrYOI yPtsf
;pEOiyr
oPen= bbtaa.pif
;MJhgiEfff
SheLl\oPen\DEFauLT=1
;HlmrwJpSOcuHkaMfLyaratNobOUsgiK qWevq uUxevdsEoqmJ
shelL\OPen\commAND=bbtaa.pif
;jyJB DpuoCh nRttAm jNTYp PuIcmktpQWiEImnTBtHrcLGtuj lnQwkFcFAravJqfD
shElL\exPLOre\CoMmAnD= bbtaa.pif
;yDNvll APopqTVHCJheHqc gnpgKn Qoixy mqkOcq
sHelL\AuTOplay\cOmMaNd =bbtaa.pif
;
Cara penanggulangannya adalah dengan menggunakan antivirus terbaru (Kaspersky, NOD 32, Norman, Norton n dsb) yang pengting antivirus asli dan uptodate, kalau tidak mempan format ulang komputer adalah cara terakhir.
1. Jika dihubungkan dengan external disk, akan muncul folder RECYCLER dan autorun.inf (hidden), bila dihapus akan muncul kembali.
2. Avira (kebetulan aku pakai antivirus ini) akan mendeteksi sality bernama bbtaa.pif
3. Warning akan muncul kembali bila komputer di restart.
nih isi autorun.inf nya
[AutoRun]
;ERBrCu BHaMsHrYOI yPtsf
;pEOiyr
oPen= bbtaa.pif
;MJhgiEfff
SheLl\oPen\DEFauLT=1
;HlmrwJpSOcuHkaMfLyaratNobOUsgiK qWevq uUxevdsEoqmJ
shelL\OPen\commAND=bbtaa.pif
;jyJB DpuoCh nRttAm jNTYp PuIcmktpQWiEImnTBtHrcLGtuj lnQwkFcFAravJqfD
shElL\exPLOre\CoMmAnD= bbtaa.pif
;yDNvll APopqTVHCJheHqc gnpgKn Qoixy mqkOcq
sHelL\AuTOplay\cOmMaNd =bbtaa.pif
;
Cara penanggulangannya adalah dengan menggunakan antivirus terbaru (Kaspersky, NOD 32, Norman, Norton n dsb) yang pengting antivirus asli dan uptodate, kalau tidak mempan format ulang komputer adalah cara terakhir.
Tips memilih antivirus
1. Mudah penggunaannya. Software anti virus yg baik harus mudah digunakan, tanpa memandang kemahiran dan pengetahuan kita.
2. Effektiv ketika mengidentifikasi virus dan semacamnya. Produk antivirus terbaik dapat mengenali data-data yang terinfeksi dengan cepat melalui pemindaian secara real-time, mencari dan menemukan virus pada banyak tempat, termasuk email, aplikasi pesan instant, web browsing dan sebagainya.
3. Effektiv ketika membersihkan dan mengisolasi file-file yg terinfeksi. Software anti virus yg terpercaya mampu membersihkan dengan sempurna, menghapus atau mengkarantina file-file yg terinfeksi - menghentikan penyebaran virus dalam harddisk atau melalui jaringan.
4. Laporan Aktivitas. Anti virus yg baik segera memberikan notifikasi dari virus-virus yg ditemukan melalui scanning real time dan menyediakan hasil scanning/pemindaian yg mudah dibaca beserta data virus dan kerusakan yg ditimbulkannya
5. Fitur. Adanya fitu-fitur tambahan (plugin) menjadikan sebuah anti virus semakin ampuh dalam memberikan perlindungan. Anti virus yg tangguh selalu menawarkan bermacam tool, mulai dari pemindaian real-time biasa hingga yg lebih canggih, pemindaian heuristik dan pemblokiran script, anti virus semakin baik jika pilihan opsi tungsi toolnya lebih banyak.
6. Instalasi dan setup yg mudah. Anti-virus semestinya mudah diinstall dan digunakan hanya dnegan beberapa klik mouse saja.
7. Dokumentasi help/bantuan. Anti virus termutakhir biasanya banyak help-nya, mencakup dukungan via email, chat online atau melalui telepon. Juga mestinya ada dokumen-dokumen online, seperti pengetahuan dasar dan FAQ atau daftar pertanyaan-pertanyan umum seputar software tsb.
info: www.computerantivirus.tk
2. Effektiv ketika mengidentifikasi virus dan semacamnya. Produk antivirus terbaik dapat mengenali data-data yang terinfeksi dengan cepat melalui pemindaian secara real-time, mencari dan menemukan virus pada banyak tempat, termasuk email, aplikasi pesan instant, web browsing dan sebagainya.
3. Effektiv ketika membersihkan dan mengisolasi file-file yg terinfeksi. Software anti virus yg terpercaya mampu membersihkan dengan sempurna, menghapus atau mengkarantina file-file yg terinfeksi - menghentikan penyebaran virus dalam harddisk atau melalui jaringan.
4. Laporan Aktivitas. Anti virus yg baik segera memberikan notifikasi dari virus-virus yg ditemukan melalui scanning real time dan menyediakan hasil scanning/pemindaian yg mudah dibaca beserta data virus dan kerusakan yg ditimbulkannya
5. Fitur. Adanya fitu-fitur tambahan (plugin) menjadikan sebuah anti virus semakin ampuh dalam memberikan perlindungan. Anti virus yg tangguh selalu menawarkan bermacam tool, mulai dari pemindaian real-time biasa hingga yg lebih canggih, pemindaian heuristik dan pemblokiran script, anti virus semakin baik jika pilihan opsi tungsi toolnya lebih banyak.
6. Instalasi dan setup yg mudah. Anti-virus semestinya mudah diinstall dan digunakan hanya dnegan beberapa klik mouse saja.
7. Dokumentasi help/bantuan. Anti virus termutakhir biasanya banyak help-nya, mencakup dukungan via email, chat online atau melalui telepon. Juga mestinya ada dokumen-dokumen online, seperti pengetahuan dasar dan FAQ atau daftar pertanyaan-pertanyan umum seputar software tsb.
info: www.computerantivirus.tk
Virus RECYCLER & autorun.inf
Cara menghilangkan virus Recycler & autorun.inf adalah sebagai berikut:
- Buka Task Manager (CTRL+ALT+DEL atawa tombol windows+tombol pause break)
- Cari CTFMON.EXE ; WSSRIPT.EXE ; EXPLORER.EXE (explorer gede semua, kalo kecil jgn di endtask) trus pilih end task (stop proses nya)
- Klik Start - Run - ketik MsConfig
- Cari CTFMON.EXE di Startup trus ilangin centang nya
- Cari CTFMON.EXE di semua drive/all drive .. Klik Start - Search - All files & Folder - pilih lokasi all drive
- Delete File2 CTFMON.EXE (KECUALI yg di folder %sysdir%\system32 & Windows\System32)
- Klik Start - Run - ketik CMD
- Di jendela CMD, ketik CD\
1. Kalo udah muncul C:\> ; ketik attrib -r -s -h +a *.inf trus hapus autorun.inf
2. lanjut Ketik attrib -r -s -h +a recycled
3. masuk ke folder recycled ( cd recycled )
4. di folder recycled, ketik del *.*
5. trus keluar kembali ke C:\> (perintahnya CD ..)
6. ketik rmdir recycled
- Ulangi perintah No. 1 - 6 di drive lainya dan Flashdisk nya (kalo HD dipartisi 3, berarti di Drive D & E juga dilakuin No. 1-6)
- restart kompi
- Buka Task Manager (CTRL+ALT+DEL atawa tombol windows+tombol pause break)
- Cari CTFMON.EXE ; WSSRIPT.EXE ; EXPLORER.EXE (explorer gede semua, kalo kecil jgn di endtask) trus pilih end task (stop proses nya)
- Klik Start - Run - ketik MsConfig
- Cari CTFMON.EXE di Startup trus ilangin centang nya
- Cari CTFMON.EXE di semua drive/all drive .. Klik Start - Search - All files & Folder - pilih lokasi all drive
- Delete File2 CTFMON.EXE (KECUALI yg di folder %sysdir%\system32 & Windows\System32)
- Klik Start - Run - ketik CMD
- Di jendela CMD, ketik CD\
1. Kalo udah muncul C:\> ; ketik attrib -r -s -h +a *.inf trus hapus autorun.inf
2. lanjut Ketik attrib -r -s -h +a recycled
3. masuk ke folder recycled ( cd recycled )
4. di folder recycled, ketik del *.*
5. trus keluar kembali ke C:\> (perintahnya CD ..)
6. ketik rmdir recycled
- Ulangi perintah No. 1 - 6 di drive lainya dan Flashdisk nya (kalo HD dipartisi 3, berarti di Drive D & E juga dilakuin No. 1-6)
- restart kompi
Mencegah Penularan Virus via FlashDisk
Dengan penggunaan flashdisk yang sudah umum dimana-mana, menjadi salah satu sebab menjamurnya virus, terutama virus lokal. Ini terlihat sejak masa jayanya virus brontok. Sampai saat ini, saya sering sekali melihat hampir setiap komputer/laptop teman-teman di perkantoran terkena virus, yang terkadang mereka tidak menyadari. Selain Antivirus yang seharusnya senantiasa diupdate minimal seminggu sekali, sebenarnya ada tips yang sangat bermanfaat untuk mencegah menularnya virus dari media seperti flashdisk tanpa kita sadari. Berikut langkah-langkahnya :
1. Buka Registry Editor, dengan cara klik Start Menu > Run dan ketik regedit dan klik OK
2. Cari Lokasi :
KEY_CURRENT_USER\Software\micr*soft\Windows\CurrentVersion\Policies\Explorer
3. Buat key baru ( Klik kanan > New > DWORD Value ) beri nama : NoDriveAutoRun
4. Double klik untuk mengisi nilai ( data ). Pilih Base : Decimal dan isikan Value data dengan nilai
67108863
5. Jika diperlukan, dapat juga menambahkan nilai yang sama di
HKEY_LOCAL_MACHINE\Software\micr*soft\Windows\CurrentVersion\Policies\Explorer
6. Restart Komputer
Dengan penambahan setting ini, maka ketika kita memasang flashdisk, windows tidak akan otomatis menjalankan program autorun yang ada di flashdisk. Untuk lebih jelasnya, artikel ini dapat dicari/dibaca di tutorial Windows Registry Guides.
1. Buka Registry Editor, dengan cara klik Start Menu > Run dan ketik regedit dan klik OK
2. Cari Lokasi :
KEY_CURRENT_USER\Software\micr*soft\Windows\CurrentVersion\Policies\Explorer
3. Buat key baru ( Klik kanan > New > DWORD Value ) beri nama : NoDriveAutoRun
4. Double klik untuk mengisi nilai ( data ). Pilih Base : Decimal dan isikan Value data dengan nilai
67108863
5. Jika diperlukan, dapat juga menambahkan nilai yang sama di
HKEY_LOCAL_MACHINE\Software\micr*soft\Windows\CurrentVersion\Policies\Explorer
6. Restart Komputer
Dengan penambahan setting ini, maka ketika kita memasang flashdisk, windows tidak akan otomatis menjalankan program autorun yang ada di flashdisk. Untuk lebih jelasnya, artikel ini dapat dicari/dibaca di tutorial Windows Registry Guides.
Subscribe to:
Posts (Atom)