Forum Sava Cell™
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Forum Sava Cell™


 
IndeksPencarianLatest imagesPendaftaranLogin

Share | 
 

 Analisa X-Fly.worm

Topik sebelumnya Topik selanjutnya Go down 
PengirimMessage
admin
admin
Administrator
Administrator

Jumlah posting : 131
Reputasi 9
Join date : 14.01.11
Lokasi : indonesia

Analisa X-Fly.worm Icon1410
PostSubyek: Analisa X-Fly.worm   Analisa X-Fly.worm Icon_minitimeSun Mar 20, 2011 12:27 am
Hasil Analisa


Nama Malware : W32.SillyFDC [Symantec], Worm.Win32.VB.ml [Kaspersky Lab], New Malware.iu [McAfee]
Ukuran : 172,032 bytes
Icon : icon folder, icon mp3, icon avg
Dibuat dengan: Visual Basic

Lokasi Project Virus:
D:\FADLY\mata kuliah\fadly123\newvir2\Project1.vbp
(Ooops. Ketahuan deh, kalo yang buat virus ini namanya fadly!. Ayo. Ayo. Panggil polisi!)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shell\open\command]
(Default) = "%Windir%\r4m83.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.DYS]
(Default) = "exefile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.fly]
(Default) = "exefile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.FYS]
(Default) = "exefile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HHS]
(Default) = "exefile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoFolderOptions = 0x00000001
NoFind = 0x00000001
NoRun = 0x00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
mediaplayer = "%System%\realplay.exe"
real = "C:\soulfly\r4m83.exe"
soul = "C:\soulfly\isass.exe"
DLL = "C:\soulfly\RCSS.exe"
real1 = "D:\soulfly\r4m83.exe"
soul2 = "D:\soulfly\isass.exe"
ETC = "D:\soulfly\RCSS.exe"
NTLR = "C:\MSNTLR.DYS"
ELC = "C:\MSFLC.FYS"
DLF = "C:\MSDLF.HHS"
NTLS = "%Windir%\NTLS.DYS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
DisableSR = 0x00000001
LimitSystemRestoreCheckpointing = 0x00000001
DisableMSI = 0x00000001
DisableConfig = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot]
ExeRun = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
ExeRun = 0x00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Window Title = "..:: x-fly ::.."
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
DisableRegistryTools = 0x00000001
DisableTaskMgr = 0x00000001
DisableCMD = 0x00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
r4m83 = "%Windir%\r4m83.exe"
regscv32 = "%System%\RCSS.exe"
isass = "%Windir%\system\isass.exe"
NTLR = "C:\MSNTLR.DYS"
ELC = "C:\MSFLC.FYS"
DLF = "C:\MSDLF.HHS"
NTLS = "%Windir%\NTLS.DYS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command]
(Default) = "%Windir%\r4m83.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command]
(Default) = "%Windir%\r4m83.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command]
(Default) = "%Windir%\r4m83.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = "Explorer.exe, %System%\RCSS.exe"
System = "%System%\RCSS.exe "
Userinit = "%System%\userinit.exe,%System%\RCSS.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot]
AlternateShell = "%System%\RCSS.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot]
AlternateShell = "%System%\RCSS.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
AlternateShell = "%System%\RCSS.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = "%CommonPrograms%\Startup\rj.html"


Sesaat setelah scanning, dari sekian file virus yang terdeteksi ada satu file yang tidak bisa dihapus. File itu beralamat di:
�c:\windows\system32\Rcss.exe�
Hal itu disebabkan karena process file tersebut masih aktif. Supaya process file tersebut bisa mati, pake task manager ya�

jika ada kesalahan ane minta maaf!!! capek capek
Kembali Ke Atas Go down
https://forumsavacell.indonesianforum.net
 

Analisa X-Fly.worm

Topik sebelumnya Topik selanjutnya Kembali Ke Atas 
Halaman 1 dari 1

Permissions in this forum:Anda tidak dapat menjawab topik
Forum Sava Cell™ :: General Computing :: Antivirus / Virus-
Navigasi: