MorphostLab

Tempat nongkrongnya Morphic dan kawan-kawan

Analisa Virus 4k51k4 by Shafry

Posted by Morphic pada Maret 19, 2010


=====================Analisa Virus 4k51k4 =================
Icon : Folder
CRC32 : C36CBD0D
MD5 : C9794EBBD6B41E72E6DBD7991BA4C1A3
Tipe Malware : Virus Executable
Ukuran Malware : 106,496 bytes
Filename : New Folder.exe
File Version : 2.06.1986
Sumber Virus : http://morphostlab.co.nr/

===================Mengkopikan diri  ke===================

C:\..\user\current\Local Setting\Application\Windows\CSRCC.EXE
C:\..\user\current\Local Setting\Application\Windows\LSASS.EXE
C:\..\user\current\Local Setting\Application\Windows\SERVICES.EXE
C:\..\user\current\Local Setting\Application\Windows\SMSS.EXE
C:\..\user\current\Local Setting\Application\Windows\WINLOGON.EXE
C:\..\user\current\Local Setting\Application\CSRCC.EXE
C:\..\user\current\Local Setting\Application\LSASS.EXE
C:\..\user\current\Local Setting\Application\SERVICES.EXE
C:\..\user\current\Local Setting\Application\SMSS.EXE
C:\..\user\current\Local Setting\Application\WINLOGON.EXE
[FD]:\Newfolder\New Folder.exe
[FD]:\Data Anti Destroy.exe
[SemuaDrive]:\Newfolder\New Folder.exe
[SemuaDrive]:\Data Anti Destroy.exe
C:\4k51k4.exe
C:\New Folder.exe
C:\WINDOWS\4k51k4.exe
C:\WINDOWS\system32\IExplorer.exe
C:\WINDOWS\system32\shell.exe
C:\WINDOWS\system32\MrHelloween.scr
============================================================
=============Membawa File msvbvm60.dll pada folder==========
============================================================
C:\WINDOWS\system32\
C:\WINDOWS\

=======================Membuat  Shortcut================

C:\..\Startup\Empty.lnk
============================================================
==============Membuat File Desktop.ini Pada=================
============================================================
[semuaDrive]:\Desktop.ini
[FD]:\Desktop.ini
yang berisi
[.ShellClassInfo]
ConfirmFileOp=0
[{5984FFE0-28D4-11CF-AE66-08002B2E1262}]
PersistMoniker=file://4K51K4\Folder.htt
[ExtShellFolderViews]
{5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-AE66-08002B2E1262}
============================================================
=================Membuat Folder.htt pada====================
============================================================
[semuaDrive]:\Newfolder\Folder.htt
[FD]:\Newfolder\Folder.htt
============================================================
======Membuat Text Pada drive C:\puisi.txt yang berisi======
============================================================
Yang terlupakan

Apakah menurut kalian, kami ini sampah?
Apakah menurut kalian, kami ini bodoh?
Teruslah caci maki kami sepuas kalian!!!
Pandanglah kami dengan sebelah mata

Seperti pandangan mata Dajal
penuh kebencian…

Saat kalian kehilangan kami
barulah mengerti, batapa berartinya kami

Tak ada lagi yang ku kejar saat ini
Nanti, ya nanti aku akan mulai mengejar
Lepaskan sebagian letihku saat ini
Jeritan hati anak Indramayu
============================================================
======================Efek Samping==========================
============================================================
Membunuh Aplikasi yang di buka
Menghide Aplikasi Yang di buka
mendisable taskmanager
mendisable regedit
mendisable CMD
Explorer Tidak bisa di buka
Menimpa IExplore Dengan Virus Induk

Mungkin analisa di atas gak 100% benar. maaf jika ada kekurangan.

Thanks To :
-Morphic [Terima kasih atas E-booknya]
-Satrya [Kemana aja kok jrang nongol]

About Mine
-Web : http://antiviri.co.cc/
-E-mail : Shafry2008@gmail.com
-Facebook : shafry2008@yahoo.com

40 Tanggapan to “Analisa Virus 4k51k4 by Shafry”

  1. setan said

    asu bangsat

  2. Very soon this web site will be famous amid all blog people,
    due to it’s nice posts

  3. BangTom said

    Phic, aku udah promosiin morphost ke teman-teman kampusku.
    Sekarang jumlah pengguna morphost meningkat sangat drastis!

  4. shafry said

    @yudha
    webq suepi buanget.

  5. shafry said

    wah d sni rame ya. webq cmn ad debux.

  6. shafry said

    hahahaha. biarin aj bro biar beda ndiri. walau virus lama kan kemungknan krang dr 50 persen ad yg analisa.

  7. HajarBro! said

    Eh sapi… Lu ngapain analisis virus jaman purba.. Pantes aja lu dan morphost ngk berkembang.. Bwha hahahaha

  8. shafry said

    makase

  9. BangTom said

    Mantap shaf!

  10. muamarkudo said

    good article…

    teruslah semangat shaf !!

  11. shafry said

    mksh bg strya

  12. Satryacode said

    Ralat.
    http://app.facebook.com@satryablog.us.to

    Ehm..
    ak cma ngingetin buat temen yg blm tau,
    Bahwa trik bug url / apalah namanya,
    Bahwa, trik sprti ini lah yg srg d gunakan utk ngelink ke fake login facebook kamu..
    Keterangan lengkapny.
    http://anharku.wordpress.com

    Sekian sekilas info
    ..

  13. Satryacode said

    Oia,
    Ak sring OL ke sini
    http://satryablog.us.to
    http://m.satryablog.us.to
    Atau
    http://app.facebook.com@http://satryablog.us.to (hwehwehwehwhehwhehwhe)

    Oke…
    See you ….

  14. Satryacode said

    Hoho..
    Ak cma bs ngeliat2 aja nih..

    Blm bsa bongkar2 virus lgi.

    Ak lg ujian,
    Dan ngurusin forum kampus kami..

    Hehe…

    Salut deh buat km fry ..
    Berjaya trus..
    Mgkin kmu msi tll muda mkny d sepelein org lain, gk d anggap, tp kw pnya kemauan yg tinggi , yg buat kw jd trs bangkit …
    Ayo, semangat trs…
    Klw blm ada yg baca blogmu atau tulisanmu jgn nyerah🙂 , tulis trs …
    Oke….

    (kyk ngospek junior ak bah…)
    Wkwkwk

  15. shafry said

    makasih bg.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

 
%d blogger menyukai ini: