Kebetulan sekali lg bahas av..
Minggu lalu saya instal ANSAV di pc..
Iseng2 saya mau merubah tanggal / jam dobel klik di pojok kanan bawah, tiba2
muncul mssg THREAD FOUND.
Nama thread nya- Honey.romantic
Object location: c:\windows\system32\rundl32.exe
Link:
*ttp://s520.photobucket.com/albums/w325/uskasin/?action=view¤t=av.jpg
(tanda bintang diganti “H”…)
1. File tersebut tidak bisa di-delete oleh ANSAV.
2. Ketika mencari file tersebut di lokasinya, saya tidak menemukan file
rundl32.exe tersebut…
3. Selain ANSAV, saya menggunakan av NOD32 versi ESSET v.4 – namun NOD
tidak menemukan thread tersebut…kenapa yah ?
4. So, posisi nya saya tidak bisa edit tanggal.
5. kemudian saya un-instal ANSAV diganti dgn PCMAV… hasilnya thread
tersebut tidak ditemukan & saya bisa edit settingan tanggal / jam.
Kenapa bs gt yah ?
Kenapa thread tersebut hanya di detect oleh ANSAV sebagai thread…
Uskasin
PT. BORAL PIPE & PRECAST INDONESIA
GRAHA MOBISEL 3RD Fl
Jl. Buncit Raya no. 139
Jakarta Selatan
www.boral.au
_____
From: [email protected] [mailto:[email protected]] On Behalf Of
Aay Cosmas
Sent: Monday, 16 November 2009 9:11 AM
To: [email protected]
Subject: Re: [BinusNet] (unknown)
Yanto Chiang, terima kasih atas infonya.
Akhirnya saya pake smadav.
Tapi anehnya setelah saya pake smadav, software excel & vypress tidak bisa
dipake.
Ok. Tq.
--- On Wed, 11/11/09, yanto chiang <HYPERLINK
"mailto:yanto_chiang%40yahoo.com"[email protected]> wrote:
From: yanto chiang <HYPERLINK
"mailto:yanto_chiang%40yahoo.com"[email protected]>
Subject: Re: [BinusNet] (unknown)
To: HYPERLINK "mailto:binusnet%40yahoogroups.com"[email protected]
Date: Wednesday, November 11, 2009, 1:15 PM
HI Aay,
Berdasarkan referensi dari avast antivirus bahwa webpage ini telah terinfeksi
oleh HTML:i-frame yang dimana script pada webpage HTML telah di injeksi oleh
perintah, salah satu contohnya adalah sebagai berikut :
2.1 - Web page infection
Among the new features is the ability to infect Web pages on the
local machine. Whenever the file infector has an access to a file on
the hard drive, it checks whether the files is EXE, SCR, HTM, PHP, or
ASP, and then acts accordingly. For the PE files, the code discussed
above is used for the infection. For HTML pages, the virus actually
injects an iframe at the very end of the page:
NOTE: Just before the actual iframe code, we can see a string used
in the virus. This isn't added to Web pages, but to the host file.
Since the machine is already infected, the virus author doesn't want
the machine to be infected again, and therefore blocks access to the
malicious page with the host file modification.
(Source : HYPERLINK "http://securitylabs"http://securitylabs .websense.
com/content/ Blogs/3300. aspx)
Sedangkan hasil scan kami menemukan :
Source code of submitted URL:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional/ /EN">
<html>
<head>
<title>Send big files the easy way. Files too large for email attachments? No
problem!</title>
<script language="JavaScrip t1.1" type="text/javascri pt">
<!--
location.replace( "HYPERLINK "http://hisoftdream."http://hisoftdream. com");
//-->
</script>
<noscript>
</noscript>
</head>
<body>
Click here to download file
</body>
</html>
Source : HYPERLINK "http://jutaky."http://jutaky. no-ip.org/ index.php?
option=com_ content&task= view&id=19& Itemid=32
HTML:iFrame sendiri adalah sejini trojan yang dimana hacker melakukan injeksi
baik melalui Webpage ataupun Email, dimana pada saat korban melakukan atau klik
website tersebut, secara otomatis file injeksi itu akan terinstall di dalam
PC/Notebook korban.
Jadi mohon untuk tetap berhati hati dalam melakukan aktifitas dalam dunia
internet.
Proteksi diri Anda dengan tool antivirus ataupun anti rootkit ataupun anti
malware yang benar benar bisa dihandalkan.
Jenis jenis i frame dapat dibaca di: HYPERLINK
"http://www.avast."http://www.avast. com/eng/search. php?searchFor= iframe&fnc=
search〈=ENG&x=0&y=0
Thanks and Regards,
Yanto
____________ _________ _________ __
From: Aay Cosmas <aay_intermilan@ yahoo.com>
To: binus...@yahoogroup s.com
Sent: Tuesday, November 10, 2009 10:33:51
Subject: Re: [BinusNet] (unknown)
apakah ini virus ?
kalo yg sudah terlanjur klik link-nya gimana ya ?
Cara mengatasi virus ini gimana ya ?
Thanks
--- On Mon, 11/9/09, HILARIUS JANUARFIAN <hillbi...@yahoo. com> wrote:
From: HILARIUS JANUARFIAN <hillbi...@yahoo. com>
Subject: [BinusNet] (unknown)
To: to=val_hendri@ yahoo.com, thomas_...@yahoo. com, aidah...@yahoo. com,
bpkm_...@yahoogroup s.com, ka...@realta. net, beloved_niken@ yahoo.com,
tunj...@ftr. co.id, andr...@sentral- sistem.com, Ita_godilove@ yahoo.com,
TemuKeluarga@ yahoogroups. com, binus...@yahoogroup s.com
Date: Monday, November 9, 2009, 11:17 AM
HYPERLINK "http://taquarigas."http://taquarigas. com.br/swCgi9csY 4.html
[Non-text portions of this message have been removed]
New Email addresses available on Yahoo!
Get the Email name you've always wanted on the new @ymail and @rocketmail.
Hurry before someone else does!
HYPERLINK "http://mail."http://mail. promotions. yahoo.com/ newdomains/ aa/
[Non-text portions of this message have been removed]
[Non-text portions of this message have been removed]
Internal Virus Database is out-of-date.
Checked by AVG.
Version: 7.5.560 / Virus Database: 270.5.12/1599 - Release Date: 7/08/2008 8:49
PM
Internal Virus Database is out-of-date.
Checked by AVG.
Version: 7.5.560 / Virus Database: 270.5.12/1599 - Release Date: 7/08/2008 8:49
PM
[Non-text portions of this message have been removed]
