Skip navigation

Wuih, Judulnya sadis amir:mrgreen: , gak kok, bukan ngebelah virus, soalnya saya enggak nge gunain unpacker, gak kuat bos, jam 3 pagi ni.

Kalu waktu lalu saya sudah menulis tentang menampilkan folder yang di hidden oleh virus, kali ini masih dengan cara yang hampir sama, cuma beda kasus..

Ceritanya tadi pagi, ni kompi kok agak lain, malah 2 kali restart, awal nya seperti gejala PLN kumat, pas tadi saya cek di TASK MANAGER, ada yang buat mata sayu saya jadi melotot,ada proses yang berjalan (melalui ID saya) yang bernama cvlu.exe. Wah apa ini virus? kalau benar ada virus salah masuk kamar ni kayaknya..😈virus-cvlu

Lalu saya cek lewat msconfig, benar, proses ini autorun, sesuai dengan keterangannya ada dia sembunyi di c:/window/system32 , saya cek kesana dan ketemu batang hidungnya, eh lucunya virus ini pemalu, maksudnya masih makai trick zaman purbakala, dia makai folder transparan, sayang saya lupa screen shoot..😆

Karena saya sudah yakin kalau 100% ini virus, saya jadi iseng, mau ngeliat apa tujuannya, Virus ini saya upload ke virustotal.com dan hasilnya mencengangkan!


cvluexe

Trojan! ueekk, saya paling ngeri dengan threat yang satu ini..

Dan ini rangkuman kerjanya

kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey
> kernel32.dll: lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVolumeInformationA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetExitCodeThread, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateMutexA, CreateFileA, CreateEventA, CopyFileA, CompareStringA, CloseHandle
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
> user32.dll: mouse_event, keybd_event, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit
> ole32.dll: CoUninitialize, CoInitialize
> oleaut32.dll: GetErrorInfo, SysFreeString
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
> shell32.dll: ShellExecuteA
> wsock32.dll: WSACleanup, WSAStartup, WSAGetLastError, WSACancelAsyncRequest, WSAAsyncGetServByName, WSAAsyncGetHostByName, WSAAsyncSelect, gethostname, getservbyname, gethostbyname, socket, setsockopt, send, select, recv, ntohs, listen, ioctlsocket, inet_addr, htons, getsockopt, connect, closesocket, bind, accept
> advapi32.dll: OpenServiceA, OpenSCManagerA, ControlService, CloseServiceHandle

Nama lain/alias dari CVLE.EXE nya yang dikenal adalah:

  • W32.SillyFDC [Symantec]
  • Virus.Win32.AutoRun.sp [Kaspersky Lab]
  • W32/Autorun.worm.u [McAfee]
  • W32/AutoInf-F [Sophos]
  • Backdoor:Win32/Phostiko.gen!A [Microsoft]

Dari gambar diatas kita ngelihat CLAMAV uda ngedetek, so saya yakin 100% kalau PCMAV sudah bisa ngadapin virus ini😉 , makanya daripada capek-capek bersihin manual, saya serahin aja sama PCmav..

pcmav-cvlu

Klik yes, dan kalo ditanya reboot apa enggak, gak terlalu penting boleh yes boleh no, yang pasti PCMAV akan melakukan pembersihan virus ini melalui memory, karena dia running disitu. kalau mau manual juga bisa, tinggal buka run msconfig-uncheck oto running, lalu matikn proses melalui taskman lalu delete cvlu.exe yang ada di posisi yang saya sebutkan di atas <–ketahuan banget malas nulis lagi😆

9 Comments

    • Abdul Maulana
    • Posted November 25, 2008 at 12:39 am
    • Permalink

    klo yang kena virus cvlu.exe & autorun.info flashdisk gmn nie nghapusnya? soalnya uda pake pcmav cuma ngedetect doank tp ga bs ngehapus diformat jg gak bs, pokoknya flashdisk dibikin mati ama nie virus.plissssbantuin donk, kirim ke email ya. thnx banget & d tunggu hasilnya.

    • bon-bon
    • Posted November 29, 2008 at 9:58 am
    • Permalink

    virus sekarang kok makin ngeri aja ya pak.
    data saya semua hilang kemarin. salah saya sih enggak rutin backup

    • bolot
    • Posted Desember 2, 2008 at 4:10 pm
    • Permalink

    wah, virus lokal? kok ampe keluar negri gitu?

  1. keluar negeri maksudnya?
    emng nya ini virus lokal? sy gk tahu juga.:mrgreen:

    • molisan tono
    • Posted Februari 13, 2009 at 11:26 am
    • Permalink

    virus sini selalu kirim data keluar… cara mudah bagi yg masih awam… pake headphone… naikin volumenya… trus denger aja tunenya… selalu ada background program running.

  2. +molisan+
    ya ampun kok bisa sampai tau cara gitu sih ??
    Kl cara2 gitu sya jujur gak tahu.. tapi kalau saya pribadi lebih suka menggunakan sniffer untuk ngeliat data in atawa out😀

    ky yg udah sy bilang ini type trojan. backdoor. yah itulah tipikalnya.

    • yus
    • Posted Februari 16, 2009 at 10:48 am
    • Permalink

    flashdisk gw baru kemasukan (ap kerasukan terserah deh) virus ini dari laptop temen kemaren, laptop temen gw itu terinstall pake AVG free n baru ng-update, tapi dari proses scan pake AVG gak ngdetect adanya virus ini.

    sedangkan AV yg gw pake di PC gw adl McAfee bisa tuntas ngclean virus ini & btul McAfee ngedetect ini sebagai: W32/Autorun.worm.u

    • Deny
    • Posted Februari 25, 2009 at 10:20 pm
    • Permalink

    Mas2. . . . .
    Laptop wa kena virus parah, task manager g bisa d buka, trus d setiap folder mesti ada kembaranya mis, folder picture, d dlm nya pasti ada picture.exe , avg 8.0 wa g isa detect virus lagi, d dekstop propertis mesti muncul ms32.dll not found . . . .tolong banget mas kasi solusina d email wa mr.goodlike@yahoo.com ato sms d 085755328053 mohon bantuanya .tx


Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: