HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer
§ NoFolderOptions = 1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe
§ Debugger = “”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansavgd.exe
§ Debugger = “”
- [...]
Filed under: Malcodes, Viri | Leave a Comment »
Buat File inf
[Version]
Signature=”$Chicago$”
Provider=Vaksincom Oye
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM< SOFTWARE\Classes\lnkfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,UncheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN, CheckedValue,0×00010001,2
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN, DefaultValue,0×00010001,2
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue,0×00010001,1
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistriTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistriTools
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File [...]
Filed under: Malcodes, Tutorial, Viri | Leave a Comment »
Seperti cara yang anda baca di artikel “Mencegah Virus Autoinfect via Flash Disk” kita mendisable Autorun/Autoplay melalui Group Policy [GPEDIT.MCS] :
Klik menu [START],
Klik [Run]
Ketik GPEDIT.MSC pada kolom “RUN”
Pilih Administrative Templates pada [...]
Filed under: Malcodes, Viri | Leave a Comment »
Tempat-tempat yang biasa digunakan buat nyimpen file induk virus
C:\Windows\system32\hanny.exe
C:\windows\system23\aniee.exe
C:\autoexec.bat
S:\tunggul.vbs
C:\aniee.txt
C:\windows\iexplorer.exe (Gultung.A)
C:\Documents and Settings\%user login%
[System Process]BabII.doc .exe
[System Process]Fileku.doc .exe
[System Process]Jangan di buka .doc.exe
[System Process]Tolong.doc [...]
Filed under: Malcodes, Viri | Leave a Comment »
