Setelah kemarin kita membahas pengenalan registry windows, kali ini saya akan mencoba menjelaskan pengertian dari Hive dan Value Entry yang kemarin belum saya jelaskan. Btw, sedikit sundulan dulu ah untuk keyword kontes seo aristia wida rukmi blog ini yag entah berada dimana posisi nya. Lanjuuut, pada postingan kemarin saya sudah sedikit menyinggung tentang Hive, pada umumnya dalam registry terdapat 5 macam hive yaitu : HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CURRENT_CONFIG.
Yup, lima hive tersebut lah yang biasa hadir dalam registry komputer kita semua. Sekarang apa seh kegunaan dari ke lima hive tersebut? dan apa saja value entry itu? Mau tau kegunaan dari 5 hive dan jenis dari valeu entry, yuk simak selanjutnya yup.
. HIVE.
* HKEY_CLASSES_ROOT : Merupakan Subkey dari HKEY_LOCAL_MACHINE\Software. Biasa digunakan untuk mengatur file asosiasi ketika kita membuka suatu file melalui windows explorer.
* HKEY_CURRENT_USER : Digunakan untuk menyimpan informasi konfigurasi dari user yang sedang aktif(logged on) saat ini. Pada key ini, dapat dilakukan pengaturan-pengaturan yang diantaranya adalah pengaturan seputar Folder, Control Panel, Windows Explorer dan tampilan layar yang digunakan oleh user tersebut, merupakan subkey dari HKEY_USERS.
* HKEY_LOCAL_MACHINE : Berisi informasi-informasi seputar hardware, software dan lain sebagainya yang terpasang dan mempunyai hubungan dengan windows anda. Key ini berlaku untuk semua user.
* HKEY_USERS : Merupakan induk dari HKEY_CURRENT_USER. Fungsinya adalah menyimpan informasi-informasi semua user yang ada di komputer tersebut.
* HKEY_CURRENT_CONFIG : Memuat informasi seputar profile hardware yang digunakan pada suatu komputer.
. Value Entry.
Value Entry terdiri dari 3 bagian, yaitu name, data type dan value atau nilai itu sendiri. Value yang paling sering digunakan untuk kegiatan manipulasi diantaranya adalah DWORD value, String Value dan Binary value. Berikut ini penjelasannya.
* DWORD Value atau REG_DWORD : Merupakan data dengan nilai 4 bytes. Walaupun demikian, nilai yang sering dipakai dalam DWORD value adalah nilai boolean, yaitu 1(benar) dan 0(salah).
* String Value atau REG_SZ : Merupakan jenis karakter biasa atau string standard yang umum digunakan oleh manusia.
* Binary Value atau REG_BINARY : Merupakan data atau nilai mentah seperti nilai yang dapat dipahami oleh komputer, yaitu biner. Informasi-informasi seputar Hardware diletakkan sebagai data biner, namun anda dapat melihatnya melalui registry editor dalam format hexadecimal.
Nah, itu semua deh hal-hal yang dapat saya jelaskan dalam mengenal hive dan value entry, dan mudah-mudahan dapat berguna bagi anda yang ingin mengetahui nya. Regards
Pengenalan Registry Windows
Setelah lama blog ini tidak terurus dan segala hal tentang virus maker saya pindah kan ke blog belajar dan berbagi masih dalam rangka mengembalikan kondisi blog ini seperti semula lagi. Jika dilihat pada keyword Kontes seo aristia wida rukmi, serp blog ini sangat jauh melorot. Btw, dalam teknik pembuatan virus batch file tentu saja kita harus mengenal yang nama nya Registry Windows, registry merupakan ruang kontrol utama dari sistem operasi windows.
Jika kita mencoba masuk pada ruang panas windows tersebut maka segala pengaturan terhadap Windows aka kita dapat lakukan dengan sangat leluasa. Karena registry windows merupakan ruang kontrol utama yang vital sehingga sudah menjadi rahasia umum apabila registry digunakan sebagai target utama serangan virus.
Bagaimana cara membuka registry tersebut? Coba disimak baik-baik, pertama anda sorot pada tombol Start dan cari Run, ketikkan Regedit pada kolom Run dan klik OK. Maka akan terlihat bukan susunan/struktur kode-kode dari registry, apa aja seh struktur yang ada dalam registry tersebut? Terdapat 2 unsur yang ada yaitu HIVE dan Value Entry. Hive merupakan sarang atau cabang utama dari Registry yang berfungsi untuk menangani kasus-kasus tertentu.
Pada Registry Editor, HIVE terletak di navigation area, tepanya jika dilihat berada di jendela sebelah kiri. Sedangkan pada Value Entry merupakan nilai yang dapat berfungsi sebagai sebuah perintah yang biasanya digunakan untuk melakukan aksi atau manipilasi tertentu dan terletak di jendela sebelah kanan(topic area).
Nah mungkin sampai disini dahulu pengenalan registry windows yang pertama, next saya akan mejelaskan lebih detail tentang HIVE dan Value Entry. Regards
Jika kita mencoba masuk pada ruang panas windows tersebut maka segala pengaturan terhadap Windows aka kita dapat lakukan dengan sangat leluasa. Karena registry windows merupakan ruang kontrol utama yang vital sehingga sudah menjadi rahasia umum apabila registry digunakan sebagai target utama serangan virus.
Bagaimana cara membuka registry tersebut? Coba disimak baik-baik, pertama anda sorot pada tombol Start dan cari Run, ketikkan Regedit pada kolom Run dan klik OK. Maka akan terlihat bukan susunan/struktur kode-kode dari registry, apa aja seh struktur yang ada dalam registry tersebut? Terdapat 2 unsur yang ada yaitu HIVE dan Value Entry. Hive merupakan sarang atau cabang utama dari Registry yang berfungsi untuk menangani kasus-kasus tertentu.
Pada Registry Editor, HIVE terletak di navigation area, tepanya jika dilihat berada di jendela sebelah kiri. Sedangkan pada Value Entry merupakan nilai yang dapat berfungsi sebagai sebuah perintah yang biasanya digunakan untuk melakukan aksi atau manipilasi tertentu dan terletak di jendela sebelah kanan(topic area).
Nah mungkin sampai disini dahulu pengenalan registry windows yang pertama, next saya akan mejelaskan lebih detail tentang HIVE dan Value Entry. Regards
Kontes SEO Aristia Wida Rukmi
Wow, sudah lama sekali blog tutorial ini tidak pernah saya update postingan akhirnya sekarang saya akan memulai kembali update nya dengan kontes seo pertama blog ini. Kontes seo ini diselenggarakan oleh gueadi.blogspot[dot]com dengan tema Kontes SEO Aristia Wida Rukmi. Terlihat jelas dari nama kontes ini adalah nama seorang gadis cantik yang berasal dari SMA Negeri 1 KarangAnyar yang merupakan mantan kekasih dari si bos adi ini.
Aristia Wida Rukmi, gadis cantik(katanya),pintar sampai-sampai ketika duduk di bangku SMP, aristia berhasil masuk Akselerasi(apaan seh tuh? jaman gw gak ada kayaknya). Ceritanya si bos adi ini melihat antusias besar dari para blogger yang sedang gemar-gemar nya mengikuti kontes tukang nggame dan wisata seo sadau, maka dari itulah si bos adi membuat kontes seo aristia wida rukmi ini.
Disamping karena kontes-kontes seo yang sedang marak-marak nya di dunia persilatan(Red=Blogger), si bos adi ini ternyata sangat mengagumi sosok dari aristia wida.
Dah ah basa-basi nya, kalau postingan blog ini terindeks dan terbaca bagi yang ingin mengikuti nya silahkan aja langsung tulis artikel dan optimalkan keyword "Kontes SEO Aristia Wida Rukmi" nya. Hadiah nya uang 100 ribu plus domain[dot]com gratis...tis.
Support "Kontes SEO Aristia Wida Rukmi".
Aristia Wida Rukmi, gadis cantik(katanya),pintar sampai-sampai ketika duduk di bangku SMP, aristia berhasil masuk Akselerasi(apaan seh tuh? jaman gw gak ada kayaknya). Ceritanya si bos adi ini melihat antusias besar dari para blogger yang sedang gemar-gemar nya mengikuti kontes tukang nggame dan wisata seo sadau, maka dari itulah si bos adi membuat kontes seo aristia wida rukmi ini.
Disamping karena kontes-kontes seo yang sedang marak-marak nya di dunia persilatan(Red=Blogger), si bos adi ini ternyata sangat mengagumi sosok dari aristia wida.
Dah ah basa-basi nya, kalau postingan blog ini terindeks dan terbaca bagi yang ingin mengikuti nya silahkan aja langsung tulis artikel dan optimalkan keyword "Kontes SEO Aristia Wida Rukmi" nya. Hadiah nya uang 100 ribu plus domain[dot]com gratis...tis.
Support "Kontes SEO Aristia Wida Rukmi".
Tutorial Batch File Programing 2
Setelah kita belajar menggunakan perintah dasar batch file menggunakan "echo" sekarang waktu nya kita melakukan penggabungan dengan perintah-perintah internal. Dalam tutorial ini kita hanya perlu memasukkan perintah-perintah apa saja yang akan kita gunakan nantinya.
Yuuk, kita langsung pada tutorial nya.
1. Pada file yang telah kita buat dalam Perintah Batch file yang lalu bernama Coba1.bat coba anda tambahkan perintah "dir > latihan.txt" tepat diatas perintah "pause". Perintah ini berfungsi untuk membuat sebuah file baru bernama "latihan.txt" dan kemudian mengisinya dengan hasil dari perintah "dir" pada folder yang aktif saat itu sehingga script pada file Coba1.bat anda akan menjadi seperti ini.
Echo off
cls
Echo halo semuaa....
Dir > latihan.txt
Pause
2. Anda simpan hasil tersebut dengan nama yang sama dan coba anda jalankan.
3. Coba anda perhatikan pada jendela Command Prompt yang muncul. Tidak akan terlihat adanya efek yang berpengaruh dengan ditambahkan nya perintah "dir > latihan.txt". Di jendela Command Prompt memang tidak akan terlihat efek yang terjadi, tapi coba anda buka Windows Explorer kemudian anda perhatikan di folder tempat anda menyimpan file Coba1.bat disimpan. Pada folder tersebut akan muncul sebuah file bernama "latihan.txt". Anda klik pada file tersebut untuk melihat isi nya. Jika dilihat isi file tersebut adalah daftar nama file dan folder serta informasi lain seputar direktori anda. Ketemu kan efek nya dari penambahan perintah
"dir > latihan.txt".
4. Selain anda menggunakan perintah "dir" sekarang cobalah menambahkan perintah "copy" untuk menyalin file "laporan.txt" ke Drive C.
5. Anda hapus file "latihan.txt" pada folder yang pertama. Setelah melakukan kedua perintah tersebut maka listing program yang anda buat akan tampak seperti ini.
Echo off
cls
Echo halo semuaa....
Dir > latihan.txt
Copy latihan.txt C:\
Del laporan.txt
Pause
6. Anda simpan perubahan tersebut dengan nama yang sama dan anda coba jalankan.
7. Pada jendela Command Prompt yang muncul akan terlihat penjelasan "1 file(s) copied". Penjelasan tersebut menandakan bahwa telah dilakukan nya penyalinan sebanyak 1 file. Kemudian anda periksa pada drive C anda apakah ada file hasil salinan dari "latihan.txt" dan anda lakukan juga pengechekan pada folder penyimpanan pertama file Coba1.bat anda. Apabila berhasil akan tampak file "latihan.txt" pada drive C anda dan akan hilang file "latihan.txt" pada folder penyimpanan pertama anda.
Nah dengan beberapa langkah tersebut anda dapat membuat sebuah virus kecil-kecilan, ya seperti memindahkan file tanpa diketahui. Jika belum berhasil coba anda check ulang kembali isi file Coba1.bat dan ikuti langkah-langkah mulai dari atas.
Semoga Tutorial Batch File Programing 2 ini berguna bagi anda. Next kita akan membahas tutorial batch file menggunakan perintah eksternal. Regards.
Sumber Buku Belajar Membuat Virus.
Yuuk, kita langsung pada tutorial nya.
1. Pada file yang telah kita buat dalam Perintah Batch file yang lalu bernama Coba1.bat coba anda tambahkan perintah "dir > latihan.txt" tepat diatas perintah "pause". Perintah ini berfungsi untuk membuat sebuah file baru bernama "latihan.txt" dan kemudian mengisinya dengan hasil dari perintah "dir" pada folder yang aktif saat itu sehingga script pada file Coba1.bat anda akan menjadi seperti ini.
Echo off
cls
Echo halo semuaa....
Dir > latihan.txt
Pause
2. Anda simpan hasil tersebut dengan nama yang sama dan coba anda jalankan.
3. Coba anda perhatikan pada jendela Command Prompt yang muncul. Tidak akan terlihat adanya efek yang berpengaruh dengan ditambahkan nya perintah "dir > latihan.txt". Di jendela Command Prompt memang tidak akan terlihat efek yang terjadi, tapi coba anda buka Windows Explorer kemudian anda perhatikan di folder tempat anda menyimpan file Coba1.bat disimpan. Pada folder tersebut akan muncul sebuah file bernama "latihan.txt". Anda klik pada file tersebut untuk melihat isi nya. Jika dilihat isi file tersebut adalah daftar nama file dan folder serta informasi lain seputar direktori anda. Ketemu kan efek nya dari penambahan perintah
"dir > latihan.txt".
4. Selain anda menggunakan perintah "dir" sekarang cobalah menambahkan perintah "copy" untuk menyalin file "laporan.txt" ke Drive C.
5. Anda hapus file "latihan.txt" pada folder yang pertama. Setelah melakukan kedua perintah tersebut maka listing program yang anda buat akan tampak seperti ini.
Echo off
cls
Echo halo semuaa....
Dir > latihan.txt
Copy latihan.txt C:\
Del laporan.txt
Pause
6. Anda simpan perubahan tersebut dengan nama yang sama dan anda coba jalankan.
7. Pada jendela Command Prompt yang muncul akan terlihat penjelasan "1 file(s) copied". Penjelasan tersebut menandakan bahwa telah dilakukan nya penyalinan sebanyak 1 file. Kemudian anda periksa pada drive C anda apakah ada file hasil salinan dari "latihan.txt" dan anda lakukan juga pengechekan pada folder penyimpanan pertama file Coba1.bat anda. Apabila berhasil akan tampak file "latihan.txt" pada drive C anda dan akan hilang file "latihan.txt" pada folder penyimpanan pertama anda.
Nah dengan beberapa langkah tersebut anda dapat membuat sebuah virus kecil-kecilan, ya seperti memindahkan file tanpa diketahui. Jika belum berhasil coba anda check ulang kembali isi file Coba1.bat dan ikuti langkah-langkah mulai dari atas.
Semoga Tutorial Batch File Programing 2 ini berguna bagi anda. Next kita akan membahas tutorial batch file menggunakan perintah eksternal. Regards.
Sumber Buku Belajar Membuat Virus.
Conficker.C
We've been tracking the Conficker worm since it launched itself into the wild last November; despite the best efforts of security officials worldwide, the worm still hasn't been completely crushed. The original flavor and its nastier follow-up (Conficker.A and Conficker.B) have been locked down, but the worm's creators have a third version (Conficker.C, naturally) prepared to hit the tubes come April 1. The new "C" twist won't have all of the tools "B" used to replicate, but it will be able to detect and kill certain system processes designed to find and remove it.
Ars spoke with Don DeBolt, CA's Director of Threat Research, to get some additional information on Conficker.C, its threat profile, and why the gosh-darned thing isn't dead yet. CA (formerly Computer Associates) has published an extensive guide to Conficker.C, which includes information on its attack vectors, behavioral analysis, and how to tell if the "C" variant of Conficker is running on your system. This last part could pose a challenge—unlike previous versions, C adopts what DeBolt refers to as a "defensive stance" and throws up a number of roadblocks, all of which are aimed at hindering user detection of the worm.
The security industry was collectively able to put the brakes on Conficker.B's expansion when they managed to reverse-engineer the virus and determine which domains it would attempt to register and dial home to on particular dates. With Conficker.A and B, the worm chose to contact 32 addresses out of a possible 250 on any given attempt. With their algorithm broken, the malware authors went a step beyond updating their randomization/selection code—they also vastly increased both the number of domains the worm could generate as well as the number it will randomly select. Conficker.C will select 500 domains out of a randomized pool of 50,000 instead of the previous 32/250.
This will drive up the cost of operating the botnet (we've previously covered how vulnerable malware networks can be to changes in their cost structure) but will also significantly increase the cost of attempting to monitor and prevent botnet registrations, even once the randomizing algorithm has been broken.
Once installed, Conficker.C implements a variety of nasty behaviors. The worm will attempt to disable Windows Automatic Update and stop access to the Windows Security Center, can detect and kill SysInternals' Process Explorer program, and will interfere with the operation of a number of other search-and-destroy programs including WireShark and SysClean.
It will also reset and delete system restore points, disable various services (including WinDefend, BITS (Background Intelligent Transfer Service) ERSvc (Error Reporting Service) and WerSvc (Windows Error Reporting Service, Vista-only). In a final fit of pique, Conficker.C will prevent any attempt to connect to a variety of antivirus software services or websites. This behavior is nothing new to malware in general, but it's the first time we've seen it from our Conf(l)ickt-causing little friend.
The security industry's battle against Conficker is unlikely to resolve this go-round—we'll probably see at least a "D" variant before this is done—but DeBolt believes the coordinated response and organized counter-attack from Team White Hat has dramatically retarded the virus' ability to infect new systems. In the meantime, Romanian researchers from BitDefender have released a tool that should remove Conficker, though it's not clear if this will clean versions A, B, and C, or just the first two.
From : ars technica
Ars spoke with Don DeBolt, CA's Director of Threat Research, to get some additional information on Conficker.C, its threat profile, and why the gosh-darned thing isn't dead yet. CA (formerly Computer Associates) has published an extensive guide to Conficker.C, which includes information on its attack vectors, behavioral analysis, and how to tell if the "C" variant of Conficker is running on your system. This last part could pose a challenge—unlike previous versions, C adopts what DeBolt refers to as a "defensive stance" and throws up a number of roadblocks, all of which are aimed at hindering user detection of the worm.
The security industry was collectively able to put the brakes on Conficker.B's expansion when they managed to reverse-engineer the virus and determine which domains it would attempt to register and dial home to on particular dates. With Conficker.A and B, the worm chose to contact 32 addresses out of a possible 250 on any given attempt. With their algorithm broken, the malware authors went a step beyond updating their randomization/selection code—they also vastly increased both the number of domains the worm could generate as well as the number it will randomly select. Conficker.C will select 500 domains out of a randomized pool of 50,000 instead of the previous 32/250.
This will drive up the cost of operating the botnet (we've previously covered how vulnerable malware networks can be to changes in their cost structure) but will also significantly increase the cost of attempting to monitor and prevent botnet registrations, even once the randomizing algorithm has been broken.
Once installed, Conficker.C implements a variety of nasty behaviors. The worm will attempt to disable Windows Automatic Update and stop access to the Windows Security Center, can detect and kill SysInternals' Process Explorer program, and will interfere with the operation of a number of other search-and-destroy programs including WireShark and SysClean.
It will also reset and delete system restore points, disable various services (including WinDefend, BITS (Background Intelligent Transfer Service) ERSvc (Error Reporting Service) and WerSvc (Windows Error Reporting Service, Vista-only). In a final fit of pique, Conficker.C will prevent any attempt to connect to a variety of antivirus software services or websites. This behavior is nothing new to malware in general, but it's the first time we've seen it from our Conf(l)ickt-causing little friend.
The security industry's battle against Conficker is unlikely to resolve this go-round—we'll probably see at least a "D" variant before this is done—but DeBolt believes the coordinated response and organized counter-attack from Team White Hat has dramatically retarded the virus' ability to infect new systems. In the meantime, Romanian researchers from BitDefender have released a tool that should remove Conficker, though it's not clear if this will clean versions A, B, and C, or just the first two.
From : ars technica
Fake Windows Support Spam
This is probably the type of support one wouldn’t want to have.
Spammed email messages were found pretending to come from Microsoft Windows Support and claiming that Microsoft Service Pack 1 and Service Pack 2 have been discovered to have an error that can damage the computer’s software or even the hardware.
Figure 1. Spammed messages purporting to come from Windows Support
These messages encourage users to download and install a file in order to fix the problem. When users click the download button they are redirected to a site and are asked to download a file which Trend Micro detects as TROJ_DLOADER.CUT.
Figure 2. User is prompted to download a malicious file
TROJ_DLOADER.CUT connects to a certain URL to download another malicious file, which in turn is detected by Trend Micro as TSPY_BANKER.MCL. TSPY_BANKER.MCL monitors the affected user’s online transactions and steals banking related information.
Not too many TSPY_BANKER variants have been reported to be related to notable attacks recently, and this incident may pretty much mark the end of the hiatus. Users are advised to ignore spammed messages and, more importantly, to never click links embedded in these messages.
Trend Micro users are protected from this attack by the Smart Protection Network, as the related files, spam, and URL are already detected and blocked.
Read more: "Fake Windows Support Spam Brings Forth an Info-Stealer | Malware Blog | Trend Micro"
Spammed email messages were found pretending to come from Microsoft Windows Support and claiming that Microsoft Service Pack 1 and Service Pack 2 have been discovered to have an error that can damage the computer’s software or even the hardware.
These messages encourage users to download and install a file in order to fix the problem. When users click the download button they are redirected to a site and are asked to download a file which Trend Micro detects as TROJ_DLOADER.CUT.
TROJ_DLOADER.CUT connects to a certain URL to download another malicious file, which in turn is detected by Trend Micro as TSPY_BANKER.MCL. TSPY_BANKER.MCL monitors the affected user’s online transactions and steals banking related information.
Not too many TSPY_BANKER variants have been reported to be related to notable attacks recently, and this incident may pretty much mark the end of the hiatus. Users are advised to ignore spammed messages and, more importantly, to never click links embedded in these messages.
Trend Micro users are protected from this attack by the Smart Protection Network, as the related files, spam, and URL are already detected and blocked.
Read more: "Fake Windows Support Spam Brings Forth an Info-Stealer | Malware Blog | Trend Micro"
Malware Info: February 2009
Two Top Twenties have been compiled from data generated by the Kaspersky Security Network (KSN) throughout February 2009.
The first Top Twenty is based on data collected by Kaspersky Lab’s version 2009 antivirus product. The ranking is made up of the malicious programs, adware and potentially unwanted programs most frequently detected on users’ computers.
Posisition............
1. Virus.Win32.Sality.aa
2. Net-Worm.Win32.Kido.ih
3. Packed.Win32.Krap.b
4. Packed.Win32.Black.a
5. Trojan.Win32.Autoit.ci
6. Worm.Win32.AutoRun.dui
7. Packed.Win32.Krap.g
8. Trojan-Downloader.Win32.VB.eql
9. Packed.Win32.Klone.bj
10. Virus.Win32.Alman.b
11. Trojan-Downloader.WMA.GetCodec.c
12. Worm.Win32.Mabezat.b
13. Trojan-Downloader.JS.SWFlash.ak
14. Worm.Win32.AutoIt.ar
15. Virus.Win32.Sality.z
16. Trojan-Downloader.JS.SWFlash.aj
17. Email-Worm.Win32.Brontok.q
18. Packed.Win32.Tdss.c
19. Worm.Win32.AutoIt.i
20. Trojan-Downloader.WMA.GetCodec.u
February’s Top Twenty features a number of important changes compared to our previous rankings.
First of all, the network worm Kido, which caused an epidemic that started in January and is still going strong, has gained impressive ground. Detection routines for this worm were added to antivirus databases in mid-January, and therefore the bulk of infected files were detected in February.
Secondly, there are three interesting newcomers to the ranking: Packed.Win32.Krap.g, Packed.Win32.Klone.bj and Packed.Win32.Tdss.c. These are associated, respectively, with detections for:
* a variant of a compression utility (packer) for Magania Trojans – a very common family which steals passwords to online games.
* a certain type of obfuscation for AutoIt scripts. Notably, the functionality of the original scripts is limited only by the constraints of the script language itself.
* an entire class of programs encrypted using the new malicious packer TDSS.
The last of the three pieces of malware is interesting in that the original, unencrypted malicious programs can be of any type, including but not limited to Trojans, worms and rootkits.
Trojan-Downloader.WMA.GetCodec.r, which gained 10 positions in January, was replaced in February by a similar multimedia downloader, GetCodec.u, while last month’s newcomer, Exploit.JS.Agent.aak, was superseded by two script downloaders, SWFlash.aj и SWFlash.ak, which take advantage of various Flash Player vulnerabilities.
All malicious, advertising and potentially unwanted programs in the first Top Twenty can be grouped according to the main classes of threats which we detect. There has been almost no shift in the balance between these classes since January. Statistics for the past several months show that the number of self-replicating programs has remained uniformly high.
In total, 45396 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers in February. This is not significantly different from last month’s figure.
The second Top Twenty presents data on which malicious programs most commonly infected objects detected on users’ computers. Malicious programs capable of infecting files make up the majority of this ranking.
Position....
1. Virus.Win32.Sality.aa
2. Worm.Win32.Mabezat.b
3. Net-Worm.Win32.Nimda
4. Virus.Win32.Virut.ce
5. Virus.Win32.Xorer.du
6. Virus.Win32.Sality.z
7. Virus.Win32.Alman.b
8. Virus.Win32.Parite.b
9. Trojan-Clicker.HTML.IFrame.acy
10. Trojan-Downloader.HTML.Agent.ml
11. Virus.Win32.Virut.n
12. Virus.Win32.Virut.q
13. Virus.Win32.Parite.a
14. Email-Worm.Win32.Runouce.b
15. P2P-Worm.Win32.Bacteraloh.h
16. Virus.Win32.Hidrag.a
17. Worm.Win32.Fujack.k
18. Virus.Win32.Neshta.a
19. Virus.Win32.Small.l
20. P2P-Worm.Win32.Deecee.a
The second Top Twenty includes an important newcomer – Virus.Win32.Virut.ce, a new variant of the sophisticated polymorphic virus Virut. This modification features, among other things, infection of HTML files on the user’s computer with a malicious iframe block. Such pages are detected by our antivirus product as Trojan-Clicker.HTML.IFrame.acy. In February, the number of files infected using this method was quite large. The symbiosis between Virus.Win32.Virut.ce and Trojan-Clicker.HTML.IFrame.acy has resulted in the two malicious programs ranking 4th and 9th respectively.
It should also be noted that, although the Sality family is still prominent in the ranking, no new variants of this dangerous malicious program have been detected. This, of course, is not the case with the Virut family mentioned above.
From : www.kaspersky.com
The first Top Twenty is based on data collected by Kaspersky Lab’s version 2009 antivirus product. The ranking is made up of the malicious programs, adware and potentially unwanted programs most frequently detected on users’ computers.
Posisition............
1. Virus.Win32.Sality.aa
2. Net-Worm.Win32.Kido.ih
3. Packed.Win32.Krap.b
4. Packed.Win32.Black.a
5. Trojan.Win32.Autoit.ci
6. Worm.Win32.AutoRun.dui
7. Packed.Win32.Krap.g
8. Trojan-Downloader.Win32.VB.eql
9. Packed.Win32.Klone.bj
10. Virus.Win32.Alman.b
11. Trojan-Downloader.WMA.GetCodec.c
12. Worm.Win32.Mabezat.b
13. Trojan-Downloader.JS.SWFlash.ak
14. Worm.Win32.AutoIt.ar
15. Virus.Win32.Sality.z
16. Trojan-Downloader.JS.SWFlash.aj
17. Email-Worm.Win32.Brontok.q
18. Packed.Win32.Tdss.c
19. Worm.Win32.AutoIt.i
20. Trojan-Downloader.WMA.GetCodec.u
February’s Top Twenty features a number of important changes compared to our previous rankings.
First of all, the network worm Kido, which caused an epidemic that started in January and is still going strong, has gained impressive ground. Detection routines for this worm were added to antivirus databases in mid-January, and therefore the bulk of infected files were detected in February.
Secondly, there are three interesting newcomers to the ranking: Packed.Win32.Krap.g, Packed.Win32.Klone.bj and Packed.Win32.Tdss.c. These are associated, respectively, with detections for:
* a variant of a compression utility (packer) for Magania Trojans – a very common family which steals passwords to online games.
* a certain type of obfuscation for AutoIt scripts. Notably, the functionality of the original scripts is limited only by the constraints of the script language itself.
* an entire class of programs encrypted using the new malicious packer TDSS.
The last of the three pieces of malware is interesting in that the original, unencrypted malicious programs can be of any type, including but not limited to Trojans, worms and rootkits.
Trojan-Downloader.WMA.GetCodec.r, which gained 10 positions in January, was replaced in February by a similar multimedia downloader, GetCodec.u, while last month’s newcomer, Exploit.JS.Agent.aak, was superseded by two script downloaders, SWFlash.aj и SWFlash.ak, which take advantage of various Flash Player vulnerabilities.
All malicious, advertising and potentially unwanted programs in the first Top Twenty can be grouped according to the main classes of threats which we detect. There has been almost no shift in the balance between these classes since January. Statistics for the past several months show that the number of self-replicating programs has remained uniformly high.
In total, 45396 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers in February. This is not significantly different from last month’s figure.
The second Top Twenty presents data on which malicious programs most commonly infected objects detected on users’ computers. Malicious programs capable of infecting files make up the majority of this ranking.
Position....
1. Virus.Win32.Sality.aa
2. Worm.Win32.Mabezat.b
3. Net-Worm.Win32.Nimda
4. Virus.Win32.Virut.ce
5. Virus.Win32.Xorer.du
6. Virus.Win32.Sality.z
7. Virus.Win32.Alman.b
8. Virus.Win32.Parite.b
9. Trojan-Clicker.HTML.IFrame.acy
10. Trojan-Downloader.HTML.Agent.ml
11. Virus.Win32.Virut.n
12. Virus.Win32.Virut.q
13. Virus.Win32.Parite.a
14. Email-Worm.Win32.Runouce.b
15. P2P-Worm.Win32.Bacteraloh.h
16. Virus.Win32.Hidrag.a
17. Worm.Win32.Fujack.k
18. Virus.Win32.Neshta.a
19. Virus.Win32.Small.l
20. P2P-Worm.Win32.Deecee.a
The second Top Twenty includes an important newcomer – Virus.Win32.Virut.ce, a new variant of the sophisticated polymorphic virus Virut. This modification features, among other things, infection of HTML files on the user’s computer with a malicious iframe block. Such pages are detected by our antivirus product as Trojan-Clicker.HTML.IFrame.acy. In February, the number of files infected using this method was quite large. The symbiosis between Virus.Win32.Virut.ce and Trojan-Clicker.HTML.IFrame.acy has resulted in the two malicious programs ranking 4th and 9th respectively.
It should also be noted that, although the Sality family is still prominent in the ranking, no new variants of this dangerous malicious program have been detected. This, of course, is not the case with the Virut family mentioned above.
From : www.kaspersky.com
Koobface Worm Attack Facebook
I just received a Facebook message from a friend; it was a pretty standard one that is beginning to look familiar to a lot of us I am sure
What surprised me though, was the page that the link led to. On the face of it is a very familiar looking spoofed version of YouTube, complete with bogus comments from “viewers”.
Take a second look though, the link had taken me to a site supposedly hosting a video posted by the same person that I had received the Facebook message from. In fact not only was the malicious landing page displaying his name, it had also pulled the photo from his Facebook profile. A very neat little piece of social engineering.
Clicking the Install button redirects to a download site for the file setup.exe which is the new Koobface variant detected as WORM_KOOBFACE.AZ. It is hosted on an IP address in another part of the world, and in the last hour, we’ve seen 300+ different unique IP addresses hosting setup.exe and we’re expecting more. All seen IP addresses hosting the said malicious file are now detected as HTML_KOOBFACE.BA.
Analysis by our engineers reveal that WORM_KOOBFACE.AZ propagates through other social networking sites as well. It first searches for cookies created by the following sites:
* facebook.com
* hi5.com
* friendster.com
* myyearbook.com
* myspace.com
* bebo.com
* tagged.com
* netlog.com
* fubar.com
* livejournal.com
The worm connects to a respective site using login credentials stored in the gathered cookies. It then searches for an infected user’s friends, who are then sent messages containing a link where a copy of the worm is downloaded. It also sends and receives information from an infected machine by connecting to several servers. This allows hackers to execute commands on the affected machine.
Users of the Trend Micro Smart Protection Network are protected from this threat, as both URL and malicious file are blocked and detected, respectively. Other users are advised to ignore such messages, and refrain from clicking links in unsolicited messages, even out of curiosity.
Read more: "Koobface Worm Spreading on Facebook | Malware Blog | Trend Micro"
What surprised me though, was the page that the link led to. On the face of it is a very familiar looking spoofed version of YouTube, complete with bogus comments from “viewers”.
Take a second look though, the link had taken me to a site supposedly hosting a video posted by the same person that I had received the Facebook message from. In fact not only was the malicious landing page displaying his name, it had also pulled the photo from his Facebook profile. A very neat little piece of social engineering.
Clicking the Install button redirects to a download site for the file setup.exe which is the new Koobface variant detected as WORM_KOOBFACE.AZ. It is hosted on an IP address in another part of the world, and in the last hour, we’ve seen 300+ different unique IP addresses hosting setup.exe and we’re expecting more. All seen IP addresses hosting the said malicious file are now detected as HTML_KOOBFACE.BA.
Analysis by our engineers reveal that WORM_KOOBFACE.AZ propagates through other social networking sites as well. It first searches for cookies created by the following sites:
* facebook.com
* hi5.com
* friendster.com
* myyearbook.com
* myspace.com
* bebo.com
* tagged.com
* netlog.com
* fubar.com
* livejournal.com
The worm connects to a respective site using login credentials stored in the gathered cookies. It then searches for an infected user’s friends, who are then sent messages containing a link where a copy of the worm is downloaded. It also sends and receives information from an infected machine by connecting to several servers. This allows hackers to execute commands on the affected machine.
Users of the Trend Micro Smart Protection Network are protected from this threat, as both URL and malicious file are blocked and detected, respectively. Other users are advised to ignore such messages, and refrain from clicking links in unsolicited messages, even out of curiosity.
Read more: "Koobface Worm Spreading on Facebook | Malware Blog | Trend Micro"
EAV Antivirus Suite
Saat ini mungkin di komputer Anda telah terpasang software antivirus yang
banyak dijumpai secara umum.
Tapi apakah Anda yakin software antivirus
tersebut dapat mendeteksi virus yang ada di komputer Anda ?
Untuk dapat meyakinkan, Anda dapat menggunakan software EAV Antivirus Suite
untuk mendeteksi dan menghapus virus seperti trojan, spywares, adware, dan
virus macro di dalam komputer Anda.
Software antivirus tersebut menginisialisasikan sistem yang diberi nama Guard Ghost
yang mengawasi dan memonitor semua proses yang berjalan di dalam
sistem memory, file Windows, dan port yang terbuka.
Sistem Guard Ghost ini bekerja di latar belakang untuk
mencari serangan worm dan trojan pada saat–saat tertentu.
Bila virus atau trojan terdeteksi, biarpun tersembunyi di dalam program lain, maka
EAV Antivirus Suite akan menampilkan sinyal peringatan dan akan menghapusnya.
Serta software tersebut akan membersihkan semua sistem virus
yang terhubung dengan mata rantai file yang terdeteksi virus.
Situs Web
www.your-soft.com
banyak dijumpai secara umum.
Tapi apakah Anda yakin software antivirus
tersebut dapat mendeteksi virus yang ada di komputer Anda ?
Untuk dapat meyakinkan, Anda dapat menggunakan software EAV Antivirus Suite
untuk mendeteksi dan menghapus virus seperti trojan, spywares, adware, dan
virus macro di dalam komputer Anda.
Software antivirus tersebut menginisialisasikan sistem yang diberi nama Guard Ghost
yang mengawasi dan memonitor semua proses yang berjalan di dalam
sistem memory, file Windows, dan port yang terbuka.
Sistem Guard Ghost ini bekerja di latar belakang untuk
mencari serangan worm dan trojan pada saat–saat tertentu.
Bila virus atau trojan terdeteksi, biarpun tersembunyi di dalam program lain, maka
EAV Antivirus Suite akan menampilkan sinyal peringatan dan akan menghapusnya.
Serta software tersebut akan membersihkan semua sistem virus
yang terhubung dengan mata rantai file yang terdeteksi virus.
Situs Web
www.your-soft.com
Perintah Batch file
Perintah Batch File merupakan perintah dasar yang ada pada sistem operasi Windows, tentunya anda semua sudah faham akan beberapa perintah dasar Batch yang ada di komputer anda. Dengan mempelajari beberapa perintah batch pada komputer nantinya anda
akan bisa membuat sebuah program penolong ataupun program penghancur(red=Virus)yang tidak kalah keren dengan VBscript.
Saya disini mencoba membuat perintah batch menggunakan echo, tahu kan kan cara bikinnya bagaimana?
Sekarang coba buka notepad nya semua, saya sarankan anda memakai Notepad++ agar lebih keren gitu dan lebih kumplit lagi sintaks nya, :D
sudah kan, Pertama coba anda ketikkan perintah seperti ini :
Echo halo semua...
Perintah Echo ini berfungsi untuk menampilkan pesan, komentar atau keterangan dan lain-lain yang diberikan oleh user ketika berada dalam kondisi tertentu.
Yang kedua anda simpan perintah tadi yang sudah diketik dengan nama Coba1.bat.
Ketiga coba anda jalankan file Coba1.bat...
jreng...jreng ada hasilnya kan??
Pasti ada dong, jendela command prompt muncul sebentar terus
eh hilang lagi deh ya kan??
Bingung tidak bisa melihat apa isi dari command prompt tadi, okeh deh saya akan sedikit berbagi tips nya agar jendela command prompt tadi tidak tertutup dengan cepat, caranya..
Edit file Coba1.bat yang tadi,
tambahkan kata Pause dibawah tulisan echo halo.....
seperti ini.
Echo halo semua...
Pause
Sudah belum? kalau sudah anda simpan lagi dengan nama
yang sama dan coba jalankan.
Terulang lagi seperti yang tadi?
Tapi ada sedikit perbedaan pasti, jendela command prompt tidak langsung hilang, coba sekarang anda tekan sembarang tombol hilang deh.hehehhe
Sekarang dapat kita ketahui bahwa perintah Pause di batch file tadi berfungsi untuk menghentikan proses sementara waktu, dan akan berjalan kembali setelah ada perintah
masukan(Penekanan Tombol).
Lanjut, sekarang kita buat agar tampilan command prompt nya lebih berbeda, coba anda tambahkan perintah "Echo Off" tanpa tanda kutip loh seperti ini :
Echo off
Echo halo semua...
Pause
Perlu anda ingat tulis di file Coba1.bat yang tadi. anda simpan file Coba1.bat yang telah di edit dan jalankan.... Nah kan tampilan nya berubah lebih enak dilihat.
Sekarang kita belajar membuat lebih rapih lagi, hanya dengan menambahkan perintah "CLS" pada file Coba1.bat seperti ini contohnya..
Echo off
cls
Echo halo semua...
Pause
Coba anda save dan jalankan deh, berbeda kan tampilan command prompt
nya.
Oke deh sampai disini dulu belajar perintah batch file nya, semoga saja anda bisa paham penggunaan batch file sederhana ini.
Next time saya akan coba berbagi yang lebih ekstrim lagi(halah) :D dengan menambahkan beberapa perintah internal maupun eksternal dari DOS.
Semoga Berguna.
Sumber dari Buku Belajar Membuat Virus Komputer.
akan bisa membuat sebuah program penolong ataupun program penghancur(red=Virus)yang tidak kalah keren dengan VBscript.
Saya disini mencoba membuat perintah batch menggunakan echo, tahu kan kan cara bikinnya bagaimana?
Sekarang coba buka notepad nya semua, saya sarankan anda memakai Notepad++ agar lebih keren gitu dan lebih kumplit lagi sintaks nya, :D
sudah kan, Pertama coba anda ketikkan perintah seperti ini :
Echo halo semua...
Perintah Echo ini berfungsi untuk menampilkan pesan, komentar atau keterangan dan lain-lain yang diberikan oleh user ketika berada dalam kondisi tertentu.
Yang kedua anda simpan perintah tadi yang sudah diketik dengan nama Coba1.bat.
Ketiga coba anda jalankan file Coba1.bat...
jreng...jreng ada hasilnya kan??
Pasti ada dong, jendela command prompt muncul sebentar terus
eh hilang lagi deh ya kan??
Bingung tidak bisa melihat apa isi dari command prompt tadi, okeh deh saya akan sedikit berbagi tips nya agar jendela command prompt tadi tidak tertutup dengan cepat, caranya..
Edit file Coba1.bat yang tadi,
tambahkan kata Pause dibawah tulisan echo halo.....
seperti ini.
Echo halo semua...
Pause
Sudah belum? kalau sudah anda simpan lagi dengan nama
yang sama dan coba jalankan.
Terulang lagi seperti yang tadi?
Tapi ada sedikit perbedaan pasti, jendela command prompt tidak langsung hilang, coba sekarang anda tekan sembarang tombol hilang deh.hehehhe
Sekarang dapat kita ketahui bahwa perintah Pause di batch file tadi berfungsi untuk menghentikan proses sementara waktu, dan akan berjalan kembali setelah ada perintah
masukan(Penekanan Tombol).
Lanjut, sekarang kita buat agar tampilan command prompt nya lebih berbeda, coba anda tambahkan perintah "Echo Off" tanpa tanda kutip loh seperti ini :
Echo off
Echo halo semua...
Pause
Perlu anda ingat tulis di file Coba1.bat yang tadi. anda simpan file Coba1.bat yang telah di edit dan jalankan.... Nah kan tampilan nya berubah lebih enak dilihat.
Sekarang kita belajar membuat lebih rapih lagi, hanya dengan menambahkan perintah "CLS" pada file Coba1.bat seperti ini contohnya..
Echo off
cls
Echo halo semua...
Pause
Coba anda save dan jalankan deh, berbeda kan tampilan command prompt
nya.
Oke deh sampai disini dulu belajar perintah batch file nya, semoga saja anda bisa paham penggunaan batch file sederhana ini.
Next time saya akan coba berbagi yang lebih ekstrim lagi(halah) :D dengan menambahkan beberapa perintah internal maupun eksternal dari DOS.
Semoga Berguna.
Sumber dari Buku Belajar Membuat Virus Komputer.
Meta tags malware websites
An indexing robot is a program which tracks websites,
storing their content in databases and following the
links which point to other websites.
Rogue antimalware creators don’t usually add tags to
the code of their websites or they add them so that the
websites are indexed by the robots of the searchers.
This way, they are more accessible and malware can be
widely spread.
Lately we have found several cases that prove quite the
opposite: tags are added to go unnoticed.
Let’s take the following URL as an example:
http://akedpics.blogspot.com
When clicking the video to view it, we are redirected to
the following URL http://pomp.com/index.php?q=Adrienne-
Bailon-Naked-Pics, which in turn redirect us to
http://crack-.com
(*) and finally to http://fast.com/xplays.php?id=40004
from which we will download the file viewtubesoftware.40004.exe,
detected as Adware/MSAntiSpyware2009
(*) This URL redirects us to different malware hosting websites
randomly, depending on the time.
If we look at the source code of the URL
http://fast.com/xplays.php?id=40004, we can find the
following tag:
1. The noindex tag doesn’t allow the search engines to index a website.
2. The nofollow tag doesn’t allow the search engines to scan the links
of the document.
3. The noarchive tag prevents the website from being cached.
It seems that these techniques are aimed at making malware analysts’ and
antivirus companies’ job more difficult.
They are also used to prevent the proactivity, in the sense of
preventing the infection with techniques such as URL blocking,
which consists in making queries of specific parameters in the
search engines.
From : Pandalabs
storing their content in databases and following the
links which point to other websites.
Rogue antimalware creators don’t usually add tags to
the code of their websites or they add them so that the
websites are indexed by the robots of the searchers.
This way, they are more accessible and malware can be
widely spread.
Lately we have found several cases that prove quite the
opposite: tags are added to go unnoticed.
Let’s take the following URL as an example:
http://
When clicking the video to view it, we are redirected to
the following URL http://
Bailon-Naked-Pics, which in turn redirect us to
http://crack-
(*) and finally to http://fast
from which we will download the file viewtubesoftware.40004.exe,
detected as Adware/MSAntiSpyware2009
(*) This URL redirects us to different malware hosting websites
randomly, depending on the time.
If we look at the source code of the URL
http://fast
following tag:
1. The noindex tag doesn’t allow the search engines to index a website.
2. The nofollow tag doesn’t allow the search engines to scan the links
of the document.
3. The noarchive tag prevents the website from being cached.
It seems that these techniques are aimed at making malware analysts’ and
antivirus companies’ job more difficult.
They are also used to prevent the proactivity, in the sense of
preventing the infection with techniques such as URL blocking,
which consists in making queries of specific parameters in the
search engines.
From : Pandalabs
Downadup A.K.A Conficker worm
The Downadup worm—also called Conficker—has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon.
"It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs," says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes. Many experts anticipate that could occur soon.
What that darker purpose might be is a source of speculation, but Jackson theorizes that it will may well end up being "rogue antivirus malware" that demands the user buy it to eliminate the worm. "It's basically extortion," he says.
Like SecureWorks, IBM notes that it's the second stage payload of the Downadup worm that is a source of concern. "Right now it's not destroying or stealing,--it's just hanging out," comments Tom Cross, X-Force researcher in the IBM ISS division. "It's building its network of hosts."
While no one knows exactly what stage two payload will bring, one reason for the worm's somewhat slow but steady progress is its use of Windows "AutoRun" to copy itself through Windows file-sharing and USB tokens, Cross says.
"If it copies itself to a file share, and if the user clicks on a file, the user's computer will get infected," Cross says. "Even if the computer is patched, you can still get infected if you access one of the infected USB drives or file shares." Cross advises that AutoRun be disabled.
This is an additional means of the worm spreading beyond exploiting the Windows RPC flaw identified last October, for which a patch is available. The worm also has a password-cracker that is adept at cracking administrative accounts or other computers, though very strong passwords should make that much harder, Cross says.
Taken From NETWORK WORLD
"It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs," says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes. Many experts anticipate that could occur soon.
What that darker purpose might be is a source of speculation, but Jackson theorizes that it will may well end up being "rogue antivirus malware" that demands the user buy it to eliminate the worm. "It's basically extortion," he says.
Like SecureWorks, IBM notes that it's the second stage payload of the Downadup worm that is a source of concern. "Right now it's not destroying or stealing,--it's just hanging out," comments Tom Cross, X-Force researcher in the IBM ISS division. "It's building its network of hosts."
While no one knows exactly what stage two payload will bring, one reason for the worm's somewhat slow but steady progress is its use of Windows "AutoRun" to copy itself through Windows file-sharing and USB tokens, Cross says.
"If it copies itself to a file share, and if the user clicks on a file, the user's computer will get infected," Cross says. "Even if the computer is patched, you can still get infected if you access one of the infected USB drives or file shares." Cross advises that AutoRun be disabled.
This is an additional means of the worm spreading beyond exploiting the Windows RPC flaw identified last October, for which a patch is available. The worm also has a password-cracker that is adept at cracking administrative accounts or other computers, though very strong passwords should make that much harder, Cross says.
Taken From NETWORK WORLD
Computer Virus Malware
The term Malware is used to describe any program that is designed to do harm, although there are different schools of thought as to what is actually harmful.
Adware, Spyware, Viruses, Trojans, Pop-Ups, and even spam have all qualified as computer virus malware.
There are two distinct flavours of Adware. Software supported with advertising is one form or the other more malicious sort. The latter is often termed an Adware Virus whereas the first is just called Adware.
The first could be a useful utility released free of charge but using advertising to generate revenue to support development - similar to TV advertisments. You do not have to watch but if you do you get commercials along with content. Often this type of software is also available in an advertisment free version for a modest price.
The more malicious flavour of Adware virus monitors your browsing and then delivers so called targeted advertisements. This category of software may be considered a type of spyware, especially if it's installed without your knowing and agreement.
When does adware become spyware - well that a somewhat gray area. A number of software vendors claim that disclosing the inclusion of this type of software in the user agreement grants legal consent for its installation. Having said that, how many of us actually read the small print before installing software!
A Spyware virus on the other hand, can have a more insidious meaning. The term Spyware, can refer to software which does much more than simply monitor a user's browsing habits. It can often redirect your browser to completely different sites the majority of which are advertising sites.
This form of Spyware virus is nearly always installed without the user's knowledge and hidden within another program. It can also arrive as the payload of a worm or virus. It's also illegal in many countries. In the U.S. the Federal Trade Commission or FTC has indicted, and in some cases convicted, several purveyors.
Some software suppliers will require that the user install spyware as part of a package. Its inclusion is declared in the user agreement but users do not have the option of not installing it. If the user wants the main program they have to install the spyware as well. File sharing utilities like Kazaa or BearShare are notorious for this practice.
The spyware installed with these, and many other, programs collect information in respect of web browsing habits and then deliver targeted advertising to the user. Targeted advertising is designed to be presented to specific groups, selected by analyzing their buying or browsing habits. Selections are made by discovering gender, age or frequently visited sites or by various other undisclosed criteria.
Spyware vendors argue that it does not collect specific personal information and there is an active debate as to whether it constitutes legitimate market analysis or a violation of personal privacy..
The majority of users find it annoying and intrusive. However, advertisers claim it to be the best way to deliver products and services to potential new customers who may actually end up buying what is offered. Legally, they assert, it is just another form of free speech. Users on the other hand respond that the advertisers free speech does not reach to their browser or email Inbox.
Adware, Spyware, Viruses, Trojans, Pop-Ups, and even spam have all qualified as computer virus malware.
There are two distinct flavours of Adware. Software supported with advertising is one form or the other more malicious sort. The latter is often termed an Adware Virus whereas the first is just called Adware.
The first could be a useful utility released free of charge but using advertising to generate revenue to support development - similar to TV advertisments. You do not have to watch but if you do you get commercials along with content. Often this type of software is also available in an advertisment free version for a modest price.
The more malicious flavour of Adware virus monitors your browsing and then delivers so called targeted advertisements. This category of software may be considered a type of spyware, especially if it's installed without your knowing and agreement.
When does adware become spyware - well that a somewhat gray area. A number of software vendors claim that disclosing the inclusion of this type of software in the user agreement grants legal consent for its installation. Having said that, how many of us actually read the small print before installing software!
A Spyware virus on the other hand, can have a more insidious meaning. The term Spyware, can refer to software which does much more than simply monitor a user's browsing habits. It can often redirect your browser to completely different sites the majority of which are advertising sites.
This form of Spyware virus is nearly always installed without the user's knowledge and hidden within another program. It can also arrive as the payload of a worm or virus. It's also illegal in many countries. In the U.S. the Federal Trade Commission or FTC has indicted, and in some cases convicted, several purveyors.
Some software suppliers will require that the user install spyware as part of a package. Its inclusion is declared in the user agreement but users do not have the option of not installing it. If the user wants the main program they have to install the spyware as well. File sharing utilities like Kazaa or BearShare are notorious for this practice.
The spyware installed with these, and many other, programs collect information in respect of web browsing habits and then deliver targeted advertising to the user. Targeted advertising is designed to be presented to specific groups, selected by analyzing their buying or browsing habits. Selections are made by discovering gender, age or frequently visited sites or by various other undisclosed criteria.
Spyware vendors argue that it does not collect specific personal information and there is an active debate as to whether it constitutes legitimate market analysis or a violation of personal privacy..
The majority of users find it annoying and intrusive. However, advertisers claim it to be the best way to deliver products and services to potential new customers who may actually end up buying what is offered. Legally, they assert, it is just another form of free speech. Users on the other hand respond that the advertisers free speech does not reach to their browser or email Inbox.
Spyware and Adware
As well as being an annoyance, badly programmed adware and spyware can interfere with other programs and can even cause your computer system to become unstable. Issues of Privacy also come into play as well.
This type of software is usually installed without a user's consent and many times cannot be uninstalled without special tools. When distributors use tricks and deceit to install uninvited software, trust is destroyed.
Instead of having to use a Spyware Remover or Remove Adware as a last resort, you can and should take steps to protect yourself from the threat.
The first line of defense against adware and spyware is to be cautious when installing software. Understand what is being downloaded and also where you are downloading from. A lot of so called freeware and shareware programs have spyware embedded in them, which is not always disclosed.
Before downloading any new software, look for guarantees that it is adware and spyware free. Even so, be on your guard. For instance, the file sharing program Kazaa has been claiming to be spyware free for years but anyone who installs this software soon has an chance to test this claim.
How can you tell if you have adware or spyware on your system? You may see pop up advertisements even when you are not browsing the web. Your browser home page may have been changed without your knowledge. New toolbars may appear on your browser which you did not install. Your computer may be very slow or unexplainably reboot on its own. although, the last effect is most often a virus.
If you find that your computer system bogged down with adware or spyware, don't give up hope. There are some spyware remover utilities specifically designed to remove adware and from your computer. They rely on regularly updated databases which hold signature files of all known adware and spyware. The program will scan all of the files on your hard drive and alert you if anything untoward is discovered.
Many of these spyware remover utilities are free, although sometimes the paid versions have more automation features such as remove adware on receipt rather than requiring a manual scan. None will find every piece of spyware on your computer system, since they rely on a database which has to be populated according to someone's judgment. And, one man's spyware is sometimes another's welcomed advertiser.
You may find that even with a spyware remover utilty, some spyware is next to impossible to remove. Alterations to system settings and the installation of files in different places makes the job of detection and removal very difficult. Sometimes it is only possible to remove this type of spyware manually.
To remove adware from your computer is a skilled job and should only be performed by users who know what they are doing as the deletion of the wrong files can potentially damage your programs and even your operating system.
One spyware remover utility that can be of big assistance in your quest to remove difficult spyware is called 'HijackThis'. This utility creates a list of files which may have been altered by spyware. The list is very comprehensive and also includes system files and files installed by legitimate software, so be very careful when using it.
Although HijackThis was not initially designed to be a spyware remover tool, it can be used to great effect in locating persistent and hard to remove spyware. It requires a good knowledge of various system settings and you must be extra careful when changing them. Making the wrong setting can quite easily disable your computer system. However, there is a community of HijackThis experts on the Internet that are more than willing to give free advice about suspicious entries.
Once your system is spyware free help keep it that way. Some spyware remover software used to remove adware also includes additional utilities that will protect your computer in real time. Similar to virus scanners, they monitor for any changes to your system files and alert you of any suspicious activity that is detected.
This type of software is usually installed without a user's consent and many times cannot be uninstalled without special tools. When distributors use tricks and deceit to install uninvited software, trust is destroyed.
Instead of having to use a Spyware Remover or Remove Adware as a last resort, you can and should take steps to protect yourself from the threat.
The first line of defense against adware and spyware is to be cautious when installing software. Understand what is being downloaded and also where you are downloading from. A lot of so called freeware and shareware programs have spyware embedded in them, which is not always disclosed.
Before downloading any new software, look for guarantees that it is adware and spyware free. Even so, be on your guard. For instance, the file sharing program Kazaa has been claiming to be spyware free for years but anyone who installs this software soon has an chance to test this claim.
How can you tell if you have adware or spyware on your system? You may see pop up advertisements even when you are not browsing the web. Your browser home page may have been changed without your knowledge. New toolbars may appear on your browser which you did not install. Your computer may be very slow or unexplainably reboot on its own. although, the last effect is most often a virus.
If you find that your computer system bogged down with adware or spyware, don't give up hope. There are some spyware remover utilities specifically designed to remove adware and from your computer. They rely on regularly updated databases which hold signature files of all known adware and spyware. The program will scan all of the files on your hard drive and alert you if anything untoward is discovered.
Many of these spyware remover utilities are free, although sometimes the paid versions have more automation features such as remove adware on receipt rather than requiring a manual scan. None will find every piece of spyware on your computer system, since they rely on a database which has to be populated according to someone's judgment. And, one man's spyware is sometimes another's welcomed advertiser.
You may find that even with a spyware remover utilty, some spyware is next to impossible to remove. Alterations to system settings and the installation of files in different places makes the job of detection and removal very difficult. Sometimes it is only possible to remove this type of spyware manually.
To remove adware from your computer is a skilled job and should only be performed by users who know what they are doing as the deletion of the wrong files can potentially damage your programs and even your operating system.
One spyware remover utility that can be of big assistance in your quest to remove difficult spyware is called 'HijackThis'. This utility creates a list of files which may have been altered by spyware. The list is very comprehensive and also includes system files and files installed by legitimate software, so be very careful when using it.
Although HijackThis was not initially designed to be a spyware remover tool, it can be used to great effect in locating persistent and hard to remove spyware. It requires a good knowledge of various system settings and you must be extra careful when changing them. Making the wrong setting can quite easily disable your computer system. However, there is a community of HijackThis experts on the Internet that are more than willing to give free advice about suspicious entries.
Once your system is spyware free help keep it that way. Some spyware remover software used to remove adware also includes additional utilities that will protect your computer in real time. Similar to virus scanners, they monitor for any changes to your system files and alert you of any suspicious activity that is detected.
Kaspersky Two Top Twenties Virus
Pingin tahu urutan Virus/Worm di dunia?
Berikut ini saya kutip dari www.kaspersky.com
======== Kaspersky Two Top Twenties Virus ==========
Two Top Twenties Virus have been compiled from data generated by the Kaspersky Security Network (KSN) throughout January 2009.
The first Top Twenty is based on data collected by Kaspersky Lab’s 2009 antivirus product and gives details of malicious, advertising, and potentially unwanted programs detected on users’ computers.
1. Virus.Win32.Sality.aa
2. Packed.Win32.Krap.b
3. Worm.Win32.AutoRun.dui
4. Trojan-Downloader.Win32.VB.eql
5. Trojan.Win32.Autoit.ci
6. Trojan-Downloader.WMA.GetCodec.c
7. Packed.Win32.Black.a
8. Virus.Win32.Alman.b
9. Trojan.Win32.Obfuscated.gen
10. Trojan-Downloader.WMA.GetCodec.r
11. Exploit.JS.Agent.aak
12. Worm.Win32.Mabezat.b
13. Worm.Win32.AutoIt.ar
14. Email-Worm.Win32.Brontok.q
15. Virus.Win32.Sality.z
16. Net-Worm.Win32.Kido.ih
17. Trojan-Downloader.WMA.Wimad.n
18. Virus.Win32.VB.bu
19. Trojan.Win32.Agent.abt
20. Worm.Win32.AutoRun.vnq
There were no major changes to the composition of the first Top Twenty during the first month of 2009. Exploit.JS.Agent.aak took the place of Trojan.HTML.Agent.ai and Trojan-Downloader.JS.Agent.czm which appeared in the December ratings. The AutoRun.eee worm, which has vanished from this month’s Top Twenty, has now been replaced by Worm.Win32.AutoRun.vnq. This is not surprising, as frequent new modifications are characteristic of these types of malicious program.
Trojan-Downloader.WMA.Wimad.n, which dropped out of the ratings in November, has also returned to the game. The result of this activity is a Top Twenty Virus with three non-standard downloader programs; evidence of the mass spread of this type of Trojan program, and the trusting attitude users have towards multi-media files. The sharp rise of Trojan-Downloader.WMA.GetCodec.r by ten places confirms that the propagation method described in last month’s Top Twenty, whereby malicious programs use peer-to-peer networks and multimedia downloaders to spread has been very effective.
While Sality.aa still retains its leading position, it has been joined by Sality.z, making Sality one of the most widespread and dangerous families of the recent past.
The notorious Kido family, network worms which use a critical vulnerability in Microsoft Windows to spread, is also present. The current epidemic, the propagation method used, and the number of potentially vulnerable computers mean the appearance of Kido variants in this month’s Top Twenty are no surprise.
All malicious, advertising and potentially unwanted programs in the first Top Twenty can be grouped according to the main classes of threats which we detect. Self-replicating programs again prevail over Trojan programs.
In total, 46014 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers in January. It should be noted that the holiday period did not result in a drop in threats found “in-the-wild”; on the contrary, there were 7800 more “in-the-wild” samples detected than in December (38190).
The second Top Twenty Virus presents data on which malicious programs most commonly infected objects detected on users’ computers. Malicious programs capable of infecting files make up the majority of this ranking.
1. Virus.Win32.Sality.aa
2. Worm.Win32.Mabezat.b
3. Net-Worm.Win32.Nimda
4. Virus.Win32.Xorer.du
5. Virus.Win32.Alman.b
6. Virus.Win32.Sality.z
7. Virus.Win32.Parite.b
8. Virus.Win32.Virut.q
9. Trojan-Downloader.HTML.Agent.ml
10. Virus.Win32.Virut.n
11. Email-Worm.Win32.Runouce.b
12. Worm.Win32.Otwycal.g
13. P2P-Worm.Win32.Bacteraloh.h
14. Virus.Win32.Hidrag.a
15. Virus.Win32.Small.l
16. Virus.Win32.Parite.a
17. Worm.Win32.Fujack.bd
18. P2P-Worm.Win32.Deecee.a
19. Trojan.Win32.Obfuscated.gen
20. Virus.Win32.Sality.y
Sality.z was the latest representative of Virus.Win32.Sality to make it into the first Top Twenty. Sality.y has appeared in the second Top Twenty, confirming again the high activity of this family of self-replicating programs.
An interesting newcomer to the second rating is P2P-Worm.Win32.Deecee.a. This worm spreads via the DC++ peer-to-peer network, and is capable of downloading other malicious files. It has gained a place in the second Top Twenty Virus not so much because of the number of machines it has infected, but because of the number of copies of itself on every infected computer - it copies itself multiple times when installing. Once installed, this worm makes the copies of itself publicly accessible. The executable files which spread in this way have names which follow a set pattern: a prefix such as “(CRACK)”, “(PATCH)”, then the name of a popular application: “ADOBE ILLUSTRATOR (All Versions)”, “GTA SAN ANDREAS ACTION 1 DVD”, etc.
Worm.VBS.Headtail.a, which returned to the rankings in November, has disappeared again, continuing to exhibit the unstable behaviour which we noted towards the end of 2008.
=================== End =================
Semoga Bermanfaat.
Berikut ini saya kutip dari www.kaspersky.com
======== Kaspersky Two Top Twenties Virus ==========
Two Top Twenties Virus have been compiled from data generated by the Kaspersky Security Network (KSN) throughout January 2009.
The first Top Twenty is based on data collected by Kaspersky Lab’s 2009 antivirus product and gives details of malicious, advertising, and potentially unwanted programs detected on users’ computers.
1. Virus.Win32.Sality.aa
2. Packed.Win32.Krap.b
3. Worm.Win32.AutoRun.dui
4. Trojan-Downloader.Win32.VB.eql
5. Trojan.Win32.Autoit.ci
6. Trojan-Downloader.WMA.GetCodec.c
7. Packed.Win32.Black.a
8. Virus.Win32.Alman.b
9. Trojan.Win32.Obfuscated.gen
10. Trojan-Downloader.WMA.GetCodec.r
11. Exploit.JS.Agent.aak
12. Worm.Win32.Mabezat.b
13. Worm.Win32.AutoIt.ar
14. Email-Worm.Win32.Brontok.q
15. Virus.Win32.Sality.z
16. Net-Worm.Win32.Kido.ih
17. Trojan-Downloader.WMA.Wimad.n
18. Virus.Win32.VB.bu
19. Trojan.Win32.Agent.abt
20. Worm.Win32.AutoRun.vnq
There were no major changes to the composition of the first Top Twenty during the first month of 2009. Exploit.JS.Agent.aak took the place of Trojan.HTML.Agent.ai and Trojan-Downloader.JS.Agent.czm which appeared in the December ratings. The AutoRun.eee worm, which has vanished from this month’s Top Twenty, has now been replaced by Worm.Win32.AutoRun.vnq. This is not surprising, as frequent new modifications are characteristic of these types of malicious program.
Trojan-Downloader.WMA.Wimad.n, which dropped out of the ratings in November, has also returned to the game. The result of this activity is a Top Twenty Virus with three non-standard downloader programs; evidence of the mass spread of this type of Trojan program, and the trusting attitude users have towards multi-media files. The sharp rise of Trojan-Downloader.WMA.GetCodec.r by ten places confirms that the propagation method described in last month’s Top Twenty, whereby malicious programs use peer-to-peer networks and multimedia downloaders to spread has been very effective.
While Sality.aa still retains its leading position, it has been joined by Sality.z, making Sality one of the most widespread and dangerous families of the recent past.
The notorious Kido family, network worms which use a critical vulnerability in Microsoft Windows to spread, is also present. The current epidemic, the propagation method used, and the number of potentially vulnerable computers mean the appearance of Kido variants in this month’s Top Twenty are no surprise.
All malicious, advertising and potentially unwanted programs in the first Top Twenty can be grouped according to the main classes of threats which we detect. Self-replicating programs again prevail over Trojan programs.
In total, 46014 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers in January. It should be noted that the holiday period did not result in a drop in threats found “in-the-wild”; on the contrary, there were 7800 more “in-the-wild” samples detected than in December (38190).
The second Top Twenty Virus presents data on which malicious programs most commonly infected objects detected on users’ computers. Malicious programs capable of infecting files make up the majority of this ranking.
1. Virus.Win32.Sality.aa
2. Worm.Win32.Mabezat.b
3. Net-Worm.Win32.Nimda
4. Virus.Win32.Xorer.du
5. Virus.Win32.Alman.b
6. Virus.Win32.Sality.z
7. Virus.Win32.Parite.b
8. Virus.Win32.Virut.q
9. Trojan-Downloader.HTML.Agent.ml
10. Virus.Win32.Virut.n
11. Email-Worm.Win32.Runouce.b
12. Worm.Win32.Otwycal.g
13. P2P-Worm.Win32.Bacteraloh.h
14. Virus.Win32.Hidrag.a
15. Virus.Win32.Small.l
16. Virus.Win32.Parite.a
17. Worm.Win32.Fujack.bd
18. P2P-Worm.Win32.Deecee.a
19. Trojan.Win32.Obfuscated.gen
20. Virus.Win32.Sality.y
Sality.z was the latest representative of Virus.Win32.Sality to make it into the first Top Twenty. Sality.y has appeared in the second Top Twenty, confirming again the high activity of this family of self-replicating programs.
An interesting newcomer to the second rating is P2P-Worm.Win32.Deecee.a. This worm spreads via the DC++ peer-to-peer network, and is capable of downloading other malicious files. It has gained a place in the second Top Twenty Virus not so much because of the number of machines it has infected, but because of the number of copies of itself on every infected computer - it copies itself multiple times when installing. Once installed, this worm makes the copies of itself publicly accessible. The executable files which spread in this way have names which follow a set pattern: a prefix such as “(CRACK)”, “(PATCH)”, then the name of a popular application: “ADOBE ILLUSTRATOR (All Versions)”, “GTA SAN ANDREAS ACTION 1 DVD”, etc.
Worm.VBS.Headtail.a, which returned to the rankings in November, has disappeared again, continuing to exhibit the unstable behaviour which we noted towards the end of 2008.
=================== End =================
Semoga Bermanfaat.
Suara Hati Seorang Pemuda Kecil Indonesia
Suara Hati Seorang Pemuda Kecil Indonesia
Sedikit mengeluarkan isi hati melihat keangkuhan
yang selalu dibanggakan,saya hanya seorang pemuda
kecil yang berangan-angan mempunyai tempat layak nya
istana khayangan yang indah akan perdamaian tanpa
saling caci-maki. Saling merendahkan, menjatuhkan,
membuat kontrofersi, menganggap paling bersih tanpa
pernah tersentuh sebuah skandal.. BULLLLSSSHIIIITTT
Hidup diantara perbedaan yang tanpa pernah disatukan
seakan tebelenggu dalam sebuah bejana racun nomor satu,
hampa hidup perlahan seakan mati tanpa sebuah perjuangan.
Mereka selalu bernyanyi bak kicau burung gagak yang
angkuh mengepakakan sayap di antara sudut hidupku, saya
No 1, saya terbersih, saya paling pantas anda sanjungkan.
Pahit, muak mendengar perkataan tersebut.
Apakah ada kesadaraan dalam lubuk hati nya?? Pecahan riak
air di setiap pandangan ku melayangkan ku pada angan yang
telah terbang menghilang mejauh dari pandangan. Seorang pemuda
ini hanya bisa meratapi akan gejolak pertarungan para penguasa,
saling tikam-menikam tanpa mengindahkan bahwa kita saudara, satu
tanah air ibu pertiwi indonesia.
Pekat hitam kelam terpampang secara gamblang di hadapan, langkah
terengah seakan harus terhenti pada sebuah realita ketidak benaran.
Ibu, akankah engkau harus terus menangis dalam jalan mu menuju
akhir, dalam setiap detik waktu jantung mu berdetak...
Tiada kuasa pemuda kecil indonesia ini berjuang untuk mu ibu, tangan kekuasaan
merenggut keindahan dari norma kebersamaan, hidupku hanya mampu termenung
di kelilingi ke angkuhan yang berebut untuk kesucian mu ibu.
Wahai ibu pertiwi ku Indonesia terus lah dirimu berjalan walau setapak,
walau pahit getir disekitarmu, walau keangkuhan merajalela, tutup telinga mu ibu
hiraukan saja anjing kecil itu menggonggong mengagungkan kesombongan nya di seluruh
sudut Indonesiaku.
Wahai engkau Bhineka Tunggal Ika ku, terus lah dirimu tegap menghadapi
perdebatan kotor di sekeliling mu, jangan pernah engkau melepaskan gemulai
jemari mu dari pundak ku, jika ku sanggup kan kuhapus setiap titik air mata
dirimu agar kita bersama maju menghilangkan sosok ke angkuhan itu, mempersatukan
perbedaan yang ada, menghilangkan kata-kata manis palsu dari tiap langkah
kita.
Sembah sujud ku pada-MU ya Tuhan ku yang Kuasa, berilah aku arti untuk
menutup ke angkuhan itu, membongkar tabir kebenaran dari tirai kesombongan
yang mengelilingi pandangan indah ku. Semoga hingga akhir nanti kita
masih mampu berjalan bergandengan tangan.
Ini hanya suara hati dari seorang pemuda kecil indonesia.
Mencetak lebih cepat lewat Command Prompt
Mencetak lebih cepat lewat Command Prompt.
Sistem operasi Microsoft Windows 2000 merupakan salah satu sistem operasi yang cukup tangguh untuk urusan jaringan. Karenanya, tak heran jika banyak korporasi yang menggunakan sistem operasi ini pada seluruh komputer yang terkoneksi ke jaringan.
Tak jarang, program-program berbasis DOS masih tetap digunakan walaupun sistem operasi utama Anda adalah Windows 2000. Tindakan Anda tidak salah, karena program-program tersebut tetap dapat bekerja dengan baik dan cepat di atas sistem operasi Windows 2000. Hanya saja, untuk urusan pencetakan Windows 2000 memiliki sedikit masalah dengan program-program berbasis DOS. Respon saat melakukan pencetakan terasa lebih lambat dibandingkan saat mencetak dokumen yang dibuka oleh aplikasi berbasis Windows.
Solusi dari permasalahan diatas dapat Anda lakukan dengan cara:
1. Jalankan Registry Editor dengan mengklik [Start] kemudian ketik regedit.exe.
2. Masuklah ke subkey HKEY_LOCAL_MACHINE-SYSTEM-CurrentControlSet-Control-WOW.
3. Carilah String Value dengan nama LPT_timeout, kemudian klik ganda String Value tersebut.
4. Ubahlah Value Data yang sebelumnya bernailai 15 menjadi 3.
5. Klik [OK] lalu tutup jendela Registry Editor. Sekarang, cobalah untuk mencetak kembali melalui Command Prompt.
Selamat Mencoba.
sumber: PCplus
Sistem operasi Microsoft Windows 2000 merupakan salah satu sistem operasi yang cukup tangguh untuk urusan jaringan. Karenanya, tak heran jika banyak korporasi yang menggunakan sistem operasi ini pada seluruh komputer yang terkoneksi ke jaringan.
Tak jarang, program-program berbasis DOS masih tetap digunakan walaupun sistem operasi utama Anda adalah Windows 2000. Tindakan Anda tidak salah, karena program-program tersebut tetap dapat bekerja dengan baik dan cepat di atas sistem operasi Windows 2000. Hanya saja, untuk urusan pencetakan Windows 2000 memiliki sedikit masalah dengan program-program berbasis DOS. Respon saat melakukan pencetakan terasa lebih lambat dibandingkan saat mencetak dokumen yang dibuka oleh aplikasi berbasis Windows.
Solusi dari permasalahan diatas dapat Anda lakukan dengan cara:
1. Jalankan Registry Editor dengan mengklik [Start] kemudian ketik regedit.exe.
2. Masuklah ke subkey HKEY_LOCAL_MACHINE-SYSTEM-CurrentControlSet-Control-WOW.
3. Carilah String Value dengan nama LPT_timeout, kemudian klik ganda String Value tersebut.
4. Ubahlah Value Data yang sebelumnya bernailai 15 menjadi 3.
5. Klik [OK] lalu tutup jendela Registry Editor. Sekarang, cobalah untuk mencetak kembali melalui Command Prompt.
Selamat Mencoba.
sumber: PCplus
Algoritma Virus
Algoritma Virus?? Waduh, susah neh seperti nya,
ada yang bisa bantu saya? he..he.
Kok Virus pake Algoritma juga ya? Ya harus dong
agar virus yang kita buat benar-benar berjalan
dengan baik pada saat peyerangan dan pertahanan
nya. Langsung saja ya sob meng analisis Algoritma
dari si Virus.
Seperti apa Algoritma Virus itu? seperti ini dalam
uraian singkat saja..
1. Sebuah Virus itu harus mempunyai/membuat file Induk
terlebih dahulu karena itulah inti dari virus tersebut.
2. Si Virus harus mampu meng Infeksi drive lain secara otomatis,
seperti Drive untuk FlashDisk atau mecari file sehat yang akan
di infeksi.
3. Virus harus mampu mematikan beberapa system dari sebuah
Operating System seperti Task Manager, CMD, Folder Option
dll deh, dengan cara masuk melalui "Registry" pada System
Operating tersebut.
4. Virus harus mampu melakukan tipuan mata seperti menyamar
menjadi Icon file bawaan System Operasi tersebut.
5. Virus di usahakan jangan terlalu menampakkan dirinya,
misalkan Pamer dengan berlebihan. Jika berlebihan itu
akan menjadi kelemahan sebuah virus, mudah terdeteksi
keberadaan nya.
Oke, untuk lebih lengkapnya tentang Algoritma Virus silahkan sobat
kunjungi blog saya yang Belajar dan Berbagi.
Thanks..
Di ambil dari http://aalil.blogspot.com/
ada yang bisa bantu saya? he..he.
Kok Virus pake Algoritma juga ya? Ya harus dong
agar virus yang kita buat benar-benar berjalan
dengan baik pada saat peyerangan dan pertahanan
nya. Langsung saja ya sob meng analisis Algoritma
dari si Virus.
Seperti apa Algoritma Virus itu? seperti ini dalam
uraian singkat saja..
1. Sebuah Virus itu harus mempunyai/membuat file Induk
terlebih dahulu karena itulah inti dari virus tersebut.
2. Si Virus harus mampu meng Infeksi drive lain secara otomatis,
seperti Drive untuk FlashDisk atau mecari file sehat yang akan
di infeksi.
3. Virus harus mampu mematikan beberapa system dari sebuah
Operating System seperti Task Manager, CMD, Folder Option
dll deh, dengan cara masuk melalui "Registry" pada System
Operating tersebut.
4. Virus harus mampu melakukan tipuan mata seperti menyamar
menjadi Icon file bawaan System Operasi tersebut.
5. Virus di usahakan jangan terlalu menampakkan dirinya,
misalkan Pamer dengan berlebihan. Jika berlebihan itu
akan menjadi kelemahan sebuah virus, mudah terdeteksi
keberadaan nya.
Oke, untuk lebih lengkapnya tentang Algoritma Virus silahkan sobat
kunjungi blog saya yang Belajar dan Berbagi.
Thanks..
Di ambil dari http://aalil.blogspot.com/
Membuat Virus!!
Haaa...ini blog ku yang ke 4,di blog ini saya bertentangan sekali dengan blog ku yang Belajar dan Berbagi,di blog ini saya akan mencoba memberikan jurus-jurus membuat sebuah program perusak atau bahasa keren nya VIRUS...
Ini hanya sebuah perkenalan saja,next time saya akan memberikan tutorial pengenalan Virus sampai membuat Virus nya.
Sampai ketemu di tutorial nanti.
salam damai selalu.
aa.LiL
Ini hanya sebuah perkenalan saja,next time saya akan memberikan tutorial pengenalan Virus sampai membuat Virus nya.
Sampai ketemu di tutorial nanti.
salam damai selalu.
aa.LiL
Langganan:
Postingan (Atom)