FakeFD.Winsvc.DB, virus yang menyusup ke .RAR

Posted in virus on Aug 15, 2018

FakeFD.Winsvc.DB

Deskripsi Virus:

Nama file: setup-Install.exe

Ukuran: 87.5 KB (89,600 bytes)

SHA256: 9EA5CA537EFB9BB5A8AA9C1934126E8CE3104767665E6C050A296FD3D65EF596

Dibuat/dipack: Borland Delphi


 

Per-Juli – Agustus 2018, virus yang memiliki ID: DBB50432 ini menjadi nominasi virus yang poluper atau banyak menyebar, di Indonesia khususnya, namun tidak menutup kemungkinan di Internasional juga banyak yang jadi korbannya.

Saat pertama kali aktif, virus ini menggandakan dirinya untuk dijadikan indukan (virus) yang bersarang di komputer pada alamat folder: C:\Windows\winsvc32.exe

 

Setelah aktif, virus akan memindai semua isi folder dan mencari file dengan ekstensi “*.rar” untuk dijadikan wadah penitipan atau penyebaran virus, dengan nama file “setup-Install.exe” pada setiap file .rar.

FakeFD.Winsvc.DB menyisipkan diri di .RAR

FakeFD.Winsvc.DB menyisipkan diri di .RAR

Selain itu, virus juga mencoba berkomuniskasi pada servernya dengan alamat: nexter.x0rg.com

Sayangnya server tersebut saat ini sudah dibisa diakses, atau hanya aktif pada waktu-waktu tertentu, sehingga tidak tau apa isi pesan yang mereka bicarakan.

 

Daftar File yang dicari

Entah apa yang dipindai / dicari sehingga virus ini mengincar daftar file-file berikut:

Adobe Acrobat 7.0 Professional.exe
Adobe Acrobat 8 Professional.exe
Adobe Acrobat 8 Professional Crack.exe
Adobe All Products Keygen.exe
Adobe All Products v1.0 Keymaker.exe
Adobe Cracks and Keygen Collection 2009.exe
Adobe CS4 Master Collection.exe
Adobe Photo Elements Multi Keygen.exe
Adobe Photoshop CS2 2009 Install.exe
Adobe Photoshop CS2 2009 Install Full Version 2009.exe
Adobe Photoshop CS3 KeyGen.exe
Adobe Photoshop CS3.exe
Adobe Photoshop CS4 Extended.exe
Adobe Photoshop CS4 KeyGen.exe
Adobe Photoshop CS4-Extended.exe
Adobe Photoshop Ultimate Serials Crack.exe
Google Earth Final Build 2009 Version Install .exe
Google Earth Pro 3.0 beta.exe
Google Earth Pro Final Setup.exe
Grand Theft Auto GTA Vice City Crack.exe
Hotmail Cracker v3.2.6.exe
ICQ Password Cracker 2009.exe
Kasperksy 2009 Crack.exe
Kasperksy 2009 Full Suite Crack.exe
Kasperksy 2009 KeyGen.exe
Kaspersky Antivirus 7.0.0.125 Full Crack Editon.exe
Kaspersky Full Suite Crack.exe
Kaspersky 2009 Crack.exe
Kaspersky Internet Security 2009 KeyGen.exe
Limewire Full Speed Patch.exe
Mega Pack WinZip 11.1.exe
Microsoft Office 2003 Professional Edition.exe
Microsoft Office 2007 Home and Student.exe
Microsoft Office 2007 Enterprise.exe
Microsoft Office 2007.exe
Microsoft Visual Basic 2009 KeyGen.exe
Windows 7 Keygen.exe
Windows 7 Theme Sidebar.exe
Windows Ultimate Keygen.exe
Windows Vista ULTIMATE Crack.exe
Windows XP SP2 -Serial Original.exe
Windows XP ULTIMATE Keygen.exe
Myspace Account Cracker.exe
Nero 7.x.x.x All Products.exe
Nero 8 Ultra Edition 8.3.0.exe
Nero 8.1.1.0 Install.exe
Nero 9 Portable Full Final Version.exe
Nero Burning Rom v9.4.13.2c.exe
Norton Internet Security 2009 v16.2.0.7.exe
Norton Internet Security 2009 BR Edition.exe
Nude Celebreties Pics 4.jpg.exe
Paris Hilton Blowjob.jpg.exe
PhotoShop Keygen.exe
PowerDVD v9 Ultra Version.exe
Spyware Doctor 5.01.205.exe
Steam Account Cracker.exe
Steinberg Cubase SX v101 WORKING.exe
Tune Up Utilities 2009 Install.exe
TuneUp Utilities.exe 2009.v8.2000.35.exe
Microsoft Windows 7 Crack.exe
Windows 7 Keygen.exe
Windows 7 Sidebar Install.exe
Windows 7 Theme Install.exe
Windows Vista Cracker.exe
Windows Vista Home Premium KeyGen.exe
Windows Vista Keygen.exe
Windows Vista Serial Keygen.exe
Windows XP Crack.exe
Windows XP Professional CDKey.exe
WinRAR.v3.80 Full Version Cracked 2009.exe
WinRar 3.71 Cracked.exe
WinRar 3.71 Full Patched.exe
WinRAR 3.80 Unplagged.exe
WinRAR v4.3 Full Suite Cracker.exe
World of Warcraft Private Server Launcher v1.0.exe
LimeWire v4.4.3.exe
CDBurnerXP Pro 3.exe
AVG Anti-Virus System v.6.0.exe
Free DVD Ripper 2.25.exe
Spybot Search & Destroy Final Build.exe
Adobe Reader 7.0.5.exe
Jodix Free WMA to MP3 Converter.exe
Clony XXL 2.0.1.5.exe
Nero 6 Reloaded 6.6.0.1.exe
SpeedUpMyPC v4.52.exe
DVD to iPod Video Suite.exe
Kazaa Full Speed Patch.exe
Kazaa Final Build 2009.exe
K-Lite Codec Pack 5.0.0 Full, Standard and Basic.exe
Codec Pack All in 1 6.0.3.0.exe
Nero Burning ROM 9.4.13.2c.exe
Vista Codec Package 5.3.5 install.exe
DivX Free 5.2.1 Install.exe
Daemon Tools 4.30.4 Install.exe
Winamp 5.56.2512.exe
Real Alternative 1.90.exe
FFDShow MPEG-4 Video Decoder 2009-07-25 Install.exe
Samsung PC Studio 3.2.1 HB6 Vista Install.exe
Internet Download Manager 5.17.5.exe
Utorrent 1.8.3 Install.exe
DAEMON Tools 4.10 X64 Install.exe
LG Phone Manager 1.5.0.25.exe
BlueSoleil C 5.0.5.178 Install.exeDivX Free 5.2.1 Crack.exe
Nero Burning Rom 9.4.* Crack.exe
Nero Burning Rom 9.* Full Version Crack
Adobe Full Crack Suite.exe
Need For Speed NO CD Crack (Scanned With Norton AV 2009).exe
Need For Speed Keygen (Scanned With Norton AV 2009).exe
Need For Speed Underground NO CD Crack (Scanned With Norton AV 2009).exe
Zone Alarm Pro 4.x Crack (Scanned With Norton AV 2005).exe
Zone Alarm Pro 5.x Crack (Scanned With Norton AV 2005).exe
GTA San Andreas [PS2] – ISO FTP Info.exe
GTA San Andreas [XBOX] – ISO FTP Info.exe
Ad-Aware Pro – Software Keygen.exe
Clone CD 5 – Software Keygen.exe


 

Daftar Website yang Diblockir Virus

Berikut daftar website yang diblockir melalui hosts:

www.symantec.com
securityresponse.symantec.com
bottalk.us
symantec.com
www.sophos.com
sophos.com
www.mcafee.com
mcafee.com
liveupdate.symantecliveupdate.com
www.viruslist.com
viruslist.com
viruslist.com
f-secure.com
www.f-secure.com
kaspersky.com
kaspersky-labs.com
www.avp.com
www.kaspersky.com
avp.com
www.networkassociates.com
networkassociates.com
www.ca.com
ca.com
mast.mcafee.com
my-etrust.com
www.my-etrust.com
download.mcafee.com
dispatch.mcafee.com
secure.nai.com
nai.com
www.nai.com
update.symantec.com
updates.symantec.com
us.mcafee.com
liveupdate.symantec.com
customer.symantec.com
rads.mcafee.com
trendmicro.com
pandasoftware.com
www.pandasoftware.com
www.trendmicro.com
www.grisoft.com
www.microsoft.com
microsoft.com
www.virustotal.com
virustotal.com
threatexpert.com
novirusthanks.org
scanner.novirusthanks.org


 

Anti-Debug – Anti Caption

Diduga, virus ini juga memiliki beberapa teknik Anti-Debug. Berikut beberapa Caption pada Form yang diduga masuk daftar berbahaya oleh virus ini:

Jitbit Network Sniffer
Sniffem Win32
SoftPerfect Network Protocol Analyzer
BurnSoft Connection Sniffer
Process And Port Analyzer
Ether Detect
EtherDetect Packet Sniffer – Unregistered Version
The Wireshark Network Analyzer
Project 1 – Packet Analyzer – Colasoft Capsa
TCPView – Sysinternals: www.sysinternals.com
Process Monitor – Sysinternals: www.sysinternals.com
Process Explorer – Sysinternals: www.sysinternals.com
File Monitor – Sysinternals: www.sysinternals.com
PIAFCTM – Waiting
PIAFCTM – Stopped
SwitchSniffer v1.3.2.0 Registered
SwitchSniffer v1.3.2.0 UnRegistered
CurrProcess
Security Task Manager – Alexander Neuber
Auto Start and Process Viewer : www.konradp.com
Remote Process Viewer for Windows Networks
Process Heap Viewer – www.SecurityXploded.com
Soft191 Process Viewer


 

Anti  Debug – Anti Proccess

Virus ini juga sepertinya anti dengan program yang berjalan di komputer korban dengan daftar proses:

joeboxserver.exe
joeboxcontrol.exe
wireshark.exe
sniff_hit.exe
sysAnalyzer.exe
UserName
user
sandbox
honey
vmware
currentuser
nepenthes
andy
CurrentUser
SbieDll.dll
dbghelp.dll
ntdll.dll
ZwQuerySystemInformation
ZwQueryInformationProcess
*VMWARE*
*VBOX*
*VIRTUAL*


Mengizinkan Firewall terhadap program dengan nama “1.exe”: netsh firewall add allowedprogram 1.exe 1 ENABLE

 

Pembersihan Virus

Untuk membersihkan virus ini, silakan gunakan Smadav terbaru yang dapat didownload di: www.smadav.net

FakeFD.Winsvc.DB terdeteksi Smadav 12

FakeFD.Winsvc.DB terdeteksi Smadav 12

 

Registry FakeFD.Winsvc.DB terdeteksi Smadav

Registry FakeFD.Winsvc.DB terdeteksi Smadav

 

Salam bebas virus.

 

Leave a Reply


  • Search

    Loading
  • Wall

    Previous Next
    Latest on Mon, 03:09 am

    firas: pas

    Donald Sare: Perfect

    HADJAILIA Abdelmadjid: It's a very good logiciel

    stephanie: commens est ce que tu vas

    Ronald Kabuubi: Iam yet to find out.People say its good.

    anis ramdani: menyenagkan

    yurhadi ghani: saya selalu menggunakan smadav

    senki john: halp me

    Daniel Namandwa: This is good

    Granger: This Antivirus is good

    » Tuliskan komentar Anda :