Seharusnya anda bisa melihat status report yang diberikan antivirus avast disana dia memberikan reportnya apa,
1. Delete Virus 2. Clean Virus 3. Quarantine Kalau saya melihat dari karakterisktik virus tersebut Virus Profile: W32/Sality!72298096 Risk Assessment - Home Users: Low - Corporate Users: Low Date Discovered: 9/17/2008 Date Added: 9/17/2008 Origin: Unknown Length: 1396736 Type: Virus SubType: - DAT Required: 5386 Virus Characteristics File Property Property Value FileName dmcpl.exe McAfee Detection W32/Sality Length 1,396,736 bytes CRC 72298096 MD5 B36A265C40BB67816468274E46FFFE24 SHA1 8348D6AA7326E3C8259BC857D9C690BFD143BDBF Other Common Detection Aliases Company Name Detection Name ahnlab Win32/Kashu.B avast Win32:Sality-gen Avira HEUR/Malware BitDefender Win32.Sality.OG Dr.Web Win32.Sector.11 Eset Win32/Sality.NAT F-Prot W32/Sality.ak Kaspersky Virus.Win32.Sality.aa microsoft virus:win32/sality.am norman W32/Sality.AE panda W32/Sality.AH rising Win32.Kuku.a Sophos W32/Sality-AM Symantec W32.Sality.AE vba32 Virus.Win32.Sality.kaka Vet (Computer Associates) Win32/Sality.AA AvertR Labs has observed the following system activities: Activity Risk Level Modifies the operating system security policy Critical Uses shared memory of other processes Low This sample can be identified by the following symptoms. System Changes These are general defaults for typical path variables. (Although they may differ, these examples are common.): %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000) %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000) %ProgramFiles% = \Program Files The following registry elements have been created: * hkey_local_machine\software\microsoft\security center\ * antivirusdisablenotify = 1 * antivirusoverride = 1 * firewalldisablenotify = 1 * firewalloverride = 1 * uacdisablenotify = 1 * updatesdisablenotify = 1 * hkey_local_machine\software\microsoft\security center\svc\ * antivirusdisablenotify = 1 * antivirusoverride = 1 * firewalldisablenotify = 1 * hkey_users\s-1-5-21-1202660629-602609370-839522115-500\software\microsoft\wi ndows\currentversion\policies\system\ * disableregistrytools = 1 * disabletaskmgr = 1 The following registry elements have been changed: * hkey_users\s-1-5-21-1202660629-602609370-839522115-500\software\microsoft\wi ndows\currentversion\explorer\advanced\ * hidden = 2 Indications of Infection This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section. Method of Infection Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer. Removal Instructions AVERT recommends to always use latest DATs and engine <http://www.mcafee.com/apps/downloads/security_updates/dat.asp> . This threat will be cleaned if you have this combination. -----Original Message----- From: Asfin Achfani Nur [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2008 7:38 PM To: [email protected] Subject: [balikpapan-ict] Re: Avast! Antivirus di Ubuntu saran saya utk Win32:trojan-gen musti dipilah-pilah dulu file nya. karena kadang ada false alarm. contohnya saya pernah mencoba menginstall PCMAV-RTP.exe (dari CD nya PCMedia) ternyata ditangkap sm avast dan dianggap Win32:trojan virus. terpaksa musti setting2 ulang di exception nya supaya ngga false alarm lg dan PCMAV-RTP bisa jalan bareng avast. jadi jika anda yakin file itu adalah benar dan bukan virus, jangan dihapus, tapi klo kurang yakin atau tidak tahu asal usulnya, ambil amannyasaja dengan menghapusnya. sedikit catatan : PCMAV-RTP juga mengakibatkan false alarm pada antivirus NOD32. jadi seperti sy bilang tadi musti ngutak-atik setting scan exceptionnya dulu dech. salam, asfin (saran : coba cek ulang pk clamAV linux punya. jalankan dengan terminal pada folder yg dicurigai) At 18:27 01/12/2008, you wrote: >rian hidayat wrote: > > Setelah saya download dan ikuti instruksi instalasinya dan berhasil > > saya coba scan seluruh isi hardisk yang terdiri dari 3 Operating System > > yaitu : Windows SBS 2003 Original, Windows XP Pro Bajakan, dan Ubuntu 8.10 > > hasilnya beberapa file *.exe pada Drive Windows XP Found virus > > win32:Sality-gen dan Win32:Trojan-gen. > > pathnya di programfiles/norman ; programfiles/microsoft ; RECYCLER/... > > > > mohon analisa dari teman-teman dan pencerahannya atas kondisi ini > >Berarti engine antivirus yg digunakan dapat mengenali virus Win32:Trojan-gen >Jika paranoid terhadap virus tersebut, mungkin bisa melakukan healing >atau jika sangat terpaksa bisa melakukan penghapusan terhadap file yang >terinfeksi virus. Demikian analisa singkat dari saya. Mungkin ada >teman-teman yang ingin menambahkan?? > >-Lucky- > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Balikpapan Information, Communication & Technology Community" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/balikpapan-ict?hl=en-GB -~----------~----~----~----~------~----~------~--~---
