Virus Jengkol

Weleh ada-ada aja nama virus ini. JeNGkol alias makanan yang paling sedap baunya … wakakakak.

ciri-ciri apabila terkena virus ini adalah sebagai berikut :

  • logoff saat menjalankan file INF
  • menggunakan file dengan icon JPEG besarnya 14 KB
  • logoff saat edit file VBS
  • file VBS menjadi JPEG
  • file jengkol.vbs di setiap folder
  • %AllFolder%/:\jengkol.vbs
  • %drive%:\autorun.inf
  • c:\documents and settings\%user%\Favorites\jengkol.vbs
  • c:\documents and settings\%user%\Favorites\jengkol.lnk
  • membuat file duplikat di setiap folder dengan icon JPEG
  • merubah file DOC menjadi file JPEG

registry yang dirubah/ditambah adalah sebagai berikut :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run

  • JeNGKol = C:\Documents and Settings\%user%\Favorites\JeNGKol.lnk

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer

  • NoFind
  • NoFolderOptions
  • NoRun
  • NoDrives

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

  • DisableCMD
  • DisableRegedit
  • RunLogonScriptSync

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

  • NoDriveAutoRun = 03FFFFFF
  • NoDrives

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

  • DisableTaskMgr
  • DisableRegedit
  • RunLogonScriptSync
  • EnableLUA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp

  • Disable

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

  • attrib.exe —> debugger = notepad.exe
  • cmd.exe —> debugger = notepad.exe
  • install.exe —> debugger = notepad.exe
  • msconfig —> debugger = notepad.exe
  • regedit.exe —> debugger = notepad.exe
  • regedit32.exe —> debugger = notepad.exe
  • setup.exe —> debugger = notepad.exe
  • taskMgr.exe —> debugger = notepad.exe

This entry was posted on Monday, December 1st, 2008 at 5:22 pm and is filed under virus indonesia. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.