Ada Program Notepad di FlashDisk

Notepad Palsu

Notepad Palsu

Sewaktu diminta ngecek flashdisk, ada 1 file aneh seperti notepad dengan nama eenjuv.exe berukuran 178kb
Company: Microsoft Corp
File Version: 5.1.2600.2180

Sepintas orang akan mengira ini software notepad beneran.  Setelah dicek di lab virus total hasilnya sebagai berikut:

Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.21 Virus.Win32.Hupigon.MAP!IK
AhnLab-V3 2009.2.21.0 2009.02.20 Win32/Virut.C
AntiVir 7.9.0.85 2009.02.20 W32/Sality.AA
Authentium 5.1.0.4 2009.02.20 W32/Sality.AK
Avast 4.8.1335.0 2009.02.20 Win32:Sality
AVG 8.0.0.237 2009.02.20 Win32/Heur
BitDefender 7.2 2009.02.21 Win32.Sality.OG
CAT-QuickHeal 10.00 2009.02.20 W32.Sality.V
ClamAV 0.94.1 2009.02.20 W32.Virut.Gen.C-156
Comodo 984 2009.02.20
DrWeb 4.44.0.09170 2009.02.21 Win32.Sector.17
eSafe 7.0.17.0 2009.02.19
eTrust-Vet 31.6.6368 2009.02.20 Win32/Sality.AA
F-Prot 4.4.4.56 2009.02.20 W32/Sality.AK
F-Secure 8.0.14470.0 2009.02.20 Virus.Win32.Sality.aa
Fortinet 3.117.0.0 2009.02.21 W32/ZMist.A
GData 19 2009.02.21 Win32.Sality.OG
Ikarus T3.1.1.45.0 2009.02.21 Virus.Win32.Hupigon.MAP
K7AntiVirus 7.10.638 2009.02.20 Virus.Win32.Sality.AA1
Kaspersky 7.0.0.125 2009.02.21 Virus.Win32.Sality.aa
McAfee 5531 2009.02.21 W32/Sality.gen
McAfee+Artemis 5531 2009.02.21 W32/Sality.gen
Microsoft 1.4306 2009.02.21 Virus:Win32/Sality.AM
NOD32 3875 2009.02.21 Win32/Sality.NAU
Norman 6.00.06 2009.02.20 W32/Sality.AE
nProtect 2009.1.8.0 2009.02.21 Win32.Sality.OG
Panda 10.0.0.10 2009.02.20 W32/Sality.AN
PCTools 4.4.2.0 2009.02.20
Prevx1 V2 2009.02.21
Rising 21.17.50.00 2009.02.21 Win32.KUKU.a
SecureWeb-Gateway 6.7.6 2009.02.20 Win32.Sality.AA
Sophos 4.39.0 2009.02.21 W32/Vetor-A
Sunbelt 3.2.1855.2 2009.02.17 Virus.Win32.Sality.ah (v)
Symantec 10 2009.02.21 W32.Sality.AE
TheHacker 6.3.2.3.261 2009.02.20 W32/Sality.gen
TrendMicro 8.700.0.1004 2009.02.20 PE_SALITY.BU-O
VBA32 3.12.10.0 2009.02.21 Virus.Win32.Sality.baka
ViRobot 2009.2.20.1617 2009.02.20 Win32.Sality.L
VirusBuster 4.5.11.0 2009.02.20 Win32.Sality.AP.Gen

Additional information
File size: 182783 bytes
MD5…: e08a7f665d2a77e462129735db50a02b
SHA1..: f015b5fd271cd02489a6b124b3d932662d52a9a1
SHA256: 6379aa53147908b168aedc298f0d2bc054f3cd82c81d17bbfc8bee96e1bd2057
SHA512: 9dfe4befdc684dbd738a155201032b7b3bd51e4a6ad0f075ee69ef7a1b6e8b9c
ce148d75f07d1c3d5245c44d6396de985290d8dc15538cbcae281c8e6e4b9e9b
ssdeep: 3072:qTNQKPWDyeRejK0LLlcfQ38126Jezf87L373f2LfkNUk13NKX:ANSDyeRqK
WLmfa6U+Lr3f2LHkHKX
PEiD..: –
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100739d
timedatestamp…..: 0xa0a0a0a0L (invalid)
machinetype…….: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7748 0x7800 6.29 248e1b61b30f78c6bc0b247d304a1a0d
.data 0x9000 0x1ba8 0x800 1.15 3fd82fcc3cf0c0692e0e466248ee3fbf
.rsrc 0xb000 0x23000 0x1d600 7.43 ee970170abe779e850e0648d43bc1c0d

( 9 imports )
> comdlg32.dll: PageSetupDlgW, FindTextW, PrintDlgExW, ChooseFontW, GetFileTitleW, GetOpenFileNameW, ReplaceTextW, CommDlgExtendedError, GetSaveFileNameW
> SHELL32.dll: DragFinish, DragQueryFileW, DragAcceptFiles, ShellAboutW
> WINSPOOL.DRV: GetPrinterDriverW, ClosePrinter, OpenPrinterW
> COMCTL32.dll: CreateStatusWindowW
> msvcrt.dll: _XcptFilter, _exit, _c_exit, time, localtime, _cexit, iswctype, _except_handler3, _wtol, wcsncmp, _snwprintf, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcsncpy
> ADVAPI32.dll: RegQueryValueExW, RegCloseKey, RegCreateKeyW, IsTextUnicode, RegQueryValueExA, RegOpenKeyExA, RegSetValueExW
> KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetLocalTime, GetUserDefaultLCID, GetDateFormatW, GetTimeFormatW, GlobalLock, GlobalUnlock, GetFileInformationByHandle, CreateFileMappingW, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, LoadLibraryA, GetModuleHandleA, GetStartupInfoA, GlobalFree, GetLocaleInfoW, LocalFree, LocalAlloc, lstrlenW, LocalUnlock, CompareStringW, LocalLock, FoldStringW, CloseHandle, lstrcpyW, ReadFile, CreateFileW, lstrcmpiW, GetCurrentProcessId, GetProcAddress, GetCommandLineW, lstrcatW, FindClose, FindFirstFileW, GetFileAttributesW, lstrcmpW, MulDiv, lstrcpynW, LocalSize, GetLastError, WriteFile, SetLastError, WideCharToMultiByte, LocalReAlloc, FormatMessageW, GetUserDefaultUILanguage, SetEndOfFile, DeleteFileW, GetACP, UnmapViewOfFile, MultiByteToWideChar, MapViewOfFile, UnhandledExceptionFilter
> GDI32.dll: EndPage, AbortDoc, EndDoc, DeleteDC, StartPage, GetTextExtentPoint32W, CreateDCW, SetAbortProc, GetTextFaceW, TextOutW, StartDocW, EnumFontsW, GetStockObject, GetObjectW, GetDeviceCaps, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SetBkMode, LPtoDP, SetWindowExtEx, SetViewportExtEx, SetMapMode, SelectObject
> USER32.dll: GetClientRect, SetCursor, ReleaseDC, GetDC, DialogBoxParamW, SetActiveWindow, GetKeyboardLayout, DefWindowProcW, DestroyWindow, MessageBeep, ShowWindow, GetForegroundWindow, IsIconic, GetWindowPlacement, CharUpperW, LoadStringW, LoadAcceleratorsW, GetSystemMenu, RegisterClassExW, LoadImageW, LoadCursorW, SetWindowPlacement, CreateWindowExW, GetDesktopWindow, GetFocus, LoadIconW, SetWindowTextW, PostQuitMessage, RegisterWindowMessageW, UpdateWindow, SetScrollPos, CharLowerW, PeekMessageW, EnableWindow, DrawTextExW, CreateDialogParamW, GetWindowTextW, GetSystemMetrics, MoveWindow, InvalidateRect, WinHelpW, GetDlgCtrlID, ChildWindowFromPoint, ScreenToClient, GetCursorPos, SendDlgItemMessageW, SendMessageW, CharNextW, CheckMenuItem, CloseClipboard, IsClipboardFormatAvailable, OpenClipboard, GetMenuState, EnableMenuItem, GetSubMenu, GetMenu, MessageBoxW, SetWindowLongW, GetWindowLongW, GetDlgItem, SetFocus, SetDlgItemTextW, wsprintfW, GetDlgItemTextW, EndDialog, GetParent, UnhookWinEvent, DispatchMessageW, TranslateMessage, TranslateAcceleratorW, IsDialogMessageW, PostMessageW, GetMessageW, SetWinEventHook

4 Tanggapan

  1. bos..
    cara remove nya gimana ? soalnya pake NOD32, gak kedeteck nih, udah kadung terjangkit, buka beberapa webadress gak bisa, sepertinya diblok ama si virus nih. ada saran ? atau mungkin ada removal nya ?

    thanks

  2. Coba Pake DR. WEB kalo bisa sih hdd nya di jadikan Slave atau Burn aja DR.web live cd

  3. dilihat sekilas saja sudah aneh, icon pada virus itu adalah gambar notepad pada windows Vista/7. jadi bila ada file2 aneh di flashdisk langsung buang aja..hehe

    • men cek saya mah cobaan hela we eksekusi sugan eta software kangge ngaleresken flash na….
      ameh te ngarusak mendingan d warnet wae cobianna…
      wkwkwkwkw
      ameh babarengan benangna jeng batur….
      kan gaya men lobaan mahj

      mangga d raosan…

      *nb
      abi te tanggung jawab bisi aya gangguan,,,

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: