Plasa Omega Dot Com

Setelah sempat kerepotan menghadapi serangan Conficker, kini muncul virus baru lagi yaitu virus Huhuhaha. Ciri dari virus ini antara lain terdapat file autorun.inf dan huhuhaha.vbs di semua root drive serta XpWin.vbs pada c:\windows\system32. Namun file ini semua hidden. Ciri yang lain adalah, ketika ketika masuk ke menu Run, maka muncul text “huhuhaha”. System restore menadi nonaktif, dan header pada IE akan muncul tulisan “huhuhaha”. Fungsi UAC (User Account Control) pada windows Vista tidak berfungsi. UAC ini adalah pengaman yang terdapat pada windows Vista, yaitu munculnya popup dengan pilihan yes/no, ketika kita menjalankan suatu program. Penyebaran virus lokal ini utamanya bagi yang memanfaatkan USB baik flash maupun drive. Ciri lainnya, nama registrasi komputer juga dirubah menjadi “huhuhaha”. Fungsi safe mode juga dinonaktifkan, sehingga bila kita masuk ke safe mode, maka akan muncul blue screen. Dan yang terakhir adalah mematikan fungsi Security Center Windows. Fitur ini digunakan untuk memastikan kondisi komputer dari 3 aspek keamanan yaitu Automatic Updates, Firewall dan Software Antivirus.

Metode Penyebaran

Sama seperti virus lokal lainnya, virus huhuhaha masih menggunakan media USB (flash/drive) sebagai penyebarannya. Virus akan membuat file “autorun.inf” dan “huhuhaha.vbs” pada setiap usb (flash/drive) yang ditancapkan/dicolokkan pada komputer yang terinfeksi. Kedua file tersebut akan aktif secara otomatis dengan hanya mengkases usb (drive/flash) tersebut.

Cara mengatasi

Putuskan komputer dari jaringan atau internet. Matikan proses virus yang aktif pada memori. Gunakan Windows Task Manager untuk mematikan proses virus, yaitu dengan nama “wscript.exe”. (wscript.exe merupakan file windows yang digunakan untuk menjalankan file vbscript).

Hapus file virus berikut :

autorun.inf (pada semua root drive)

huhuhaha.vbs (pada semua root drive)

C:\WINDOWS\system32\XpWin.vbs

Catatan

Sebaiknya tampilkan file yang tersembunyi agar mempermudah dalam proses pencarian file virus. (virus memiliki atribut file Hidden, Archive, System, dan Read-Only)

Untuk mempermudah proses pencarian sebaiknya gunakan fasilitas “Search” Windows dengan filter file autorun.inf dan *.vbs yang mempunyai ukuran 6 KB.

Hapus string registry yang dibuat oleh virus. Untuk mempermudah dapat menggunakan script registry dibawah ini :

[Version]

Signature=”$Chicago$”

Provider=Vaksincom Oyee

[UnhookRegKey]

HKLM, SOFTWARE\Microsoft\Security Center, AntiVirusDisableNotify, 0×00000000,0

HKLM, SOFTWARE\Microsoft\Security Center, FirewallDisableNotify, 0×00000000,0

HKLM, SOFTWARE\Microsoft\Security Center, UpdatesDisableNotify, 0×00000000,0

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization, 0, “Organization”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner, 0, “Owner”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore, DisableSR, 0×00000000,0

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell, 0, “cmd.exe”

HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell, 0, “cmd.exe”

HKLM, SYSTEM\ControlSet003\Control\SafeBoot, AlternateShell, 0, “cmd.exe”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell, 0, “cmd.exe”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}, (default), “Universal Serial Bus controller”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}, (default), “CD-ROM Drive”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}, (default), “DiskDrive”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}, (default), “Standar floppy disk controller”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}, (default), “Hdc”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}, (default), “Keyboard”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}, (default), “Mouse”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}, (default), “PCMCIA Adapters”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}, (default), “SCSIAdapters”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}, (default), “System”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}, (default), “Floppy disk drive”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}, (default), “Volume”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}, (default), “Human Interfaces Devices”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys, (default), “FSFilter System Recovery”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}, (default), “Universal Serial Bus controller”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}, (default), “CD-ROM Drive”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}, (default), “DiskDrive”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}, (default), “Standar floppy disk controller”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}, (default), “Hdc”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}, (default), “Keyboard”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}, (default), “Mouse”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}, (default), “Net”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}, (default), “NetClient”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}, (default), “NetService”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}, (default), “NetTrans”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}, (default), “PCMCIA Adapters”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}, (default), “SCSIAdapters”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}, (default), “System”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}, (default), “Floppy disk drive”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}, (default), “Volume”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}, (default), “Human Interfaces Devices”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys, (default), “FSFilter System Recovery”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI, (default), “Driver Group”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys, (default), “Driver”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt, (default), “Service”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC, (default), “Service”

[del]

HKCU, Software\Microsoft\Windows\CurrentVersion\RunMRU, a

HKCU, Software\Microsoft\Internet Explorer\Main, Window Title

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Ageia

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Systemdir

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system, EnableLUA

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon

Gunakan notepad, kemudian simpan dengan nama “repair.inf” (gunakan pilihan Save As Type menjadi All Files agar tidak terjadi kesalahan).

Jalankan repair.inf dengan klik kanan, kemudian pilih install.

Untuk pembersihan virus huhuhaha secara optimal dan mencegah infeksi ulang, sebaiknya menggunakan antivirus yang terupdate dan mengenali virus ini dengan baik.

Jangan lupa untuk selalu update antivirus anda secara berkala.

Semoga bermanfaat.

Sumber
Vaksin.com

Baca Juga

• Menghapus Virus Shortcut (6)
• Virus Conficker Bikin Pusing (15)