Solusinya adalah:** Install dulu Patch dibawah ini: Microsoft Security Bulletin MS03-007<http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx> Microsoft Security Bulletin MS03-039<http://www.microsoft.com/technet/security/bulletin/MS03-039.mspx> Microsoft Security Bulletin MS04-011<http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx>
Kemudian restart komputer/ server di safemode dan jalankan perintah di bawah ini: 1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter. 2. In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run 3. In the right panel, locate and delete the entry: *Network Access = "winssh.exe" * 4. In the left panel, double-click the following: HKEY_CURRENT_USER>Software>Microsoft> Windows>CurrentVersion>Run 5. In the right panel, locate and delete the entry: *Network Access = "winssh.exe" * 6. In the left panel, double-click the following: HKEY_CURRENT_USER>Software>Microsoft>OLE 7. In the right panel, locate and delete the entry: *Network Access = "winssh.exe" * 8. Close Registry Editor. *Important Windows XP Cleaning Instructions* Users running Windows XP must *disable System Restore<http://www.trendmicro.com/en/security/advisories/win_me_clean.htm> * to allow full scanning of infected systems. Users running other Windows versions can proceed with the succeeding procedure set(s). Kemudian hapus file Winssh.exe di C:\Windows\System23 Restart komputer. Semoga bermanfaat... On 11/11/05, Ken Harry <[EMAIL PROTECTED]> wrote: > > Dear All, > > Mohon bantuan neh.. > Server saya terinfeksi Virus WORM_SDBOT.BVT. dengan nama file *winssh.exe* > Impact-nya adalah beberapa client bermasalah dengan connectionnya.. > Virus ini mengakibatkan semua fasilitas untuk Removingnya menjadi > disable contohnya : > 1. Task Manager menjadi Disable sehingga admin sendiri tdk bisa utak atik > 2. Regedit juga di Lock sehingga kita tdk bisa access untuk destroy > registrinya. > > Mohon bantuaan ya..kali aja diantara It'er pernah mengalami hal yang sama > > Terima Kasih banyak atas bantuaanya. > Ken-Harry > > > > > > -- > www.itcenter.or.id <http://www.itcenter.or.id> - Komunitas Teknologi > Informasi Indonesia > Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] > :: Hapus bagian yang tidak perlu (footer, dst) saat reply! :: > ## Jobs: itcenter.or.id/jobs <http://itcenter.or.id/jobs> ## Bursa: > itcenter.or.id/bursa <http://itcenter.or.id/bursa> ## > $$ Iklan/promosi : > www.itcenter.or.id/sponsorship<http://www.itcenter.or.id/sponsorship>$$ > > [@@] Jaket ITCENTER tersedia di http://shop.itcenter.or.id > > > Yahoo! Groups Links > > > > > > > -- Salam, Supenri or just call me BenQ.... Spesial penghancur VIRUS... contact: [EMAIL PROTECTED] or: [EMAIL PROTECTED] [Non-text portions of this message have been removed] -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] :: Hapus bagian yang tidak perlu (footer, dst) saat reply! :: ## Jobs: itcenter.or.id/jobs ## Bursa: itcenter.or.id/bursa ## $$ Iklan/promosi : www.itcenter.or.id/sponsorship $$ [@@] Jaket ITCENTER tersedia di http://shop.itcenter.or.id Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/