Friday, April 23, 2010

Remove Conficker / Conime.exe with Smadav 2010

Virus ini bernama Conime. exe
Virus ini mempunyai Induk di %windir%/system32 dengan nama W(****).exe setelah huruf W diikuti dengan nama acak  dan untuk tanda-tanda komputer yang kena virus ini biasanya adalah lambatnya akses ke internet maupun intranet bahkan untuk akses ke localhost sendiri. Ketika kita mencoba mengakses server local di 192.168.1.1 IP admin 192.168.1.2 ternyata memerlukan waktu response lebih dari 5 detik (perkiraan) kemudian komputer juga mengirimkan SYnc_sent Ke IP terdekat misal 192.168.1.2 adalah IP komputer yang terinfeksi maka komputer akan menjadi zombi dan mengirim sinyal ke IP terdekat dari range 1-255 (ini dia yang bikin internet gw colaps) kemudian juga mengirim data ke webbox308.server-home.net entah apa yang dikirim oleh virus ini semoga saja bukan sesuatu yang penting...




Tutorial basmi Virus Conficker

Download dulu smadav terbaru (buat detect registry) kemudian yang paling penting GMER rootkit inspector “c4xhpezv” download di link sebelah. setelah itu exekusi programnya




Proses Virusnya kelihatan trus klik expand di sebelah malware/rootkit tab maka akan terlihat banyak menu liat di proses… trus kill proses yang mencurigakan… biasanya diwarnai merah jangan smadavnya loh… setelah proses di kill kemudian jalankan scan smadav untuk membersihkan registrinya… klik scan.





kemudian FIX all dan jangan lupa cari file tadi di system32 trus di hapus manual…
Selamat bereksperimen dengan conime.exe


Smadav 2010 Rev. 8.1 download

Tuesday, April 13, 2010

What is and how to remove conime.exe ( conficker )

The characteristics that have been infected computers of malware include:
- Function show hide hidden files in Folder Options does not work.
- Internet connection will seem slow
- If using an additional firewall other than Windows property, will often appear a message telling like this CtDrvMgq going to do an internet connection to a specific IP. If the message first appears when Windows, finished booting and you select the option “Deny” then the browser automatically will not be used for browsing for as if the internet connection stops.
- Additional firewall will also let you know that the hosts file is modified illegally.
- Tool as Cprocess, HijackThis, Microsoft Malicious software removal tool and the like can not be executed because the process will always be in the “kill” the middle of the road by one of the processes running in computer.
For your computer infected by this virus, this some tips and ways to eliminate infection.
- Find the file msvbvm60.dll, located in the Windows folder, although I certainly was not so notice.
- Rename the file to be msvbvm60ss.dll example, do not be too much to change the name originally due to be returned later as before.
- Restart your computer, will appear some error messages for some specific programs will fail running as it requires this dll files including viruses.
- Run regedit from the Run menu
- Find the key and value by using the menu CtDrvMgq Find.
- Delete any values that contain the words CtDrvMgq.exe
- Continue the search by pressing F3 key. if found, delete again. Repeat until out a message “Finish searching ….”
- Look for key or value with the keyword conime
- Delete if the value or key is conime.exe and search again as before, but you must be careful because the windows also have its own conime.exe files.
- Look for key or value with CtDrvMgv.exe keywords
- Delete if the value or keynya is CtDrvMgv.exe and search again like the previous step.
- Next, search for files CtDrvMgq.exe, conime.exe and CtDrvMgv.exe on drive C and then delete the three files it.
- Restore files that have direname etc. prior to the original name of msvbvm60.dll
- Restart your computer, scan the registry and repair registry changes are found.
- Download and run the Microsoft Malicious Software removal tool to search for other malware.
Detail for conime.exe (Bfghost process).
- The conime.exe process is a backdoor/trojan. It will allow people direct access to your computer with which they can gain access to your personal information and files.
- conime.exe is considered to be a security risk, not only because spyware removal programs flag Bfghost process as spyware, but also because a number of users have complained about its performance.
- Bfghost process is likely spyware and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of conime.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information.
- conime.exe is considered to be a security risk, not only because antivirus programs flag Bfghost process as a trojan, but also because other sites consider it a Trojan as well.
- Bfghost process is likely a Trojan and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of conime.exe may cause serious harm to your system and will likely cause a number of problems, loss of data, loss of control or leaking private information.

Wednesday, April 7, 2010

Advertisers, You can now buy links on my website directly!

I have recently joined Ask2Link.com (http://www.ask2link.com/refer/ndrymix) to enable advertisers to buy text links advertisement on my website. Ask2Link's text links are unique since they could bring targetted traffic and boost your organic search engine rankings. Ask2Link.com provides secure, easy, and fast checkout flow so you could get your text link ads live within five minutes.

Bloggers or Webmasters: If you would like to monetize your blog or website beyond Adsense, you could visit Ask2Link (http://www.ask2link.com/refer/ndrymix) to learn more.

Buy text link ads now on this website with Ask2Link. Start advertising now in this website as part of your online marketing campaign. You could now purchase text link ads  on this website by following here:


 http://www.ask2link.com/buy_ad/0cb720295f109d0b3d131270654145


Note to advertisers, SEO agencies/SEO specialists, internet marketers, or e-commerce websites: You could visit Ask2Link -http://www.ask2link.com/refer/ndrymix -
to buy static text links on hundreds of websites easily as part of your inbound link building and SEO campaign.
They accept credit cards and PayPal payments and your text links will be live within five minutes after your order.
Ask2Link's text links are unique because they are rendered as plain static HTML links that could bring you more
traffic and boost your organic search engine ranking for your keywords.

-------

Thanks

Friday, April 2, 2010

Mc Shop | Online Shop - Jakarta Online Shop

http://mcshopjakarta.isgreat.org/

Mc Shop menjual perlengkapan bayi dan barang lainnya seperti :



animal legging, leg warmer, baby jumper, baby jumper set, socks, bon bebe jumper set, petite mimi socks, baby box bumper, baby stuff, baby newborn clothes, baju bayi, tas bayi kecil, tas bayi besar, baju tidur dewasa, baju tidur anak, seprei aneka motif, diaper bag organizer, allerhand bags, organizer bags dan lain-lain.

Mc Shop juga bekerja sama dengan Agen Manulife Indonesia dalam menyediakan Asuransi Perlindungan Anak dan Pendidikan. Mengingat pentingnya Asuransi Pendidikan dan Perlindungan Anak. Sebagai orangtua, Anda pasti ingin memberikan yang terbaik bagi anak anda, termasuk dalam hal pendidikan. Bukankah pendidikan adalah warisan yang paling berharga bagi si buah hati demi bekal meniti masa depan ? So, Contact Us for any information about Asuransi Pendidikan dan Perlindungan Anak.
 
Mc Shop Facebook ( just click to open Mc Shop Facebook ) Untuk melihat semua produk yang dijual. Thanks Guys...