Indonesian's AntiVirus

noreply@blogger.com (Kurniawan) — Sat, 10 Feb 2007 14:17:00 +0000

May be someone need this information...
Just incase if someone need this help...

Nama Virus : Leena
Keterangan :

# Icon Virus : word, Ukuran : 76 KB ,File Ext : .exe
# Membuat file berikut ini :
# c:\Documents and Settings\All Users\Application Data\Normal.exe
# c:\Documents and Settings\[USER]\Local Settings\Application Data\[USER].task\services.exe
# c:\Documents and Settings\[USER]\Local Settings\Temp\lsass.exe
# c:\WINDOWS\ExeServ.exe
# C:\WINDOWS\System32\controls.exe
# c:\WINDOWS\system32\3D Soccer.scr
# C:\WINDOWS\Tasks\leena.job

Removir : http://www.macancrew.net/removir/mM_Removir.zip

Nama Virus : yogo / the greatless
Keterangan :

# Icon Virus : word, Ukuran : 64 KB ,File Ext : .scr
# Membuat file berikut ini :
# ?:\WINDOWS\system32\Msconfig.exe
# ?:\WINDOWS\LastGood\system32\regwiz.exe
# ?:\WINDOWS\MSGSRV32.COM
# ?:\WINDOWS\system32\KERNEL.VDX
# ?:\WINDOWS\system32\RPCSS.VDX
# ?:\WINDOWS\system32\CIRRUSX.OXC
# ?:\WINDOWS\system32\DDRAWXP.OXC

Removir : http://www.macancrew.net/removir/Rem_yogo.zip

Nama Virus : Tinutuan_B
Keterangan :

# Icon Virus : JPEG/ACDSee 7.0, Ukuran : 44 KB
# Membuat file berikut ini :
# ?:\WINDOWS\system32\ganemo45.exe
# ?:\WINDOWS\system32\Kota-Tinu.exe
# ?:\WINDOWS\system32\kangkung45.exe
# ?:\WINDOWS\system32\sambiki45.exe
# ?:\WINDOWS\system32\drivers\gedi.exe
# ?:\Documents and Settings\USER\Local Settings\winfile.exe
# ?:\Documents and Settings\USER\My Documents\My Pictures\My Pictures.exe
# ?:\Documents and Settings\USER\My Documents\My Music\My Music.exe
# ?:\WINDOWS\system32\3D Screen Saver.scr
# ?:\WINDOWS\system32\MCR Screen Saver.scr
# ?:\WINDOWS\system32\Romantic Rapshody Saver.scr
# ?:\WINDOWS\system32\Laskar Cinta Saver.scr
# ?:\WINDOWS\system32\3D Animation Saver.scr
# ?:\Documents and Settings\USER\Start Menu\Programs\Startup\milu.bat
# ?:\TINUTUAN.TXT
# Loader : Winlogon Shell ==> ?:\WINDOWS\system32\drivers\gedi.exe
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\message ==> ?:\WINDOWS\System32\config\smss.cmd
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\manado-kota-tinutuan ==> ?:\WINDOWS\System32\Kota-Tinu.exe

Removir : http://www.macancrew.net/removir/Rem_Tinutuan_B.zip

Nama Virus : My_Service
Keterangan :

# Icon Virus : Folder, Ukuran : 30 KB , File Ext : .exe
# Membuat file berikut ini :
# ?:\WINDOWS\lsass.exe
# ?:\WINDOWS\services.exe
# ?:\WINDOWS\smss.exe
# ?:\WINDOWS\WINDOWS.exe
# ?:\windows operation.exe
# ?:\WINDOWS\system32\services.com
# ?:\WINDOWS\system32\cmd.com
# ?:\WINDOWS\win.com
# ?:\WINDOWS\cmd.com
# ?:\Documents and Settings\USER\Local Settings\Application Data\system.com
# ?:\WINDOWS\system32\auto.bat
# Loader : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ini Service Ku ==> ?:\WINDOWS\system32\services.com

Removir : http://www.macancrew.net/removir/Rem_My_Service.zip

Nama Virus : mig2
Keterangan :

# Icon Virus : Folder, Ukuran : 129 KB , File Ext : .exe
# Membuat file berikut ini :
# Membuat Folder mig2 di tiap drive yg berisi New Folder.exe dan Folder.htt
# Membuat File ke tiap drive dengan nama : Data %USER%.exe
# ?:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\Startup .exe
# ?:\WINDOWS\system32\IExplorer.exe
# ?:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Startup\Startup .exe
# ?:\WINDOWS\WINDOWS .exe
# ?:\WINDOWS\mig2 .exe
# ?:\Documents and Settings\Default User\Start Menu\Programs\Startup\Startup .exe
# ?:\Documents and Settings\All Users\Start Menu\Programs\Startup\Empty .exe
# ?:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup .exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\WINLOGON.EXE
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\CSRSS.EXE
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\SERVICES.EXE
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\LSASS.EXE
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\SMSS.EXE
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\SERVICES .exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\LSASS .exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\WINLOGON .exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\CSRSS .exe
# ?:\Documents and Settings\[USER]\Start Menu\Programs\Startup\Startup .exe
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS ==> ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\WINLOGON.EXE\"
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Service[USER] ==> ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\SERVICES.EXE
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Logon[USER] ==> ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\CSRSS.EXE
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\System Monitoring ==> ?:\Documents and Settings\[USER]\Local Settings\Application Data\WINDOWS\LSASS.EXE

Removir : http://www.macancrew.net/removir/Rem_Mig2.zip

Nama Virus : Buff-exe
Keterangan :

# Icon Virus : Folder, Ukuran : 53 KB , File Ext : .exe
# Membuat file berikut ini :
# C:\buff.exe
# ?:\WINDOWS\system32\algserv.exe
# ?:\WINDOWS\system32\svcmain.exe
# ?:\WINDOWS\system32\vrsserv.exe
# Loader : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wmserv ==> ?:\WINDOWS\system32\svcmain.exe
# Loader : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\algserv ==> ?:\WINDOWS\system32\algserv.exe

Nama Virus : Bangsat_A
Keterangan :

# Icon Virus : Folder, Ukuran : 105 KB , File Ext : .exe
# Membuat file berikut ini :
# ?:\WINDOWS\security\System.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\smss.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\services.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\lsass.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\inetinfo.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\csrss.exe
# ?:\Documents and Settings\[USER]\Local Settings\Application Data\winlogon.exe
# ?:\Documents and Settings\[USER]\Templates\DIA 54TR10.com
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Remove 54tr10 ==> ?:\Documents and Settings\[USER]\Local Settings\Application Data\smss.exe
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\New Anti Virus ==> ?:\WINDOWS\Security\System.exe

Nama Virus : Flu_Ikan
Keterangan :

# Icon Virus : Folder, Ukuran : 76 KB
# Membuat File berikut ini :
c:\WINDOWS\FishDemon.exe
c:\WINDOWS\Help\(Nama file Random) mis : D85U68N85U.exe, J66T74E84B.exe, L78V76Q86N.exe
c:\WINDOWS\system32\config\(Nama file Random) mis : D85U68N85U.exe, J66T74E84B.exe, L78V76Q86N.exe
c:\aliases.ini
c:\script.ini
c:\Documents and Settings\[CURRENT_USER]\My Documents\Flu-Ikan.htm
# Loader di Msconfig :
- kebodohan
- pemalas
- mulut_besar
- otak_udang
# Men-Disable Klik-Kanan di Desktop & Windows Explorer
# Mengganti Tampilan Desktop Dengan ID Romantic Devil.R

Nama Virus : ABG-Aceh
Keterangan :

# Icon Virus : Folder, Ukuran : 220 KB
# Membuat File berikut ini :
C:\Program Files\Service.exe
C:\ABG-Aceh.exe
# Berusaha membuat File berikut ini :
D:\ABG-Aceh.exe
E:\ABG-Aceh.exe
F:\ABG-Aceh.exe
G:\ABG-Aceh.exe
H:\ABG-Aceh.exe
# Loader di Msconfig :
- Service App (memanggil C:\Program Files\Service.exe)

Nama Virus : SHELLYNT
Keterangan :

# Icon Virus : Setup/Installer, Ukuran : 23 KB
# Membuat File berikut ini :
- C:\WINDOWS\Config\smss.exe
- C:\WINDOWS\system32\config\systemprofile\Local Settings\services.exe
- C:\WINDOWS\system32\Rundll.exe
- C:\fix.com
- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe.pif
- C:\WINDOWS\check.pif
# Copy File ke Flashdisk dengan nama :
- Computer.exe (Dengan Icon File Setup/Installer)
# Loader di Msconfig :
- Shellynt
- Fault
# Mengubah Label Drive C:\ menjadi SHELLYNT

Nama Virus : Sensasi.A.5tr10
Keterangan :

# Icon Virus : Folder, Ukuran : 38 KB
# Membuat File berikut ini :
C:\Documents and Settings\USER\Local Settings\Application Data\csrss.exe
C:\Documents and Settings\USER\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\USER\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\USER\Local Settings\Application Data\services.exe
C:\Documents and Settings\USER\Local Settings\Application Data\smss.exe
C:\Documents and Settings\USER\Local Settings\Application Data\winlogon.exe
C:\WINDOWS\system32\Svchos.exe
C:\Documents and Settings\USER\Templates\54TR10 AJA.com
C:\WINDOWS\system32\USER\'s Setting.scr
C:\Documents and Settings\USER\Start Menu\Programs\Startup\Start.pif
# Loader di Msconfig :
- ADie suka kamu
- SaTRio ADie X

Keterangan :

# Icon Virus : Folder, Ukuran : 58 KB
# Membuat File berikut ini :
C:\Documents and Settings\USER\Desktop\Windows Explorer.exe
C:\Documents and Settings\USER\Start Menu\Programs\Startup\Romantic-Devil.R.exe
C:\Documents and Settings\USER\Templates\csrss.exe
C:\Documents and Settings\USER\Templates\inetinfo.exe
C:\Documents and Settings\USER\Templates\lsass.exe
C:\Documents and Settings\USER\Templates\services.exe
C:\Documents and Settings\USER\Templates\smss.exe
C:\Documents and Settings\USER\Templates\winlogon.exe
C:\WINDOWS\CintaButa.exe
C:\WINDOWS\eksplorasi.exe
C:\WINDOWS\FirstLove.exe
C:\WINDOWS\KesenjanganSosial.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\csrss.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\inetinfo.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\lsass.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\services.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\smss.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\winlogon.exe
# Loader di Msconfig :
- SysDiaz
- SysYuni
- SysRia
- SysDokterGila
- DllHost
- Pluto

Nama Virus : Kantuk
Keterangan :

# Icon Virus : Microsoft Word, Ukuran : 56 KB
# Membuat file berikut ini :
# C:\WINDOWS\system32\system.exe
# Copy File ke Flashdisk dengan nama :
- Kantuk.exe (Dengan Icon Microsoft Word)
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SymRun ==> C:\WINDOWS\System32\system.exe

Nama Virus : NewInfo
Keterangan :

# Icon Virus : Folder, Ukuran : 324 KB
# Membuat file berikut ini :
# c:\WINDOWS\system32\lsvrss.exe
# Copy File ke Flashdisk dengan nama :
- DocumentFolder.exe
- NewInfo.htm
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysIDstr ==> c:\WINDOWS\system32\lsvrss.exe
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\DocumentInfo ==> c:\WINDOWS\system32\lsvrss.exe

Nama Virus : My Song.mp3
Keterangan :

# Icon Virus : mp3, Ukuran : 60 KB
# Membuat file berikut ini :
# c:\WINDOWS\system32\moviex.exe
# c:\WINDOWS\system32\sysconf.dlI
# c:\WINDOWS\system32\system.dlI
# c:\WINDOWS\system32\COMCTL32.PID
# Copy File ke Flashdisk dengan nama :
- My Song.mp3.exe (Dengan Icon Mp3)
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysData ==> C:\WINDOWS\System32\moviex.exe

Nama Virus : LayOut.htt
Keterangan :

- Icon : notepad, Ukuran : 103 KB
- Membuat file Windowsdir taskmgr.exe
- Membuat file layout.htt
- Membuat file system.exe

Nama Virus : Gadis Unmul
Keterangan :

- Icon : Folder, Ukuran : 72 KB
- Membuat file c:\unmul_gadis_pesan@@@.doc
- Membuat file [%WINDOWS%]\system\tsunnammii__B.exe
- Membuat file [%WINDOWS%]\tsunnammii__B.exe
- Membuat file [%SYSTEM%]\[%USERNAME%].exe
- Menambahkan My Document di Control Panel
- Menambahkan My Document di Desktop
- Menambahkan gadis_unmul di Startup

Nama Virus : Borlas / Animasi
Keterangan :

- Icon : Flash, Ukuran : 410KB
- Membuat file animasi.exe di semua drive
- Membuat file WindowsDir java\classes\Animasi.exe
- Membuat file WindowsDir security\Animasi.exe
- Membuat file WindowsDir resources\Oghie.exe
- Membuat file WindowsDir pchealth\Animasi.exe

Nama Virus : MooNlight
Keterangan :

- Membuat file [%WINDOWS%]\java\CLASES\BIN\csrss.exe
- Membuat file [%WINDOWS%]\Systask.exe
- Membuat file [%WINDOWS%]\system32\APPLOG\Sys\Winlogon.exe
- Membuat file [%WINDOWS%]\system32\run32dll.exe
- Membuat file [%WINDOWS%]\Brico.cmd
- Membuat file [%WINDOWS%]\COMMAND\SETRAMD.cmd
- Membuat file [%WINDOWS%]\system32\MySqld-nt.cmd
- Membuat file [%WINDOWS%]\system32\remotesp.cmd
- Membuat file c:\windows.scr Dengan Icon Folder
- Folder [%WINDOWS%] asli di Hidden
- Semua Folder di Flashdisk di Hidden
- Membuat File scr di Flashdisk dengan nama folder-folder di Flashdisk

Nama Virus : Shuriken3
Keterangan :

- Membuat file windows.exe di direktori windows
- Membuat loader di msconfig dengan item PROGRAM yang memanggil [%
window%]\windows.exe
- Membuat file (dengan icon folder) disemua folder di drive selain C:\ dengan ukuran 224 KB

Nama Virus : Patah Hati
Keterangan :

- Icon Virus : Folder, Ukuran : 88 KB
- Membuat file berikut ini di windows
c:\Program Files\Microsoft Office\Temp.exe
c:\WINDOWS\Help\user logon.exe
c:\WINDOWS\hkcmd.exe
c:\WINDOWS\system\Aku Bisa Tanpamu.exe
c:\WINDOWS\system\Aku Kecewa.exe
c:\WINDOWS\system\Dibalas Dengan Dusta.exe
c:\WINDOWS\system\ISASS.exe
c:\WINDOWS\system\Kau Pikir Kaulah Segalanya.exe
c:\WINDOWS\system\LNETINFO.exe
c:\WINDOWS\system\mr.abram\'s.exe
c:\WINDOWS\system\Sejauh Mungkin.exe
c:\WINDOWS\system\Tak Seperti Dulu.exe
c:\WINDOWS\system\Viva Elektro.exe
c:\WINDOWS\system.exe
c:\WINDOWS\system32\Patah_07065.exe
c:\WINDOWS\security\krnl32.bat
- Membuat file [My Documents.exe] di Desktop
- Membuat file [My Documents.exe] di Start Menu
- Membuat file [System startup.pif] di Start Up
- Membuat loader di msconfig dengan item [patah hati],[user logon]dan [HotKeysCmds]

Nama Virus : Ambon Manise
Keterangan :

- Icon Virus : Folder, Ukuran : 42 KB
- Membuat file berikut ini di windows
c:\WINDOWS\SVCHOST.EXE
c:\WINDOWS\system\SVCHOST.EXE
c:\WINDOWS\system32\EBRR.EXE
c:\WINDOWS\system32\mmtask.exe
- MengCopy file ke Flashdisk dengan nama :
Data.exe
Jangan Dihapus.exe
Agnes Monica.exe
Bekas Pacar.exe
Oh Cantiknya.exe
Penting!!!.exe
Dokumen Kerja.exe
Gambar.exe

Tinutuan_B AntiVirus

noreply@blogger.com (Kurniawan) — Sat, 10 Feb 2007 14:16:00 +0000

May be someone need this antivirus...

Virus Name : Tinutuan_B

# Virus Icon: JPEG/ACDSee 7.0, size: 44 KB
I guess it is from the milu.bat

# will create this files :
# ?:\WINDOWS\system32\ganemo45.exe
# ?:\WINDOWS\system32\Kota-Tinu.exe
# ?:\WINDOWS\system32\kangkung45.exe
# ?:\WINDOWS\system32\sambiki45.exe
# ?:\WINDOWS\system32\drivers\gedi.exe
# ?:\Documents and Settings\USER\Local Settings\winfile.exe
# ?:\Documents and Settings\USER\My Documents\My Pictures\My Pictures.exe
# ?:\Documents and Settings\USER\My Documents\My Music\My Music.exe
# ?:\WINDOWS\system32\3D Screen Saver.scr
# ?:\WINDOWS\system32\MCR Screen Saver.scr
# ?:\WINDOWS\system32\Romantic Rapshody Saver.scr
# ?:\WINDOWS\system32\Laskar Cinta Saver.scr
# ?:\WINDOWS\system32\3D Animation Saver.scr
# ?:\Documents and Settings\USER\Start Menu\Programs\Startup\milu.bat
# ?:\TINUTUAN.TXT
# Loader : Winlogon Shell ==> ?:\WINDOWS\system32\drivers\gedi.exe
# Loader : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\message ==> ?:\WINDOWS\System32\config\smss.cmd
# Loader : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\manado-kota-tinutuan ==> ?:\WINDOWS\System32\Kota-Tinu.exe

Removir : http://www.macancrew.net/removir/Rem_Tinutuan_B.zip

****
Kill the loader
-Gedi.exe
-smss.cmd
-Kota-Tinu.exe

*** QUICKLY RESTART
- delete all files
-fix all the registry

* Winlogon Shell
-HKLM/SOFTWARE/MICROSOFT/WIndows NT/CurrentVersion/WinLogon

Kurniawan's Anti Virus

Indonesian's AntiVirus

Tinutuan_B AntiVirus