Wuih, Judulnya sadis amir , gak kok, bukan ngebelah virus, soalnya saya enggak nge gunain unpacker, gak kuat bos, jam 3 pagi ni.
Kalu waktu lalu saya sudah menulis tentang menampilkan folder yang di hidden oleh virus, kali ini masih dengan cara yang hampir sama, cuma beda kasus..
Ceritanya tadi pagi, ni kompi kok agak lain, malah 2 kali restart, awal nya seperti gejala PLN kumat, pas tadi saya cek di TASK MANAGER, ada yang buat mata sayu saya jadi melotot,ada proses yang berjalan (melalui ID saya) yang bernama cvlu.exe. Wah apa ini virus? kalau benar ada virus salah masuk kamar ni kayaknya.. 😈
Lalu saya cek lewat msconfig, benar, proses ini autorun, sesuai dengan keterangannya ada dia sembunyi di c:/window/system32 , saya cek kesana dan ketemu batang hidungnya, eh lucunya virus ini pemalu, maksudnya masih makai trick zaman purbakala, dia makai folder transparan, sayang saya lupa screen shoot.. 😆
Karena saya sudah yakin kalau 100% ini virus, saya jadi iseng, mau ngeliat apa tujuannya, Virus ini saya upload ke virustotal.com dan hasilnya mencengangkan!
Trojan! ueekk, saya paling ngeri dengan threat yang satu ini..
Dan ini rangkuman kerjanya
kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey
> kernel32.dll: lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVolumeInformationA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetExitCodeThread, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateMutexA, CreateFileA, CreateEventA, CopyFileA, CompareStringA, CloseHandle
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
> user32.dll: mouse_event, keybd_event, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit
> ole32.dll: CoUninitialize, CoInitialize
> oleaut32.dll: GetErrorInfo, SysFreeString
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
> shell32.dll: ShellExecuteA
> wsock32.dll: WSACleanup, WSAStartup, WSAGetLastError, WSACancelAsyncRequest, WSAAsyncGetServByName, WSAAsyncGetHostByName, WSAAsyncSelect, gethostname, getservbyname, gethostbyname, socket, setsockopt, send, select, recv, ntohs, listen, ioctlsocket, inet_addr, htons, getsockopt, connect, closesocket, bind, accept
> advapi32.dll: OpenServiceA, OpenSCManagerA, ControlService, CloseServiceHandle
Nama lain/alias dari CVLE.EXE nya yang dikenal adalah:
- W32.SillyFDC [Symantec]
- Virus.Win32.AutoRun.sp [Kaspersky Lab]
- W32/Autorun.worm.u [McAfee]
- W32/AutoInf-F [Sophos]
- Backdoor:Win32/Phostiko.gen!A [Microsoft]
Dari gambar diatas kita ngelihat CLAMAV uda ngedetek, so saya yakin 100% kalau PCMAV sudah bisa ngadapin virus ini 😉 , makanya daripada capek-capek bersihin manual, saya serahin aja sama PCmav..
Klik yes, dan kalo ditanya reboot apa enggak, gak terlalu penting boleh yes boleh no, yang pasti PCMAV akan melakukan pembersihan virus ini melalui memory, karena dia running disitu. kalau mau manual juga bisa, tinggal buka run msconfig-uncheck oto running, lalu matikn proses melalui taskman lalu delete cvlu.exe yang ada di posisi yang saya sebutkan di atas <–ketahuan banget malas nulis lagi 😆
9 Comments
klo yang kena virus cvlu.exe & autorun.info flashdisk gmn nie nghapusnya? soalnya uda pake pcmav cuma ngedetect doank tp ga bs ngehapus diformat jg gak bs, pokoknya flashdisk dibikin mati ama nie virus.plissssbantuin donk, kirim ke email ya. thnx banget & d tunggu hasilnya.
virus sekarang kok makin ngeri aja ya pak.
data saya semua hilang kemarin. salah saya sih enggak rutin backup
wah, virus lokal? kok ampe keluar negri gitu?
keluar negeri maksudnya?
emng nya ini virus lokal? sy gk tahu juga.
virus sini selalu kirim data keluar… cara mudah bagi yg masih awam… pake headphone… naikin volumenya… trus denger aja tunenya… selalu ada background program running.
+molisan+
ya ampun kok bisa sampai tau cara gitu sih ??
Kl cara2 gitu sya jujur gak tahu.. tapi kalau saya pribadi lebih suka menggunakan sniffer untuk ngeliat data in atawa out 😀
ky yg udah sy bilang ini type trojan. backdoor. yah itulah tipikalnya.
flashdisk gw baru kemasukan (ap kerasukan terserah deh) virus ini dari laptop temen kemaren, laptop temen gw itu terinstall pake AVG free n baru ng-update, tapi dari proses scan pake AVG gak ngdetect adanya virus ini.
sedangkan AV yg gw pake di PC gw adl McAfee bisa tuntas ngclean virus ini & btul McAfee ngedetect ini sebagai: W32/Autorun.worm.u
mc afee bisa nge heal? macacih?? 😆
http://www.patchme2.com/panduan-memilih-anti-virus-wajib-baca/
Mas2. . . . .
Laptop wa kena virus parah, task manager g bisa d buka, trus d setiap folder mesti ada kembaranya mis, folder picture, d dlm nya pasti ada picture.exe , avg 8.0 wa g isa detect virus lagi, d dekstop propertis mesti muncul ms32.dll not found . . . .tolong banget mas kasi solusina d email wa mr.goodlike@yahoo.com ato sms d 085755328053 mohon bantuanya .tx