
Thursday, December 11, 2008

PC Problem: Virus trojan attack

Tension betullah aku, pc kat rumah dah kena attack virus trojan...
Antivirus pulak tak update... habis execution file kena kacau. PC jadi slow giler, banyak program takleh run, banyak kacau backdor ngan execute apa2 file tanpa permission... hai geramnya...
Sikit info pasal benda-benda ni:

Adware - A program that generates popups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware.

Backdoor - A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.

Dialler - A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.

Hijackers - A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker's own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.

Spyware - A program that monitors your activity or information on your computer and sends that information to a remote computer without your knowledge.

Trojan - A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity or to provide a backdoor to your system.

Virus - A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself. These types of infections tend to be localized to your computer and not have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses trojans, worms, and viruses.

Worm - A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or by using the Internet to infect a remote computer using known security holes.

Camana nak buang virus ni?

Aku dapat info dari internet, kalau kita dapati benda tu malware dan nak buangnya kena ikut langkah2 ni:
  1. Download dan extract Autoruns program dari Sysinternals ke C:\Autoruns
  2. Reboot ke Safe Mode supaya malware tak start bila buat step ni. Kebanyakan malware kawal 'keys' yang membolehkan dia start dan kalau dia notice key2 tu dibuang, dia boleh replace startup key tu secara automatik. Sebab tu kena boot dari safe mode untuk bolehkan kita get past kawalan tu dalam kebanyakan kes.
  3. Navigate ke C:\Autoruns folder yang dibuat dalam Step 1 dan double-click dekat autoruns.exe.
  4. Bila program starts, klick pada Options menu dan enablekan options di bawah dengan klik padanya. Checkmark akan keluar kat sebelah option2 ni.
    - Include empty locations
    -Verify Code Signatures

    -Hide Signed Microsoft Entries

  5. Kemudian tekan F5 key pada keyboard untuk refresh startups list guna setting baru nih.
  6. Program tu akan tunjukkan info tentang your startup entries dalam 8 tab berbeza. Kebanyakan part, filename yang kita cari ada di bawah Logon atau Services tab, atapi kita kena cek juga tab lain untuk make sure ia tak loading kat tempat lain jugak. Klik pada setiap tab dan cek list filename yang kita nak buang. Filename boleh dilihat di bawah kolum Image Path . (There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries). Penting untuk note kebanyakan malware programs menyamarkan diri mereka menggunakan nama fail yang sama seperti fail2 Microsoft yang sah. Maka penting untuk kita kenalpasti yang mana fail dan folder mereka berada, untuk kita buang. (You can check our Startup Database for that information or ask for help in our computer help forums. )

  7. Bila dah kenalpasti fail2 yang nak dibuang, cuma right click pada entry dan select delete. Jadi startup entry ni akan dibuang dari Registry, lepas reboot nanti dia tak boleh run lagi.

  8. Lepas selesai buang malware entries dari Registry dan padam files, reboot semula ke normal mode sebab pc sekarang dah bersih dari infection.

  9. Cuba test jadi tak....????

