Pengecekan komputer/sistem operasi
Permasalahan yg terjadi :
1. komputer sering hang (error)
2. system (c:) full size
3. system lambat (ini berpengaruh jg pada memory yg di pakai) standart 512Mb-1Gb.
4. banyak virus karena tidak adanya anti virus yg mendukung di system
5. beberapa account user login windows perlu di create ulang.
Penanganan masalah :
1. cek account user login windows, periksa terutama user administrator
2. masuk safe mode windows (tekan F8 pada start up)
*login dengan Administrator
3. scan dengan anti virus portable (smartav, smadav, tool removal)
4. restart (masih posisi safe mode)
5. scan dengan software combofix kemudian save reportnya
6. kill dengan software hijackthis
7. restart (masih posisi safe mode)
8. jalankan file yg sudah di buat repairwinsta.inf dan Winsta.bat
*file ini di gunakan untuk menghapus virus full size (virus winsta.exe)
9. install smadav dan nod client v.4
10. scan keseluruhan drive c: dan d:
11. repair windows xp
12. finish
report combofix :
=================================================================================================
ComboFix 09-08-21.02 - Administrator 03/07/2011 16:20.1.1 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.319.200 [GMT 7:00]
Running from: F:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))
.
2011-03-07
08:48 . 2011-03-07 08:48 -------- d-----w- c:\documents and
settings\Lucky.TELE09.000\Application Data\JAM Software
2011-03-07 08:45 . 2011-03-07 08:45 -------- d-sh--r- c:\windows\system32\winsta.exe
2011-03-07 08:45 . 2011-03-07 08:45 -------- d-sh--r- c:\windows\system32\drivers\mrxnet.sys
2011-03-07 08:45 . 2011-03-07 08:45 -------- d-----w- c:\windows\system32\drivers\mrxcls.sys
2011-03-07 08:23 . 2011-03-07 08:23 -------- d-sh--r- C:\windowssystem32driversmrxnet.sys
2011-03-07 08:23 . 2011-03-07 08:23 -------- d-----w- C:\windowssystem32driversmrxcls.sys
2011-03-07 08:23 . 2011-03-07 08:23 -------- d-sh--r- C:\windowssystem32winsta.exe
2011-03-07 07:46 . 2011-03-07 07:46 -------- d--h--w- c:\windows\$hf_mig$
2011-03-07
03:59 . 2011-03-07 03:59 -------- d-----w- c:\documents and
settings\Lucky.TELE09.000\Local Settings\Application Data\Mozilla
2011-03-04 10:09 . 2011-03-04 10:09 -------- d-----w- c:\program files\ARTAV Team
2011-03-02 05:24 . 2011-03-02 05:24 -------- d-----w- c:\documents and settings\Lucky.TELE09
2011-03-01 02:24 . 2011-03-01 02:54 61357 ----a-w- c:\windows\Explorermgr.exe
2011-03-01 02:16 . 2011-03-01 02:16 0 ----a-w- c:\windows\system32\ftp.sys
2011-03-01 01:53 . 2011-03-01 01:53 -------- d-----w- c:\windows\Application Data
2011-03-01 01:53 . 2011-03-01 01:53 -------- d-----w- c:\documents and settings\TEMP
2011-02-18 03:48 . 2011-03-07 09:19 16 ----a-w- c:\windows\system32\dmlconf.dat
2011-02-18 03:48 . 2011-02-18 03:48 -------- d-----w- c:\program files\Microsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-17 05:43 . 2010-04-15 06:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
=================================================================================================
report nod client :
=================================================================================================
1
9:08:15 PM Real-time file system protection file C:\Program
Files\Mozilla Firefox\res\hiddenWindow.html Win32/Ramnit.A virus
cleaned - quarantined TELE09 ele Event occurred during an attempt
to access the file by the application: C:\Program Files\Mozilla
Firefox\firefox.exe.
3/7/2011 9:07:24 PM Real-time file system
protection file C:\Program Files\Mozilla
Firefox\defaults\profile\bookmarks.html Win32/Ramnit.A virus
cleaned - quarantined TELE09 ele Event occurred during an attempt
to access the file by the application: C:\Program Files\Mozilla
Firefox\firefox.exe.
3/7/2011 8:51:12 PM Real-time file system
protection file C:\PROGRAM FILES\SMADAV\SMADENGINE.DLL
Win32/Ramnit.H virus cleaned - quarantined TELE09 ele Event
occurred during an attempt to access the file by the application:
C:\Program Files\Smadav\SMdRTP.EXE.
3/7/2011 8:43:54 PM Real-time
file system protection file C:\Program
Files\Smadav\SmadEngine.dll Win32/Ramnit.H virus error while
cleaning TELE09 ele Event occurred during an attempt to access the
file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:42:08 PM Real-time file system protection file C:\Documents
and Settings\Lucky.TELE09.000\Application
Data\Mozilla\Firefox\Profiles\5po0oh33.default\bookmarks.html
Win32/Ramnit.A virus cleaned - quarantined TELE09 ele Event
occurred on a file modified by the application:
C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:41:59 PM Real-time
file system protection file C:\Documents and Settings
ele\Application
Data\Mozilla\Firefox\Profiles\6074pb7c.default\bookmarks.html
Win32/Ramnit.A virus cleaned - quarantined TELE09 ele Event
occurred on a file modified by the application:
C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:39:29 PM Real-time
file system protection file D:\Smadav 2010 Rev.
8.2\SmadExtc.dll Win32/Ramnit.H virus cleaned - quarantined
TELE09 ele Event occurred during an attempt to access the file by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:39:28 PM
Real-time file system protection file D:\Smadav 2010 Rev.
8.2\SmadEngine.dll Win32/Ramnit.H virus cleaned - quarantined
TELE09 ele Event occurred during an attempt to access the file by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:38:16 PM
Real-time file system protection file D:\GameTop.com\Jigsaw
Puzzle Mania\Jigsaw Puzzle Mania.exe Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:36:00 PM Real-time file system protection file D:\Pizza
Frenzy\UNWISE.EXE Win32/Ramnit.H virus cleaned - quarantined
TELE09 ele Event occurred during an attempt to access the file by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:35:55 PM
Real-time file system protection file D:\Pizza
Frenzy\PizzaFrenzy.dll Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:35:51 PM Real-time file system protection file
D:\FeedingFrenzy\UNWISE.EXE Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:35:51 PM Real-time file system protection file
D:\FeedingFrenzy\ffresources.dll Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/201
1
8:26:45 PM Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:45 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:44 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:43 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:42 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:41 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:40 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:40 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:39 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:38 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:37 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:35 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:34 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:33 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:33 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:32 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:31 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:30 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:29 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:28 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:28 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:27 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:26 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:25 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:24 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:22 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:22 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:21 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:20 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:19 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:18 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:17 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:15 PM
Real-time file system protection file C:\Program
Files\WinRAR\Formats\7za.dll Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:26:15 PM Real-time file system protection file C:\Program
Files\WinRAR\WinRAR.exe Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:26:13 PM Real-time file system protection file C:\Program
Files\WinRAR\UnRAR.exe Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:26:12 PM Real-time file system protection file C:\Program
Files\WinRAR\Uninstall.exe Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:26:10 PM Real-time file system protection file C:\Program
Files\WinRAR\Rar.exe Win32/Ramnit.H virus cleaned - quarantined
TELE09 ele Event occurred during an attempt to access the file by
the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:10
PM Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred on a file modified by the
application: C:\WINDOWS\System32\svchost.exe.
3/7/2011 8:26:09 PM
Real-time file system protection file C:\Program
Files\WinRAR\Order.htm Win32/Ramnit.A virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:26:07 PM Real-time file system protection file C:\Program
Files\Smadav\SmadEngine.dll Win32/Ramnit.H virus error while
cleaning TELE09 ele Event occurred during an attempt to access the
file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:26:07 PM Real-time file system protection file C:\Program
Files\Smadav\SmadExtc.dll Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:25:45 PM Real-time file system protection file C:\Program
Files\Mozilla Firefox\softokn3.dll Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:25:43 PM Real-time file system protection file C:\Program
Files\Mozilla Firefox\nssdbm3.dll Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/2011
8:25:39 PM Real-time file system protection file C:\Program
Files\Mozilla Firefox\freebl3.dll Win32/Ramnit.H virus cleaned -
quarantined TELE09 ele Event occurred during an attempt to access
the file by the application: C:\WINDOWS\System32\svchost.exe.
3/7/201
====================================================================================================
***terlihat di report bahwa memang byk sekali virus yg ada di komputer tsb***
trimss
salam dasyat
IRUL
Tidak ada komentar:
Posting Komentar