Bertarung Dengan Brontok

View previous topic View next topic Go down

Bertarung Dengan Brontok

Post by kubuntu on Wed Apr 08, 2009 10:40 am

Beberapa minggu lepas laptop office tempat lama saya diserang virus
Brontok. Cemas jugalah dibuatnya. Mana tidak, komputer jadi tersangat
perlahan. Setelah membuat sedikit research dari PC lain, saya mendapat
sedikit informasi berkaitan virus ini dan cara untuk menghapuskannya.
Virus ini berasal dari Indonesia dan terdapat beberapa variant. Laptop saya diserang Brontok.q.
Ciri-ciri
Ciri-ciri di bawah ini adalah yang
dapat saya lihat berlaku di laptop saya ketika itu. Sesetengah orang
melihat masalah yang agak berlainan seperti window pop-up dalam bahasa
Indonesia.
1) Membuat file yang sama dengan folder yang
memegangnya. Contohnya, jika nama folder adalah sports, virus ini akan
membuat file bernama sports.exe di dalam folder sports tersebut.
2) Duplicate fail-fail yang ada dan akan menyebabkan hard disk penuh, seterusnya boleh menyebabkan crash.
3) Komputer akan menjadi terlalu perlahan kerana aktiviti virus ini.
4) Virus akan menghalang kita dari search untuk antivirus atau hijackthis, komputer akan restart setiap kali kita search.
5) Komputer akan restart setiap kali kita cuba run antivirus atau virus removal di komputer.
Apa yang saya lakukan
Berdasarkan hasil research, saya terus membuat percubaan berikut untuk menghapuskan virus tersebut:
1) Cabutkan wayar network dari PC. Kalau nak research ke, download ke, gunakan PC lain.
2)
Brontok tidak kelihatan di dalam Task Manager (window Task Manager akan
keluar bila kita tekan Ctrl+Alt+Del). Oleh itu, melalui panduan dari
seorang bernama Orion di sini, saya masuk Windows menggunakan Safe Mode:
a) Restart PC
b) Tekan butang F8 di keyboard (banyak kali).
c) Satu skrin hitam akan keluar dan kita pilih Safe Mode menggunakan Arror Keys. Tekan Enter.
d) Pilih Operating System (Windows XP) - ada satu je pun kat list tu. Tekan Enter.
3) Semasa kita hendak masuk Safe Mode, satu window kecil akan pop
up dan tanya kita adake kita sure nak masuk Safe Mode? Sebelum tekan
OK, terus tekan Ctrl+Alt+Del (utk keluarkan Task Manager).
4) Apabila Task Manager sudah keluar, tekan OK pada window
tersebut. Perhatikan Task Manager dengan segera dan kita akan dapat
melihat ulat itu tersenarai (kesenjangalsocial.exe atau sembako..exe
camtu). Segera klik pada nama virus tersebut, dan dengan pantas tekan butang End Process. Jika lambat, virus itu tidak kelihatan lagi dan kita terpaksa mengulang proses 1-4.
5) Apabila virus tersebut telah dihentikan processnya, barulah kita
boleh run virus removal yang ada pada kita. Selagi virus tersebut
masih berjalan, selagi itulah kita tidak dapat run antivirus kita.
6) Saya menggunakan Kaspersky dan Brontok Removal, bagaimanapun,
masih terdapat virus tersebut di dalam folder yang tidak boleh diakses
oleh pengguna windows.
Folder yang mempunyai virus Brontok itu adalah System Volume Information. Saya menggunakan panduan di Microsoft untuk
membolehkan saya akses ke folder tersebut (yg tidak kelihatan pada
pandangan biasa), seterusnya membolehkan Kaspersky menghapuskan virus
tersebut.
Alhamdulillah, akhirnya laptop tersebut bersih dari Brontok. Baru
saya perasan, folder-folder di dalam laptop tersebut telah diset
Sharing di dalam network. Paling teruk, setting itu membenarkan
pengguna lain menukar fail (Allow network users to change my files).
Sharing
1) Right click pada folder
2) Pilih Sharing and Security
3) Di bahagian Network Sharing and Security, uncheck kotak Share this folder on the network
4) Uncheck kotak Allow network users to change my files
5) Klik OK

Lain kali jangan share ye...-Petikan dari azrina blog-

_________________
"Truly Great Friend are Hard to Find;Difficult to Leave;Impossible to Forget"
"You'll Never Walk Alone"



kubuntu

Quote : You'll Never Walk Alone
Number of posts : 4420
Age : 37
Location : Kinrara Puchong
Machine : Emm Bee Que Empat Puluh
Registration date : 08/09/2008

View user profile http://myscooterclub.blogspot.com

Back to top Go down

Re: Bertarung Dengan Brontok

Post by hatosmangos on Wed Apr 08, 2009 10:56 am

cheers

_________________

Lawati Pusat Sumber Informasi MSC >> SHORT-CUT--Perpustakaan MSC

Namun bagaimana hebat sekalipun perancangan manusia, Allah adalah sebaik-baik Perancang.

hatosmangos

Quote : usia semakin meningkat, umur semakin pendek.
Number of posts : 4184
Age : 45
Location : Kinrara, Puchong
Machine : Modenas Elegan Knight Rider 2008
[Mean Machine]


Registration date : 07/09/2008

View user profile

Back to top Go down

Re: Bertarung Dengan Brontok

Post by Guest on Tue May 26, 2009 1:27 pm

ermmm brontok ni byk jenis kan..

Guest
Guest


Back to top Go down

Re: Bertarung Dengan Brontok

Post by Ryo.Yashimura on Tue May 26, 2009 1:45 pm

The Brontok worm is a computer worm that affects computers running Microsoft Windows. It spreads by sending itself to email addresses harvested from the affected computer. Variants of the Brontok worm include:

Brontok.A
Brontok.B
Brontok.C
Brontok.D
Brontok.F
Brontok.G
Brontok.H
Brontok.I
Brontok.K
Brontok.Q


A mass-mailing email worm that also spreads via USB and thumb drives, the Rontokbro worm - also know as Brontok - takes a multifaceted approach to defy detection and removal. Rontokbro / Brontok modifies the HOSTS file to prevent access to antivirus vendor sites, thereby preventing access to signature updates and online scanners. It may also disable antivirus and other security software running on the system, as well as blocking access to Registry Editor and other system tools needed to attempt manual removal of the worm.

First discovered in late September 2005, as of October 2006 over 20 variants of the Rontokbro / Brontok worm had been discovered. The worm executables often adopt either the Microsoft Word icon or the folder icon. Copies of the worm also often adopt the same name as the folder in which it was dropped. For example, if Rontokbro / Brontok copied itself to a folder named "New Folder", it would do so using the filename "New Folder". Because Windows disables executable file extensions by default, and the worm may use a folder icon, this may make it appear as if the infected file were merely a nested new folder. In addition, the worm typically modifies the Registry to cause the Folder Options menu item to disappear from the Windows Explorer Tools menu.

Some variants of the Rontokbro / Brontok worm cause the system to reboot when certain strings appear in task windows. For example, if "EXE" appears in the title of a window, the worm will cause the system to shutdown and restart. On some occasions, the worm will pause the system during bootup and display a message in a similar fashion to much older DOS viruses. F-Secure includes a screenshot in their Brontok.N write-up.

Rontokbro / Brontok may also launch Ping attacks which, depending on the number of infected systems at any given time, could result in form of a Distributed Denial of Service (DDoS) attack.

Because the worm prevents access to the Registry Editor and other diagnostic tools, and prevents access to antivirus software, removing a Rontokbro / Brontok infection can be tricky. To do so will require access to a second, non-infected PC. Here's how:

From a non-infected PC, follow the first 8 steps outlined in How to Make an F-Prot CD.
Take the F-Prot CD to the infected computer. Boot the infected computer into Safe Mode (see How to Boot into Safe Mode), then follow the 7 remaining steps outlined in the How to Make an F-Prot CD article to scan the system and remove any instances of Rontokbro / Brontok found.
Before rebooting the PC, while still in Safe Mode, disable system restore. You can re-enable the system restore feature later, after you've booted normally, to create a new, clean system restore point.
After cleaning the system, be sure to remove any worm-created entries in the HOSTS file. Then update your antivirus software, test it with the EICAR test file to ensure it's working properly, and rescan your entire system - including any mapped and removable drives.

To prevent reinfection from Rontokbro / Brontok, avoid opening email attachments received unexpectedly - even from someone you know - unless you are certain of the intent. Don't share your USB and thumb drives with others unless you are certain their system is clean and avoid downloading files from anonymous P2P filesharing networks.

_________________
Thinks... change is never easy. You fight to hold on. You fight to let go. But sometimes in the winds of change, we find our true direction...

Ryo.Yashimura

Quote : says believes in 3 rules to live by: 1. make the rules... 2. play by the rules... and 3. RULE THE GAME...
Number of posts : 8028
Age : 34
Location : USJ 9 Subang Jaya
Machine : Kawasaki Versys 650 sudahhh~~~

Registration date : 07/09/2008

View user profile http://msc-yashimura.fotopages.com

Back to top Go down

Re: Bertarung Dengan Brontok

Post by Sponsored content Today at 6:16 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum