Sewaktu diminta ngecek flashdisk, ada 1 file aneh seperti notepad dengan nama eenjuv.exe berukuran 178kb
Company: Microsoft Corp
File Version: 5.1.2600.2180
Sepintas orang akan mengira ini software notepad beneran. Setelah dicek di lab virus total hasilnya sebagai berikut:
Antivirus | Version | Last Update | Result |
---|---|---|---|
a-squared | 4.0.0.93 | 2009.02.21 | Virus.Win32.Hupigon.MAP!IK |
AhnLab-V3 | 2009.2.21.0 | 2009.02.20 | Win32/Virut.C |
AntiVir | 7.9.0.85 | 2009.02.20 | W32/Sality.AA |
Authentium | 5.1.0.4 | 2009.02.20 | W32/Sality.AK |
Avast | 4.8.1335.0 | 2009.02.20 | Win32:Sality |
AVG | 8.0.0.237 | 2009.02.20 | Win32/Heur |
BitDefender | 7.2 | 2009.02.21 | Win32.Sality.OG |
CAT-QuickHeal | 10.00 | 2009.02.20 | W32.Sality.V |
ClamAV | 0.94.1 | 2009.02.20 | W32.Virut.Gen.C-156 |
Comodo | 984 | 2009.02.20 | - |
DrWeb | 4.44.0.09170 | 2009.02.21 | Win32.Sector.17 |
eSafe | 7.0.17.0 | 2009.02.19 | - |
eTrust-Vet | 31.6.6368 | 2009.02.20 | Win32/Sality.AA |
F-Prot | 4.4.4.56 | 2009.02.20 | W32/Sality.AK |
F-Secure | 8.0.14470.0 | 2009.02.20 | Virus.Win32.Sality.aa |
Fortinet | 3.117.0.0 | 2009.02.21 | W32/ZMist.A |
GData | 19 | 2009.02.21 | Win32.Sality.OG |
Ikarus | T3.1.1.45.0 | 2009.02.21 | Virus.Win32.Hupigon.MAP |
K7AntiVirus | 7.10.638 | 2009.02.20 | Virus.Win32.Sality.AA1 |
Kaspersky | 7.0.0.125 | 2009.02.21 | Virus.Win32.Sality.aa |
McAfee | 5531 | 2009.02.21 | W32/Sality.gen |
McAfee+Artemis | 5531 | 2009.02.21 | W32/Sality.gen |
Microsoft | 1.4306 | 2009.02.21 | Virus:Win32/Sality.AM |
NOD32 | 3875 | 2009.02.21 | Win32/Sality.NAU |
Norman | 6.00.06 | 2009.02.20 | W32/Sality.AE |
nProtect | 2009.1.8.0 | 2009.02.21 | Win32.Sality.OG |
Panda | 10.0.0.10 | 2009.02.20 | W32/Sality.AN |
PCTools | 4.4.2.0 | 2009.02.20 | - |
Prevx1 | V2 | 2009.02.21 | - |
Rising | 21.17.50.00 | 2009.02.21 | Win32.KUKU.a |
SecureWeb-Gateway | 6.7.6 | 2009.02.20 | Win32.Sality.AA |
Sophos | 4.39.0 | 2009.02.21 | W32/Vetor-A |
Sunbelt | 3.2.1855.2 | 2009.02.17 | Virus.Win32.Sality.ah (v) |
Symantec | 10 | 2009.02.21 | W32.Sality.AE |
TheHacker | 6.3.2.3.261 | 2009.02.20 | W32/Sality.gen |
TrendMicro | 8.700.0.1004 | 2009.02.20 | PE_SALITY.BU-O |
VBA32 | 3.12.10.0 | 2009.02.21 | Virus.Win32.Sality.baka |
ViRobot | 2009.2.20.1617 | 2009.02.20 | Win32.Sality.L |
VirusBuster | 4.5.11.0 | 2009.02.20 | Win32.Sality.AP.Gen |
Additional information |
---|
File size: 182783 bytes |
MD5...: e08a7f665d2a77e462129735db50a02b |
SHA1..: f015b5fd271cd02489a6b124b3d932662d52a9a1 |
SHA256: 6379aa53147908b168aedc298f0d2bc054f3cd82c81d17bbfc8bee96e1bd2057 |
SHA512: 9dfe4befdc684dbd738a155201032b7b3bd51e4a6ad0f075ee69ef7a1b6e8b9c ce148d75f07d1c3d5245c44d6396de985290d8dc15538cbcae281c8e6e4b9e9b |
ssdeep: 3072:qTNQKPWDyeRejK0LLlcfQ38126Jezf87L373f2LfkNUk13NKX:ANSDyeRqK WLmfa6U+Lr3f2LHkHKX |
PEiD..: - |
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%) |
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100739d timedatestamp.....: 0xa0a0a0a0L (invalid) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x7748 0x7800 6.29 248e1b61b30f78c6bc0b247d304a1a0d .data 0x9000 0x1ba8 0x800 1.15 3fd82fcc3cf0c0692e0e466248ee3fbf .rsrc 0xb000 0x23000 0x1d600 7.43 ee970170abe779e850e0648d43bc1c0d ( 9 imports ) > comdlg32.dll: PageSetupDlgW, FindTextW, PrintDlgExW, ChooseFontW, GetFileTitleW, GetOpenFileNameW, ReplaceTextW, CommDlgExtendedError, GetSaveFileNameW > SHELL32.dll: DragFinish, DragQueryFileW, DragAcceptFiles, ShellAboutW > WINSPOOL.DRV: GetPrinterDriverW, ClosePrinter, OpenPrinterW > COMCTL32.dll: CreateStatusWindowW > msvcrt.dll: _XcptFilter, _exit, _c_exit, time, localtime, _cexit, iswctype, _except_handler3, _wtol, wcsncmp, _snwprintf, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcsncpy > ADVAPI32.dll: RegQueryValueExW, RegCloseKey, RegCreateKeyW, IsTextUnicode, RegQueryValueExA, RegOpenKeyExA, RegSetValueExW > KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetLocalTime, GetUserDefaultLCID, GetDateFormatW, GetTimeFormatW, GlobalLock, GlobalUnlock, GetFileInformationByHandle, CreateFileMappingW, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, LoadLibraryA, GetModuleHandleA, GetStartupInfoA, GlobalFree, GetLocaleInfoW, LocalFree, LocalAlloc, lstrlenW, LocalUnlock, CompareStringW, LocalLock, FoldStringW, CloseHandle, lstrcpyW, ReadFile, CreateFileW, lstrcmpiW, GetCurrentProcessId, GetProcAddress, GetCommandLineW, lstrcatW, FindClose, FindFirstFileW, GetFileAttributesW, lstrcmpW, MulDiv, lstrcpynW, LocalSize, GetLastError, WriteFile, SetLastError, WideCharToMultiByte, LocalReAlloc, FormatMessageW, GetUserDefaultUILanguage, SetEndOfFile, DeleteFileW, GetACP, UnmapViewOfFile, MultiByteToWideChar, MapViewOfFile, UnhandledExceptionFilter > GDI32.dll: EndPage, AbortDoc, EndDoc, DeleteDC, StartPage, GetTextExtentPoint32W, CreateDCW, SetAbortProc, GetTextFaceW, TextOutW, StartDocW, EnumFontsW, GetStockObject, GetObjectW, GetDeviceCaps, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SetBkMode, LPtoDP, SetWindowExtEx, SetViewportExtEx, SetMapMode, SelectObject > USER32.dll: GetClientRect, SetCursor, ReleaseDC, GetDC, DialogBoxParamW, SetActiveWindow, GetKeyboardLayout, DefWindowProcW, DestroyWindow, MessageBeep, ShowWindow, GetForegroundWindow, IsIconic, GetWindowPlacement, CharUpperW, LoadStringW, LoadAcceleratorsW, GetSystemMenu, RegisterClassExW, LoadImageW, LoadCursorW, SetWindowPlacement, CreateWindowExW, GetDesktopWindow, GetFocus, LoadIconW, SetWindowTextW, PostQuitMessage, RegisterWindowMessageW, UpdateWindow, SetScrollPos, CharLowerW, PeekMessageW, EnableWindow, DrawTextExW, CreateDialogParamW, GetWindowTextW, GetSystemMetrics, MoveWindow, InvalidateRect, WinHelpW, GetDlgCtrlID, ChildWindowFromPoint, ScreenToClient, GetCursorPos, SendDlgItemMessageW, SendMessageW, CharNextW, CheckMenuItem, CloseClipboard, IsClipboardFormatAvailable, OpenClipboard, GetMenuState, EnableMenuItem, GetSubMenu, GetMenu, MessageBoxW, SetWindowLongW, GetWindowLongW, GetDlgItem, SetFocus, SetDlgItemTextW, wsprintfW, GetDlgItemTextW, EndDialog, GetParent, UnhookWinEvent, DispatchMessageW, TranslateMessage, TranslateAcceleratorW, IsDialogMessageW, PostMessageW, GetMessageW, SetWinEventHook |
bos..
BalasHapuscara remove nya gimana ? soalnya pake NOD32, gak kedeteck nih, udah kadung terjangkit, buka beberapa webadress gak bisa, sepertinya diblok ama si virus nih. ada saran ? atau mungkin ada removal nya ?
thanks
Coba Pake DR. WEB kalo bisa sih hdd nya di jadikan Slave atau Burn aja DR.web live cd
BalasHapusdilihat sekilas saja sudah aneh, icon pada virus itu adalah gambar notepad pada windows Vista/7. jadi bila ada file2 aneh di flashdisk langsung buang aja..hehe
BalasHapusmen cek saya mah cobaan hela we eksekusi sugan eta software kangge ngaleresken flash na....
BalasHapusameh te ngarusak mendingan d warnet wae cobianna...
wkwkwkwkw
ameh babarengan benangna jeng batur....
kan gaya men lobaan mahj
mangga d raosan...
*nb
abi te tanggung jawab bisi aya gangguan,,,