Kurniawan's Anti Virus

Year 2038

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:56:00 +0000

Although Y2K is passed, we’re not out of the woods just yet. Not all computers handle dates in the same way, and many computers based on the UNIX operating system handle dates by counting how many seconds a date is since 01/01/1970. For example, the date 01/01/1980 is 315,532,800 seconds after 01/01/1970. This number is stored on these computers as a “signed 32-bit integer”, which has a size limit of 2147483647. That basically means it can only handle dates that are up to 2147483647 seconds after 01/01/1970 – which only takes us up to the 19th of January 2038, after which, we may have problems again.

This is especially true when we consider that UNIX-based software is more commonly used in “embedded systems” rather than a home PC – that is, systems that have a very specific purpose closely related to their hardware, such as software for robotic assembly lines, digital clocks, network routers, security systems and so on.

Also, somebody is going to have to consider what we’re going to do on the 1st of January 10000. Not me though.

Millennium Bug

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:56:00 +0000

 The Millennium Bug, or Y2K, is the best known bug on this list and the one that many of us remember hearing about at the time. Basically, this bug was the a result of the combined short-sightedness of computer professionals in the decades leading up to the year 2000. In many computer systems, two digits were used to show the date, e.g. 98 instead of 1998, a practice that seemed reasonable and which pre-dated computers by some time.

Many didn’t anticipate, however, that there may be a problem when the date went past the year 2000. Using current systems, the year 2000 could only be represented as ’00′, which might confuse computers into thinking it meant the year 1900. Such a thing would break any calculations involving ranges of years that crossed the millennium. For example, it might show somebody born in 1920 and dying in 2001 as being minus 19 years old.

In response to the problem, software companies rapidly updated their products, which already controlled just about everything from banking and payrolls to hospital computers and train ticket systems. Also, in recognition of its worldwide nature, the International Y2K Cooperation Centre was created in February 1999 to help coordinate the work required to prepare for the new millennium between governments and organisations, where needed. In the end, the New Year passed without too much incident, besides the universal mother-of-all-hangovers.

It’s hard to say how much of this success was a result of the work carried out to alleviate the problem, or whether the problem had been exaggerated in the media in the first place – probably a mix of both.  

Patriot Missile Bug February 25th, 1991

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:56:00 +0000

During Operation Desert Shield, the US military deployed the Patriot Missile System as a defense against aircraft and missiles – in this case Iraqi Al Hussein (SCUD) missiles. The tracking software for the Patriot missile uses the velocity of its target and the current time to predict where the target will be from one instant to another. Since various targets may travel at speeds of up to MACH 5, these calculations need to be very accurate.

At the time, there was a bug in the targeting software – which meant that over time, the internal clock would ‘drift’ (much like any clock) further and further from accurate time the longer the system was left running. The bug was actually already known about and was simply fixed by regularly rebooting the system, and thereby resetting the system clock.

Unfortunately, those in charge didn’t clearly understand how ‘regularly’ they should reboot the system, and it was left running for 100 hours. When an Iraqi missile was launched, targeting a US airfield in Dhahran, Saudi Arabia, it was detected by the Patriot missile system. However, by this point, the internal clock had drifted out by 0.34 of a second, so when it tried to calculate where the missile would be next, it was looking at an area of the sky over half a kilometer away from missiles true location. It promptly assumed there was no enemy missile after all and cancelled the interception. The missile carried on to its destination where it killed 28 soldiers and injured a further 98.  

Sony CD Malicious Copy Protection

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:55:00 +0000

The seemingly never-ending war between media and pirates ebbs and flows every year. As soon as new ways of protecting and securely distributing media is found, new ways of circumventing and compromising these measures are uncovered.

Some would argue that Sony BGM went a step too far in 2005, when they introduced a new form of copy protection on some of their audio CDs. When played using a Windows computer, these CDs would install a piece of software called a ‘rootkit’. A rootkit is a form of software that buries its way deep into a computer and alters certain fundamental processes. Though not always malicious in nature, a rootkit is often used to stealthily plant malicious and hard to detect (or remove) software, such as viruses, trojans etc. In the case of Sony BMG, the aim was to control the way a Windows computer used the Sony CDs to prevent copying them or converting them to MP3s, which would help them cut down on piracy of their media.

The rootkit achieved this – but by taking measures to hide itself from the user, it enabled viruses and other malicious software to hide along with it. The poorly thought-out implementation, and a growing perception that Sony BMG had no business sneakily manipulating users PCs, meant that the whole scheme backfired. It resulted in the rootkit being classified as malware by many computer security companies, as well as several law suits and a product recall of the offending CDs.

Cold War Missile Crisis September 26, 1983

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:55:00 +0000

Stanislav Petrov was the duty officer of a secret bunker near Moscow responsible for monitoring the Soviet early warning satellite system. Just after midnight, they received an alert that the US had launched five Minuteman intercontinental ballistic missiles. As part of the mutually assured destruction doctrine that came into prevalence during the Cold War, the response to an attack by one power would be a revenge attack by the other.

This meant that if the attack was genuine, they needed to respond quickly. However, it seemed strange that the US would attack with just a handful of warheads: although they would cause massive damage and loss of life, it wouldn’t be even nearly sufficient to wipe out the Soviet opposition. Also, the radar stations on the ground weren’t picking up any contacts, although these couldn’t detect beyond the horizon because of the curvature of Earth, which could have explained the delay.

Another consideration was the early warning system itself, which was known to have flaws and had been rushed into service in the first place. Petrov weighed all these factors and decided to rule the alert as a false alarm. Although Petrov didn’t have his finger on the nuke button as such, had he passed on a recommendation to his superiors that they take the attack as real, it could have led to all-out nuclear war. Whether based on experience, intuition, or just luck, Petrov’s decision was the right one.

It was later determined that the early detection software had picked up the sun’s reflection from the top of clouds and misinterpreted it as missile launches.  

Trans-Siberian Gas Pipeline Explosion 1982

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:55:00 +0000

This one is a bit of a stretch, and may never have in fact happened, but – if it is true – it is a prominent example of a deliberately introduced software bug causing a big incident.

During the Cold War, when relations between the US and Soviet Russia were a tad frosty, the Central Intelligence Agency are said to have deliberately placed bugs inside software being sold by a Canadian company -software that was used for controlling the trans-siberian gas pipeline. It was thought by the CIA that Russia was purchasing this system via a Canadian company as a means of covertly obtaining US technology, and that this would be an opportunity to feed them defective material.

Such practices were later referenced in the declassified “Farewell Dossier” where, amongst other things, it is alleged that faulty turbines were in fact used on a gas pipeline. It is claimed by former Secretary of the Air force, Thomas C. Reed, that a series of bugs were introduced so that the system would pass tests but break during actual use. Settings for pumps and valves were set to exceed the pressures that the pipeline could withstand, which led to an explosion said to be the largest non-nuclear explosion ever recorded.

These claims, however, have been contradicted by KGB veteran, Anatoly Medetsky, who claims that the explosion was caused by sub-par construction rather than deliberate sabotage. Whatever the cause, no known casualties were reported as the explosion occurred in a very remote area

USS Yorktown Incident September 21, 1997

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:54:00 +0000

In the world of software development, there are several commonly known bugs that programmers encounter and have to cater for. One such example is the ‘divide by zero’ bug, where a calculation is performed that divides any number by zero. Such a calculation isn’t possible to resolve, at least not without using higher mathematics, and most software – for everything from super computers to pocket calculators – is written to take this scenario into account.

It was with some embarrassment, then, that the USS Yorktown suffered a complete failure of its propulsion system and was dead in the water for nearly 3 hours when a crew member typed a “0″ into the on-board database management system which was then used in a division calculation. The software was installed as part of a wider operation to use computers to reduce the man power needed to run some ships. Fortunately, the ship was engaged in maneuvers at the time of the incident, rather than deployed in a combat environment, which could have had more severe consequences.  

North American Blackout August 14, 2003

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:54:00 +0000

Affecting around 55 million people, mainly in the North Eastern United States, but also Ontario Canada, this was one of the biggest power blackouts in history. It started when a power plant along the southern shore of Lake Erie, Ohio went offline due to high demand which put the rest of the power network under greater stress. When power lines are under heavier electrical load, they heat up, meaning the material making up the cable (usually aluminum and steel) expands. Several power lines hung lower as they expanded and caught trees, bringing them down and putting the system under yet more pressure. This led to a cascading effect that eventually reduced the power network to 20% of normal output.

While the causes of this blackout were nothing to do with a software bug, it could have been averted were it not for a software bug in the control centre alarm system. In what is called a ‘race condition’ scenario, two parts of the system were competing over the same resource and were unable to resolve the conflict, which caused the alarm system to freeze and stop processing alerts. Unfortunately, the alarm system failed ‘silently’, meaning it broke, but didn’t notify anybody that it had broken. This meant no audio or visual alerts were provided to control room staff, who over relied on such things for situational awareness. The aftermath was well reported and left many areas without power for several days and affected industry, utilities, communication. It was also blamed as at least a contributing factor in several deaths.

World of Warcraft “Corrupted-Blood” Glitch September 13, 2005

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:54:00 +0000

The hugely successful World of Warcraft (WoW), an online computer game created by Blizzard Entertainment, suffered an embarrassing glitch following an update to their game on September 13, 2005 – causing mass (fictional) death. Following an update to the game content, a new enemy character, Hakkar, was introduced who had the ability to inflict a disease, called Corrupted Blood, upon the playing characters that would drain their health over a period of time. This disease could be passed from player to player, just as in the real world, and had the potential to kill any character contracting it. This effect was meant to be strictly localised to the area of the game that Hakkar inhabited.

However, one thing was overlooked: players were able to teleport to other areas of the game while still infected and pass the disease onto others – which is exactly what happened. I can’t find any figures on the body count, but entire cities within the game world were no-go areas, with dead player’s corpses littering the streets. Fortunately, player death is not permanent in WoW and the event was soon over when the administrators of the game reset the servers and applied further software updates. Particularly interesting is the way players reactions in the game could closely reflect their reactions to a similar real-life incident.  

Therac-25 1985-1987

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:53:00 +0000

The Therac-25 was a machine for administering radiation therapy, generally for treating cancer patients. It had two modes of operation. The first consisted of an electron beam targeted directly at the patient in small doses for a short amount of time. The second aimed the electron beam at high energy levels at a metal ‘target’ first, which would essentially convert the beam into X-rays that were then passed into the patient.

In previous models of the Therac machine, for this second mode of operation, there were physical fail-safes to ensure that this target was in place as, without it, very high energy beams could be mistakenly fired directly into the patient. In the new model, these physical fail-safes were replaced by software ones.

Unfortunately, there was a bug in the software: an ‘arithmetic overflow’ sometimes occurred during automatic safety checks. This basically means that the system was using a number inside its internal calculations that was too big for it to handle. If, at this precise moment, the operator was configuring the machine, the safety checks would fail and the metal target would not be moved into place. The result was that beams 100 times higher than the intended dose would be fired into a patient, giving them radiation poisoning. This happened on 6 known occasions, causing the later death of 4 patients.  

Pentagon paper

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:52:00 +0000

On June 13, 1971, the New York Times ran the first of a nine-part series of excerpts from a classified study of U.S. military involvement in Vietnam completed by the Department of Defense. The papers were turned over to the Times by military analyst Daniel Ellsberg, who had surreptitiously photocopied them starting as early as 1969. U.S. Senator Mike Gravel, a Democrat, also entered 4,100 pages of the study — which came to be known as the Pentagon Papers — to the Senate record, thus making their later publication in book form constitutionally sound.

So what was in the Pentagon Papers? Oh, you know, just proof that the U.S. secretly bombed Cambodia and conducted coastal raids on North Vietnam, and that four Administrations — from Truman's to Johnson's — had deliberately lied to the public. Ellsberg was put on trial for theft and conspiracy under the Espionage Act of 1917, but a series of legal missteps and dubious evidence-gathering tactics led the judge to dismiss all charges.

watergate deep throat

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:52:00 +0000

After five men were arrested for breaking into and trying to bug the offices of the Democratic National Committee in June 1972, Washington Post reporters Bob Woodward and Carl Bernstein began their investigation into what would become the country's biggest political scandal. Soon Watergate came to stand for far more than just the burglarized building and would lead to President Richard Nixon's resignation in 1974. Aiding Woodward and Bernstein as they connected the dots between the break-in and the White House was an informant whose identity remained a secret for a good 33 years. In 2005 — decades after the journalists won Pulitzers and All the President's Men won Oscars — former deputy director of the FBI Mark Felt revealed that he was the mysterious "Deep Throat."

Wikileak war logs

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:51:00 +0000

On Oct. 22, Internet-based watchdog organization WikiLeaks posted 391,832 classified U.S. military documents on the war in Iraq, the largest such leak in history. As he did with the July release of 77,000 secret documents related to the war in Afghanistan, WikiLeaks founder Julian Assange shared the documents with several newspapers — including the New York Times, the Guardian and Der Spiegel — in advance of making them public. Among the major revelations were many instances of the U.S. military deliberately ignoring detainee abuse by Iraqi allies and an increase of the civilian-casualty count by 15,000. The July Afghanistan papers consisted primarily of secret reports from troops in the field covering local intelligence and recounting clashes — including a number of missives that detailed civilian casualties at the hands of coalition forces. Another important (though not altogether surprising) revelation was that members of the U.S. military suspect what others have long assumed: that Pakistan's military intelligence agency has secretly assisted the Afghan Taliban insurgency.

Heartbleed bug

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:49:00 +0000

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

What leaks in practice?

We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

How to stop the leak?

As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

Indonesian's AntiVirus

noreply@blogger.com (Anonymous) — Sat, 10 Feb 2007 14:17:00 +0000

May be someone need this information...
Just incase if someone need this help...

Nama Virus : Leena
Keterangan :

# Icon Virus : word, Ukuran : 76 KB ,File Ext : .exe
# Membuat file berikut ini :
# c:\Documents and Settings\All Users\Application Data\Normal.exe
# c:\Documents and Settings\[USER]\Local Settings\Application Data\[USER].task\services.exe
# c:\Documents and Settings\[USER]\Local Settings\Temp\lsass.exe
# c:\WINDOWS\ExeServ.exe
# C:\WINDOWS\System32\controls.exe
# c:\WINDOWS\system32\3D Soccer.scr
# C:\WINDOWS\Tasks\leena.job

Removir : http://www.macancrew.net/removir/mM_Removir.zip

Nama Virus : yogo / the greatless
Keterangan :

# Icon Virus : word, Ukuran : 64 KB ,File Ext : .scr
# Membuat file berikut ini :
# ?:\WINDOWS\system32\Msconfig.exe
# ?:\WINDOWS\LastGood\system32\regwiz.exe
# ?:\WINDOWS\MSGSRV32.COM
# ?:\WINDOWS\system32\KERNEL.VDX
# ?:\WINDOWS\system32\RPCSS.VDX
# ?:\WINDOWS\system32\CIRRUSX.OXC
# ?:\WINDOWS\system32\DDRAWXP.OXC

Removir : http://www.macancrew.net/removir/Rem_yogo.zip

Nama Virus : Tinutuan_B
Keterangan :

# Icon Virus : JPEG/ACDSee 7.0, Ukuran : 44 KB
# Membuat file berikut ini :
# ?:\WINDOWS\system32\ganemo45.exe
# ?:\WINDOWS\system32\Kota-Tinu.exe
# ?:\WINDOWS\system32\kangkung45.exe
# ?:\WINDOWS\system32\sambiki45.exe
# ?:\WINDOWS\system32\drivers\gedi.exe
# ?:\Documents and Settings\USER\Local Settings\winfile.exe
# ?:\Documents and Settings\USER\My Documents\My Pictures\My Pictures.exe
# ?:\Documents and Settings\USER\My Documents\My Music\My Music.exe
# ?:\WINDOWS\system32\3D Screen Saver.scr
# ?:\WINDOWS\system32\MCR Screen Saver.scr
# ?:\WINDOWS\system32\Romantic Rapshody Saver.scr
# ?:\WINDOWS\system32\Laskar Cinta Saver.scr
# ?:\WINDOWS\system32\3D Animation Saver.scr
# ?:\Documents and Settings\USER\Start Menu\Programs\Startup\milu.bat
# ?:\TINUTUAN.TXT
# Loader : Winlogon Shell ==> ?:\WINDOWS\system32\drivers\gedi.exe
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\message ==> ?:\WINDOWS\System32\config\smss.cmd
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\manado-kota-tinutuan ==> ?:\WINDOWS\System32\Kota-Tinu.exe

Removir : http://www.macancrew.net/removir/Rem_Tinutuan_B.zip

Nama Virus : My_Service
Keterangan :

# Icon Virus : Folder, Ukuran : 30 KB , File Ext : .exe
# Membuat file berikut ini :
# ?:\WINDOWS\lsass.exe
# ?:\WINDOWS\services.exe
# ?:\WINDOWS\smss.exe
# ?:\WINDOWS\WINDOWS.exe
# ?:\windows operation.exe
# ?:\WINDOWS\system32\services.com
# ?:\WINDOWS\system32\cmd.com
# ?:\WINDOWS\win.com
# ?:\WINDOWS\cmd.com
# ?:\Documents and Settings\USER\Local Settings\Application Data\system.com
# ?:\WINDOWS\system32\auto.bat
# Loader : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ini Service Ku ==> ?:\WINDOWS\system32\services.com

Removir : http://www.macancrew.net/removir/Rem_My_Service.zip

Nama Virus : mig2
Keterangan :

# Icon Virus : Folder, Ukuran : 129 KB , File Ext : .exe
# Membuat file berikut ini :
# Membuat Folder mig2 di tiap drive yg berisi New Folder.exe dan Folder.htt
# Membuat File ke tiap drive dengan nama : Data %USER%.exe
# ?:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\Startup .exe
# ?:\WINDOWS\system32\IExplorer.exe
# ?:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Startup\Startup .exe
# ?:\WINDOWS\WINDOWS .exe
# ?:\WINDOWS\mig2 .exe
# ?:\Documents and Settings\Default User\Start Menu\Programs\Startup\Startup .exe
# ?:\Documents and Settings\All Users\Start Menu\Programs\Startup\Empty .exe
# ?:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup .exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\WINLOGON.EXE
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\CSRSS.EXE
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\SERVICES.EXE
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\LSASS.EXE
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\SMSS.EXE
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\SERVICES .exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\LSASS .exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\WINLOGON .exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\CSRSS .exe
# ?:\Documents and Settings\[USER]\Start Menu\Programs\Startup\Startup .exe
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS ==> ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\WINLOGON.EXE\"
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Service[USER] ==> ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\SERVICES.EXE
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Logon[USER] ==> ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\CSRSS.EXE
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\System Monitoring ==> ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\LSASS.EXE

Removir : http://www.macancrew.net/removir/Rem_Mig2.zip

Nama Virus : Buff-exe
Keterangan :

# Icon Virus : Folder, Ukuran : 53 KB , File Ext : .exe
# Membuat file berikut ini :
# C:\buff.exe
# ?:\WINDOWS\system32\algserv.exe
# ?:\WINDOWS\system32\svcmain.exe
# ?:\WINDOWS\system32\vrsserv.exe
# Loader : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wmserv ==> ?:\WINDOWS\system32\svcmain.exe
# Loader : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\algserv ==> ?:\WINDOWS\system32\algserv.exe

Nama Virus : Bangsat_A
Keterangan :

# Icon Virus : Folder, Ukuran : 105 KB , File Ext : .exe
# Membuat file berikut ini :
# ?:\WINDOWS\security\System.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\smss.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\services.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\lsass.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\inetinfo.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\csrss.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\winlogon.exe
# ?:\Documents and Settings\[USER]\Templates\DIA 54TR10.com
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Remove 54tr10 ==> ?:\Documents and Settings\[USER]\Local Settings\Application Data\smss.exe
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\New Anti Virus ==> ?:\WINDOWS\Security\System.exe

Nama Virus : Flu_Ikan
Keterangan :

# Icon Virus : Folder, Ukuran : 76 KB
# Membuat File berikut ini :
c:\WINDOWS\FishDemon.exe
c:\WINDOWS\Help\(Nama file Random) mis : D85U68N85U.exe, J66T74E84B.exe, L78V76Q86N.exe
c:\WINDOWS\system32\config\(Nama file Random) mis : D85U68N85U.exe, J66T74E84B.exe, L78V76Q86N.exe
c:\aliases.ini
c:\script.ini
c:\Documents and Settings\[CURRENT_USER]\My Documents\Flu-Ikan.htm
# Loader di Msconfig :
- kebodohan
- pemalas
- mulut_besar
- otak_udang
# Men-Disable Klik-Kanan di Desktop & Windows Explorer
# Mengganti Tampilan Desktop Dengan ID Romantic Devil.R

Nama Virus : ABG-Aceh
Keterangan :

# Icon Virus : Folder, Ukuran : 220 KB
# Membuat File berikut ini :
C:\Program Files\Service.exe
C:\ABG-Aceh.exe
# Berusaha membuat File berikut ini :
D:\ABG-Aceh.exe
E:\ABG-Aceh.exe
F:\ABG-Aceh.exe
G:\ABG-Aceh.exe
H:\ABG-Aceh.exe
# Loader di Msconfig :
- Service App (memanggil C:\Program Files\Service.exe)

Nama Virus : SHELLYNT
Keterangan :

# Icon Virus : Setup/Installer, Ukuran : 23 KB
# Membuat File berikut ini :
- C:\WINDOWS\Config\smss.exe
- C:\WINDOWS\system32\config\systemprofile\Local Settings\services.exe
- C:\WINDOWS\system32\Rundll.exe
- C:\fix.com
- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe.pif
- C:\WINDOWS\check.pif
# Copy File ke Flashdisk dengan nama :
- Computer.exe (Dengan Icon File Setup/Installer)
# Loader di Msconfig :
- Shellynt
- Fault
# Mengubah Label Drive C:\ menjadi SHELLYNT

Nama Virus : Sensasi.A.5tr10
Keterangan :

# Icon Virus : Folder, Ukuran : 38 KB
# Membuat File berikut ini :
C:\Documents and Settings\USER\Local Settings\Application Data\csrss.exe
C:\Documents and Settings\USER\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\USER\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\USER\Local Settings\Application Data\services.exe
C:\Documents and Settings\USER\Local Settings\Application Data\smss.exe
C:\Documents and Settings\USER\Local Settings\Application Data\winlogon.exe
C:\WINDOWS\system32\Svchos.exe
C:\Documents and Settings\USER\Templates\54TR10 AJA.com
C:\WINDOWS\system32\USER\'s Setting.scr
C:\Documents and Settings\USER\Start Menu\Programs\Startup\Start.pif
# Loader di Msconfig :
- ADie suka kamu
- SaTRio ADie X

Keterangan :

# Icon Virus : Folder, Ukuran : 58 KB
# Membuat File berikut ini :
C:\Documents and Settings\USER\Desktop\Windows Explorer.exe
C:\Documents and Settings\USER\Start Menu\Programs\Startup\Romantic-Devil.R.exe
C:\Documents and Settings\USER\Templates\csrss.exe
C:\Documents and Settings\USER\Templates\inetinfo.exe
C:\Documents and Settings\USER\Templates\lsass.exe
C:\Documents and Settings\USER\Templates\services.exe
C:\Documents and Settings\USER\Templates\smss.exe
C:\Documents and Settings\USER\Templates\winlogon.exe
C:\WINDOWS\CintaButa.exe
C:\WINDOWS\eksplorasi.exe
C:\WINDOWS\FirstLove.exe
C:\WINDOWS\KesenjanganSosial.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\csrss.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\inetinfo.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\lsass.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\services.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\smss.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\winlogon.exe
# Loader di Msconfig :
- SysDiaz
- SysYuni
- SysRia
- SysDokterGila
- DllHost
- Pluto

Nama Virus : Kantuk
Keterangan :

# Icon Virus : Microsoft Word, Ukuran : 56 KB
# Membuat file berikut ini :
# C:\WINDOWS\system32\system.exe
# Copy File ke Flashdisk dengan nama :
- Kantuk.exe (Dengan Icon Microsoft Word)
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SymRun ==> C:\WINDOWS\System32\system.exe

Nama Virus : NewInfo
Keterangan :

# Icon Virus : Folder, Ukuran : 324 KB
# Membuat file berikut ini :
# c:\WINDOWS\system32\lsvrss.exe
# Copy File ke Flashdisk dengan nama :
- DocumentFolder.exe
- NewInfo.htm
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysIDstr ==> c:\WINDOWS\system32\lsvrss.exe
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\DocumentInfo ==> c:\WINDOWS\system32\lsvrss.exe

Nama Virus : My Song.mp3
Keterangan :

# Icon Virus : mp3, Ukuran : 60 KB
# Membuat file berikut ini :
# c:\WINDOWS\system32\moviex.exe
# c:\WINDOWS\system32\sysconf.dlI
# c:\WINDOWS\system32\system.dlI
# c:\WINDOWS\system32\COMCTL32.PID
# Copy File ke Flashdisk dengan nama :
- My Song.mp3.exe (Dengan Icon Mp3)
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysData ==> C:\WINDOWS\System32\moviex.exe

Nama Virus : LayOut.htt
Keterangan :

- Icon : notepad, Ukuran : 103 KB
- Membuat file Windowsdir taskmgr.exe
- Membuat file layout.htt
- Membuat file system.exe

Nama Virus : Gadis Unmul
Keterangan :

- Icon : Folder, Ukuran : 72 KB
- Membuat file c:\unmul_gadis_pesan@@@.doc
- Membuat file [%WINDOWS%]\system\tsunnammii__B.exe
- Membuat file [%WINDOWS%]\tsunnammii__B.exe
- Membuat file [%SYSTEM%]\[%USERNAME%].exe
- Menambahkan My Document di Control Panel
- Menambahkan My Document di Desktop
- Menambahkan gadis_unmul di Startup

Nama Virus : Borlas / Animasi
Keterangan :

- Icon : Flash, Ukuran : 410KB
- Membuat file animasi.exe di semua drive
- Membuat file WindowsDir java\classes\Animasi.exe
- Membuat file WindowsDir security\Animasi.exe
- Membuat file WindowsDir resources\Oghie.exe
- Membuat file WindowsDir pchealth\Animasi.exe

Nama Virus : MooNlight
Keterangan :

- Membuat file [%WINDOWS%]\java\CLASES\BIN\csrss.exe
- Membuat file [%WINDOWS%]\Systask.exe
- Membuat file [%WINDOWS%]\system32\APPLOG\Sys\Winlogon.exe
- Membuat file [%WINDOWS%]\system32\run32dll.exe
- Membuat file [%WINDOWS%]\Brico.cmd
- Membuat file [%WINDOWS%]\COMMAND\SETRAMD.cmd
- Membuat file [%WINDOWS%]\system32\MySqld-nt.cmd
- Membuat file [%WINDOWS%]\system32\remotesp.cmd
- Membuat file c:\windows.scr Dengan Icon Folder
- Folder [%WINDOWS%] asli di Hidden
- Semua Folder di Flashdisk di Hidden
- Membuat File scr di Flashdisk dengan nama folder-folder di Flashdisk

Nama Virus : Shuriken3
Keterangan :

- Membuat file windows.exe di direktori windows
- Membuat loader di msconfig dengan item PROGRAM yang memanggil [%
window%]\windows.exe
- Membuat file (dengan icon folder) disemua folder di drive selain C:\ dengan ukuran 224 KB

Nama Virus : Patah Hati
Keterangan :

- Icon Virus : Folder, Ukuran : 88 KB
- Membuat file berikut ini di windows
c:\Program Files\Microsoft Office\Temp.exe
c:\WINDOWS\Help\user logon.exe
c:\WINDOWS\hkcmd.exe
c:\WINDOWS\system\Aku Bisa Tanpamu.exe
c:\WINDOWS\system\Aku Kecewa.exe
c:\WINDOWS\system\Dibalas Dengan Dusta.exe
c:\WINDOWS\system\ISASS.exe
c:\WINDOWS\system\Kau Pikir Kaulah Segalanya.exe
c:\WINDOWS\system\LNETINFO.exe
c:\WINDOWS\system\mr.abram\'s.exe
c:\WINDOWS\system\Sejauh Mungkin.exe
c:\WINDOWS\system\Tak Seperti Dulu.exe
c:\WINDOWS\system\Viva Elektro.exe
c:\WINDOWS\system.exe
c:\WINDOWS\system32\Patah_07065.exe
c:\WINDOWS\security\krnl32.bat
- Membuat file [My Documents.exe] di Desktop
- Membuat file [My Documents.exe] di Start Menu
- Membuat file [System startup.pif] di Start Up
- Membuat loader di msconfig dengan item [patah hati],[user logon]dan [HotKeysCmds]

Nama Virus : Ambon Manise
Keterangan :

- Icon Virus : Folder, Ukuran : 42 KB
- Membuat file berikut ini di windows
c:\WINDOWS\SVCHOST.EXE
c:\WINDOWS\system\SVCHOST.EXE
c:\WINDOWS\system32\EBRR.EXE
c:\WINDOWS\system32\mmtask.exe
- MengCopy file ke Flashdisk dengan nama :
Data.exe
Jangan Dihapus.exe
Agnes Monica.exe
Bekas Pacar.exe
Oh Cantiknya.exe
Penting!!!.exe
Dokumen Kerja.exe
Gambar.exe

Tinutuan_B AntiVirus

noreply@blogger.com (Anonymous) — Sat, 10 Feb 2007 14:16:00 +0000

May be someone need this antivirus...

Virus Name : Tinutuan_B

# Virus Icon: JPEG/ACDSee 7.0, size: 44 KB
I guess it is from the milu.bat

# will create this files :
# ?:\WINDOWS\system32\ganemo45.exe
# ?:\WINDOWS\system32\Kota-Tinu.exe
# ?:\WINDOWS\system32\kangkung45.exe
# ?:\WINDOWS\system32\sambiki45.exe
# ?:\WINDOWS\system32\drivers\gedi.exe
# ?:\Documents and Settings\USER\Local Settings\winfile.exe
# ?:\Documents and Settings\USER\My Documents\My Pictures\My Pictures.exe
# ?:\Documents and Settings\USER\My Documents\My Music\My Music.exe
# ?:\WINDOWS\system32\3D Screen Saver.scr
# ?:\WINDOWS\system32\MCR Screen Saver.scr
# ?:\WINDOWS\system32\Romantic Rapshody Saver.scr
# ?:\WINDOWS\system32\Laskar Cinta Saver.scr
# ?:\WINDOWS\system32\3D Animation Saver.scr
# ?:\Documents and Settings\USER\Start Menu\Programs\Startup\milu.bat
# ?:\TINUTUAN.TXT
# Loader : Winlogon Shell ==> ?:\WINDOWS\system32\drivers\gedi.exe
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\message ==> ?:\WINDOWS\System32\config\smss.cmd
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\manado-kota-tinutuan ==> ?:\WINDOWS\System32\Kota-Tinu.exe

Removir : http://www.macancrew.net/removir/Rem_Tinutuan_B.zip

****
Kill the loader
-Gedi.exe
-smss.cmd
-Kota-Tinu.exe

*** QUICKLY RESTART
- delete all files
-fix all the registry

* Winlogon Shell
-HKLM/SOFTWARE/MICROSOFT/WIndows NT/CurrentVersion/WinLogon