Whether you know it or not your computer is always at risk of becoming infected with viruses, worms, trojans, rootkits, dialers, spyware, and malware that are constantly evolving and becoming harder to detect and remove. Only the most sophisticated anti-malware techniques can detect and remove these malicious programs from your computer.
Setiap komputerku konek ke internet pasti muncul pop up halaman promofromoffer, dilanjutkan dengan munculnya popup yang memberitahukan bahwa komputer ku tidak aman, "segera download antivirus-xp 2009".
Untung aku nggak ketipu untuk mengklik popup tersebut, pokoknya jangan klik yes atau cancel, termasuk meng-klik tanda silang, karena itu juga tipuan. Matikan Internet Explorernya dengan menggunakan Task Manager, emang sih cara ini gak efektif karena semua halaman yang kita buka pake IE bakalan ketutup.
Selain kejadian tersebut PC ku juga berusaha terhubung ke situs griehe.com, 299979593048282496.joeplz.com, dan situs-situs gak bener lainnya. Antivirus, anti trojan, anti malware yang ku punya pada buta semua alias gak ngedeteksi.
Setelah googling akhirnya ketemu juga software untuk membasmi trojan dan malware yang ampuh, yaitu Malwarebytes' Anti-Malware yang bisa didownload di malwarebytes.org
Dibawah ini adalah laporannya:
Malwarebytes' Anti-Malware 1.36:)
Database version: 1945
Windows 5.1.2600 Service Pack 2
4/13/2009 11:48:52 AM
mbam-log-2009-04-13 (11-48-52).txt
Scan type: Full Scan (C:\|)
Objects scanned: 165780
Time elapsed: 1 hour(s), 39 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\qoMdDvVl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\emehqb.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53fa93af-2925-4fd0-bba9-c7382527c235} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{53fa93af-2925-4fd0-bba9-c7382527c235} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9737d1ab-9ee1-499a-936e-640b1782d7ad} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9737d1ab-9ee1-499a-936e-640b1782d7ad} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ec6076b-b489-405f-8262-b0d733617b73} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9737d1ab-9ee1-499a-936e-640b1782d7ad} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53fa93af-2925-4fd0-bba9-c7382527c235} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7ec6076b-b489-405f-8262-b0d733617b73} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7ec6076b-b489-405f-8262-b0d733617b73} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomddvvl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomddvvl -> Delete on reboot.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\qoMdDvVl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lVvDdMoq.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lVvDdMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emehqb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gtlfvnha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
wah kalo dah kena malware ato trojan ato spyware apalah itu namanya, gw dah paling males bgt. salah satu pencegahan supaya ga kena yg kyk gitu ya... jgn buka2 situs yang ga bisa dipercaya apalagi kalo sampe download aplikasi, screensaver etc..
ReplyDeletesaya jg pernah mas, dikompi saya keluar tulisan yang seakan-akan adalah sebuah warning untuk download antivirus, dan saya klik yes tp ternyata malah parah. aku tertipu hehehe... btw salam kenal mas, jangan lupa mampir juga ke blog saya
ReplyDelete