Devilzc0de Forum Follow @devilzc0de
  • Home
  • Hacking
  • Networking
  • Programming
  • O.S
  • Server
  • Tweets
  • Search
  • Member List
  • Calendar
Current time: 06-19-2013, 09:58 AM Hello There, Guest! (Login — Register)
Devilzc0de Forum › Information Technology › Hacking › Virus v
« Previous 1 2 3 4 5 ... 9 Next »

CAra Sederhana Analisa Virus

Home General Computer Multimedia Business Lounge

Pages (2): 1 2 Next »
Post Reply 
Tweet
Threaded Mode | Linear Mode
CAra Sederhana Analisa Virus
01-05-2012, 09:08 PM
Post: #1
j0ck3r Offline
./Devilz Officer
 		Posts: 246
Joined: Jul 2011
Reputation: 26
CAra Sederhana Analisa Virus
Tulisan INi pernah dimuat di CN-Zine,tapi tidak ada salahnya bila saya share disini,sapa tahu ada rekan-rekan yang belum sempet download CN-Zine..he
Virus entah local atau impor udah merajalela di dunia ini,kadang kala kita bingung dan dibuat pusiiing tujuh keliling oleh ulah para V-Maker,ada yang kehilangan data,ada yang OS nya hank,dan masih banyak lagi,dan para V-Maker di nun jauh disana pastilah hanya tersenyum dan berkata “kaciaan deh lo..wkwkw”,tapi untungnya setiap perbuatan pasti ada akibatnya,ada virus pasti ada antivirus yang bisa membasminya,tapi kadang orang awam kan hanya asal download AV trus pake tanpa tahu gimana sih para pencipta AV menemukan cara kerja virus dan cara membasminya. Temen-temen ada yang tahu??atau temen-temen bisa nih baca tulisan saya yang butut ini. Ok sebelum menganalisa virus kita siapkan dulu peralatannya…
1.Aplikasi ThinApp
2.Virus tentunya
3.Computer (direkomendasikan menggunakan virtual machine,biar data lebih aman gan,plus depfrezee kalau suka pake itu)
Install lalu Jalankan ThinApp di computer anda semua,trus setelah selesai klik “ThinApp Setup Capture”,lalu lakukan scanning,sangat lebih baik bila computer kita dalam kondisi fresh atau belum terinstall aplikasi apapun,kecuali ThinApp tadi..(makanya diawal tadi saya bilang pake virtual machine+depfreeze)
[Image: sshot3io.jpg]
[Image: sshot4w.jpg]
[Image: sshot5o.jpg]
Proses scan nya gak lama kok,paling banter thu 10 detik gak nyampe,lalu jalankan virus yang udah disiapkan tadi (thinApp nya jangan di close lho ya)contoh,disini saya habis download sampel virus di internet,dikasih namanya sih “aqiel” dan saya belum tahu cara kerja ni virus gimana…
[Image: sshot12h.jpg]
Setelah dijalankan,lalau kita kembali ke ThinApp tadi,lalu klik”postscan”,nha disini nih agak lama bisanya scanning nya,soalnya dia harus meng-compare kan hasil scan sebelum virus dijalankan dan sesudah virus dijalankan..
[Image: sshot13u.jpg]
[Image: sshot14c.jpg]
Yup,selesai sudah scanning nya,biasanya sih 3 menit kalau dikomputer saya lho,maklum kompie butut he he he,disini akan muncul nama program yang kita jalankan tadi,pada pilihan “show entry points used for debugging” gak usah di checklist karena kita gak pengen menjalankan file virus tadi berulang-ulang
[Image: sshot15y.jpg]
Pada bagian ini langsung kita next,next,lalu save,soalnya gak ada yang pelu ane jelasin disini,tentunya temen-temen semua dah paham isinya..he he he
[Image: sshot16z.jpg]
[Image: sshot17y.jpg]
[Image: sshot19o.jpg]
Setelah itu kita pilih “open project”,dimana kita akan mulai menganalisa virus tadi,lalu klik cancel dan kita buka project kita tadi...
[Image: sshot22n.jpg]
[Image: sshot20j.jpg]
program Thin App akan menciptakan 3 file txt yang mewakili registry yaitu HKEY_CURRENT_USER.txt,HKEY_LOCAL_MACHINE.txt dan HKEY_USERS.txt dengan bermodalkan file tersebut kita bisa cek satu-persatu perubahan yang ada di registry
Code:
contoh yang saya buka di HKEY_LOCAL_MACHINE.txt
isolation_writecopy HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center
  Value=AntiVirusDisableNotify
  REG_DWORD=#01#00#00#00
  Value=FirewallDisableNotify
  REG_DWORD=#01#00#00#00
  Value=UpdatesDisableNotify
  REG_DWORD=#01#00#00#00
  Value=AntiVirusOverride
  REG_DWORD=#01#00#00#00
  Value=FirewallOverride
  REG_DWORD=#01#00#00#00
  Value=UacDisableNotify
  REG_DWORD=#01#00#00#00

isolation_full HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Svc
  Value=AntiVirusOverride
  REG_DWORD=#01#00#00#00
  Value=AntiVirusDisableNotify
  REG_DWORD=#01#00#00#00
  Value=FirewallDisableNotify
  REG_DWORD=#01#00#00#00
  Value=FirewallOverride
  REG_DWORD=#01#00#00#00
  Value=UpdatesDisableNotify
  REG_DWORD=#01#00#00#00
  Value=UacDisableNotify
  REG_DWORD=#01#00#00#00

isolation_writecopy HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system
  Value=EnableLUA
  REG_DWORD=#00#00#00#00

isolation_writecopy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  Value=PendingFileRenameOperations
  REG_MULTI_SZ~\??\%Temp~0014\VMwareDnD\f6b124d7\#2300#2300#2300

isolation_writecopy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch
  Value=Epoch
  REG_DWORD=#18#00#00#00

isolation_writecopy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
  Value=EnableFirewall
  REG_DWORD=#00#00#00#00
  Value=DoNotAllowExceptions
  REG_DWORD=#00#00#00#00
  Value=DisableNotifications
  REG_DWORD=#01#00#00#00

isolation_writecopy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
  Value~%Personal%\agdx\aqiel.exe
  REG_SZ~%Personal%\agdx\aqiel.exe:*:Enabled:ipsec#2300
kita juga bisa cek satu-persatu folder di project yang kita buka tadi,misalkan kita menemukan file 'aqiel.exe' di folder %System Root% artinya virus tadi sebenarnya hendak menciptakan file 'aqiel.exe' di folder C:\Windows
Nah,dari tehnik diatas kita bisa tahu cara kerja virus tersebut,dan mampu mengatasinya secara manual,jadi gak perlu capek2 nunggu AV update terbaru,Tapi tehnik diatas kadang gak ampuh apabila sang virus mampu mendeteksi keberadaan mesin virtual,dan sang virus mendisable aplikasi ThinApp.Mungkin tehnik dari ane ini cukup basi buat master-master sekalian tapi ane Cuma seorang user yang mencoba berbagi ilmu yang ane miliki,bila ada yang salah dalam tutor ane diatas mohon koreksi dari para suhu sekalian.
Visit this user's website Find all posts by this user
Quote this message in a reply
 Reputed by :  bluecoder(+1) , ketek(+1) , tridi(+1) , beezone(+1) , tabun(+1)
01-05-2012, 09:17 PM (This post was last modified: 01-05-2012 09:18 PM by bluecoder.)
Post: #2
bluecoder Offline
./Devilz Officer
 		Posts: 224
Joined: Aug 2010
Reputation: 3
RE: CAra Sederhana Analisa Virus
nice share omz, bermanfaat bgt nih buat anemantap
cek kolor piss
Find all posts by this user
Quote this message in a reply
01-05-2012, 09:38 PM
Post: #3
CitooZz Offline
./pemburu kimblak
**
Moderators 		Posts: 1,311
Joined: Jun 2011
Reputation: 23
RE: CAra Sederhana Analisa Virus
ijin arsipin bwt bahan belajar om remi ketawa

#kompiny dah bnr lngsung bkin tut seneng
Find all posts by this user
Quote this message in a reply
01-05-2012, 09:44 PM
Post: #4
ketek Offline
bocah ingusan
*******
Administrators 		Posts: 2,309
Joined: Jan 2010
Reputation: 408
RE: CAra Sederhana Analisa Virus
wew mantapz... ane biasa pake thinclient buat bikin app portable mantap
nice om... hore
ntar tak praktekkin asik
Find all posts by this user
Quote this message in a reply
01-05-2012, 09:53 PM
Post: #5
tridi Offline
Pembaca Setia
 		Posts: 832
Joined: Jul 2010
Reputation: 33
RE: CAra Sederhana Analisa Virus
mantap masbro..
bookmark ya..
Visit this user's website Find all posts by this user
Quote this message in a reply
01-06-2012, 01:48 AM
Post: #6
The Messiah Kill Ball Offline
./Devilz 1st Cadet
 		Posts: 3
Joined: Jan 2012
Reputation: 0
RE: CAra Sederhana Analisa Virus
apa bedanya sama AV yg udah umum nih om ?

tanpa banyak cang cing cong lagideh , sikaaat , hehe mantap
Find all posts by this user
Quote this message in a reply
01-06-2012, 09:45 AM
Post: #7
anharku Offline
./Devilz Advisor
 		Posts: 518
Joined: Jul 2010
Reputation: 38
RE: CAra Sederhana Analisa Virus
nice post om j0ck3r :)
Find all posts by this user
Quote this message in a reply
01-06-2012, 10:38 AM
Post: #8
konspirasi Offline
./Devilz Officer
 		Posts: 65
Joined: Aug 2011
Reputation: 3
RE: CAra Sederhana Analisa Virus
wah ternyata bisa disassemble malware via vmware thinapp, thx a lot bro buat infonya :)
Visit this user's website Find all posts by this user
Quote this message in a reply
01-06-2012, 12:57 PM
Post: #9
bot Offline
./Devilz Officer
 		Posts: 164
Joined: Jan 2012
Reputation: 7
RE: CAra Sederhana Analisa Virus
mantap om izin belajar doloe asik
Find all posts by this user
Quote this message in a reply
01-06-2012, 03:53 PM
Post: #10
j0ck3r Offline
./Devilz Officer
 		Posts: 246
Joined: Jul 2011
Reputation: 26
RE: CAra Sederhana Analisa Virus
heeee....lha dah lama banget gak berkunjung di DC,karena target akhir tahun jadi gak bisa sering OL,kangen juga ma temen-temen DC..mumpung PC dah normal,nulis2 aja...seneng
Visit this user's website Find all posts by this user
Quote this message in a reply
« Next Oldest | Next Newest »
Pages (2): 1 2 Next »
Post Reply 


Topic Tools
Topic Link :
BBCode :
HTML Code :
View a Printable Version Send Thread to a Friend Subscribe to this thread
Submit Google Submit Face book Submit to Digg Submit to Reddit Submit to Furl Submit to Del.icio.us Submit to Jeqq

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  [Tutor] Virus Semut Menangis + Explaination Qrembiezs 24 604 06-14-2013 05:19 PM
Last Post: abuabu_hat10
  Mengenal Virus AUTOIT Xninenine 10 132 06-14-2013 01:02 PM
Last Post: bocah_hujan
  [Ask] Gimana ya cara ngehilangin virus ini? DevilzArmy 16 651 06-12-2013 11:01 AM
Last Post: vata
  [Tutor] Membuat virus maho RUD1 38 506 06-11-2013 07:34 PM
Last Post: atmaja19
  virus semut menangis+explaination fata 9 147 05-27-2013 12:50 PM
Last Post: Qrembiezs
  [Ask] cara mengatasi crasreportsender.exe dann app.exe bat0sai 5 72 05-16-2013 03:05 PM
Last Post: zoga
  cara memebuat firus hanphone fata 20 244 05-16-2013 01:43 PM
Last Post: zoga
  teraBIT virus Maker 3.2 rar fata 13 168 05-16-2013 01:42 PM
Last Post: zoga
Information Profil Virus W32/Sality.gen Qrembiezs 40 1,581 04-11-2013 04:12 PM
Last Post: civo
  profil virus w32/saity,gen fata 5 143 04-11-2013 04:06 PM
Last Post: civo

Users Browsing
1 Guest(s)

  • Contact Us
  • devilzc0de
  • Return to Top
  • Mobile Version
  • RSS Syndication
  • Help
Current time: 06-19-2013, 09:58 AM Powered By MyBB, © 2002-2013 MyBB Group. Theme created by Justin S. | Mixed By Chaer.Newbie | Fixed By Aditya

USING THIS SITE INDICATES THAT YOU HAVE READ AND ACCEPT OUR TERMS. IF YOU DO NOT ACCEPT THESE TERMS, YOU ARE NOT AUTHORIZED TO USE THIS SITE