Rabu, 16 November 2011

RAMNIT killer [penjelasan bagi pengguna umum]

Ramnit merupakan salah satu virus yang belakangan ini terus merajalela. Ciri yang paling mudah dikenali pada komputer yang telah terinfeksi Ramnit adalah terciptanya 4 buah shortcut pada removable disk dengan nama:

Copy of Shortcut to (1).lnk
Copy of Shortcut to (2).lnk
Copy of Shortcut to (3).lnk
Copy of Shortcut to (4).lnk

Dibalik shortcut yang mudah terlihat,
banyak aksi Ramnit lainnya yang tidak mudah terdeteksi, antara lain menginfeksi file *.exe/*.dll/*.htm/*.html, menginjeksi multi-processes di memory, dan berusaha men-download malware lainnya. Ramnit dilengkapi dengan kemampuan rootkit canggih yang membuatnya stealth di memory. Ramnit dapat menjangkiti komputer yang bersih dengan berbagai teknik, melalui exploit shortcut, autorun, ataupun melalui eksekusi file exe/dll dan HTML yang telah terinfeksi.

PCMAV Express for Ramnit dibuat untuk membersihkan berbagai varian Ramnit yang in-the-wild, menghentikan proses Ramnit di memory komputer yang terinfeksi, membersihkan file yang terinfeksi Ramnit, baik executable file maupun HTML dengan sempurna dan akurat pada setiap drive (hard disk maupun removable disk) yang terpasang, dan memperbaiki registry yang diubah Ramnit.

Aturan Penggunaan:

  1. Jalankan PCMAV for Ramnit dari hard disk, hindari menjalankannya dari flash disk mengingat shortcut Ramnit dapat tereksekusi saat Anda mengklik drive flash disk yang terinfeksi melalui Windows Explorer.
  2. Pastikan user Anda memiliki hak setara Administrator.
  3. Nonaktifkan/tutup aplikasi (antivirus, Windows Explorer maupun program lainnya) yang masih aktif agar tidak mengganggu PCMAV Express.
  4. Pasang flashdisk yang terinfeksi pada komputer agar ikut dibersihkan oleh PCMAV Express for Ramnit, tetapi jangan diakses.
  5. Jalankan RAmnit Killer.
  6. Pastikan komputer Anda *tidak* terkoneksi ke jaringan atau Internet selama proses scan.
  7. Setelah selesai, sangat disarankan untuk melakukan restart dan scan ulang (jika perlu).
  8. Pastikan seluruh PC yang telah terhubung di dalam jaringan juga telah bebas Ramnit, sebelum PC Anda kembali terkoneksi ke jaringan.

Update:

Bagian ini akan terus di-update sesuai dengan perkembangan virus Ramnit yang terus kami pantau. Varian baru Ramnit (atau virus lainnya) yang Anda temukan dapat di-upload ke: http://upload.virusindonesia.com.

Sampai saat ini PCMAV Express for Ramnit telah dapat menangani 15 varian Ramnit yang berfungsi sebagai dropper virus:

Update terakhir: 27 September 2011

1.   Ramnit.A.dropper
2.   Ramnit.B.dropper
3.   Ramnit.C.dropper
4.   Ramnit.D.dropper
5.   Ramnit.E.dropper
6.   Ramnit.F.dropper
7.   Ramnit.G.dropper
8.   Ramnit.H.dropper
9.   Ramnit.I.dropper
10. Ramnit.J.dropper
11. Ramnit.K.dropper
12. Ramnit.L.dropper
13. Ramnit.M.dropper
14. Ramnit.N.dropper
15. Ramnit.O.dropper

Secara regular engine utama PCMAV akan di-update mengikuti perkembangan Ramnit.

Pada halaman ini kami juga menyediakan PCMAV Express for Ramnit untuk di-download pada link dibawah ini (link dapat berubah jika ada update baru).

gambar-gambar file RAMNIT:
1. file virus Ramnit di USB
2. virus Ramnit, di USB, bertuliskan copy of shorcut 01-04.lnk


3. Laporan (log file) hasil penemuan Ramnit Killer
Scanning memory...
- Checking [System Process]; PID: 0;
- Checking System; PID: 4;
- Checking smss.exe; PID: 1208;
- Checking csrss.exe; PID: 1276;
- Process: csrss.exe; Thread infected: ID = 2712; Start Address: $20027010;
- Thread 2712 terminated.
- Checking winlogon.exe; PID: 1388;
- Process: winlogon.exe; Thread infected: ID = 1292; Start Address: $20027010;
- Thread 1292 terminated.
- Checking services.exe; PID: 1512;
- Process: services.exe; Thread infected: ID = 2992; Start Address: $20027010;
- Thread 2992 terminated.
- Checking lsass.exe; PID: 1524;
- Process: lsass.exe; Thread infected: ID = 3116; Start Address: $20027010;
- Thread 3116 terminated.
- Checking USBSRService.exe; PID: 1876;
- Process: USBSRService.exe; Thread infected: ID = 1868; Start Address: $20027010;
- Thread 1868 terminated.
- Checking Ati2evxx.exe; PID: 1892;
- Process: Ati2evxx.exe; Thread infected: ID = 1928; Start Address: $20027010;
- Thread 1928 terminated.
- Checking svchost.exe; PID: 1968;
- Process: svchost.exe; Thread infected: ID = 1952; Start Address: $20027010;
- Thread 1952 terminated.
- Checking svchost.exe; PID: 288;
- Process: svchost.exe; Thread infected: ID = 1016; Start Address: $20027010;
- Thread 1016 terminated.
- Process: svchost.exe; Thread infected: ID = 2448; Start Address: $20026FE9;
- Thread 2448 terminated.
- Checking svchost.exe; PID: 416;
- Process: svchost.exe; Thread infected: ID = 3868; Start Address: $20027010;
- Thread 3868 terminated.
- Checking svchost.exe; PID: 476;
- Process: svchost.exe; Thread infected: ID = 3208; Start Address: $20027010;
- Thread 3208 terminated.
- Checking Ati2evxx.exe; PID: 904;
- Process: Ati2evxx.exe; Thread infected: ID = 280; Start Address: $20027010;
- Thread 280 terminated.
- Checking svchost.exe; PID: 964;
- Process: svchost.exe; Thread infected: ID = 1912; Start Address: $20027010;
- Thread 1912 terminated.
- Process: svchost.exe; Thread infected: ID = 2344; Start Address: $20026FE9;
- Thread 2344 terminated.
- Checking Explorer.EXE; PID: 1172;
- Process: Explorer.EXE; Thread infected: ID = 3604; Start Address: $20027010;
- Thread 3604 terminated.
- Checking svchost.exe; PID: 1180;
- Process: svchost.exe; Thread infected: ID = 776; Start Address: $20027010;
- Thread 776 terminated.
- Process: svchost.exe; Thread infected: ID = 3748; Start Address: $20026FE9;
- Thread 3748 terminated.
- Checking AvastSvc.exe; PID: 1368;
- Checking avastUI.exe; PID: 920;
- Checking RunDll32.exe; PID: 1416;
- Process: RunDll32.exe; Thread infected: ID = 3036; Start Address: $20027010;
- Thread 3036 terminated.
- Checking NokiaMServer.exe; PID: 1816;
- Process: NokiaMServer.exe; Thread infected: ID = 2592; Start Address: $20027010;
- Thread 2592 terminated.
- Checking DrvIcon.exe; PID: 444;
- Process: DrvIcon.exe; Thread infected: ID = 2340; Start Address: $20027010;
- Thread 2340 terminated.
- Checking jusched.exe; PID: 544;
- Process: jusched.exe; Thread infected: ID = 2656; Start Address: $20027010;
- Thread 2656 terminated.
- Checking HPWuSchd2.exe; PID: 632;
- Process: HPWuSchd2.exe; Thread infected: ID = 3764; Start Address: $20027010;
- Thread 3764 terminated.
- Checking USBSafelyRemove.exe; PID: 1040;
- Process: USBSafelyRemove.exe; Thread infected: ID = 3644; Start Address: $20027010;
- Thread 3644 terminated.
- Checking AntiFreeze.exe; PID: 784;
- Process: AntiFreeze.exe; Thread infected: ID = 3316; Start Address: $20027010;
- Thread 3316 terminated.
- Checking PCSuite.exe; PID: 1240;
- Process: PCSuite.exe; Thread infected: ID = 2092; Start Address: $20027010;
- Thread 2092 terminated.
- Checking DAP.EXE; PID: 1444;
- Process: DAP.EXE; Thread infected: ID = 2852; Start Address: $200B7010;
- Thread 2852 terminated.
- Checking TrueTransparency.exe; PID: 1724;
- Process: TrueTransparency.exe; Thread infected: ID = 3292; Start Address: $20027010;
- Thread 3292 terminated.
- Checking ViStart.exe; PID: 1796;
- Process: ViStart.exe; Thread infected: ID = 1772; Start Address: $20027010;
- Thread 1772 terminated.
- Checking Rainmeter.exe; PID: 492;
- Process: Rainmeter.exe; Thread infected: ID = 2148; Start Address: $20027010;
- Thread 2148 terminated.
- Checking ViGlance.exe; PID: 500;
- Process: ViGlance.exe; Thread infected: ID = 3368; Start Address: $20027010;
- Thread 3368 terminated.
- Checking WinFLTray.exe; PID: 724;
- Process: WinFLTray.exe; Thread infected: ID = 1424; Start Address: $20027010;
- Thread 1424 terminated.
- Checking FLComServCtrl.exe; PID: 772;
- Process: FLComServCtrl.exe; Thread infected: ID = 1408; Start Address: $20027010;
- Thread 1408 terminated.
- Checking WindowsSearch.exe; PID: 1140;
- Process: WindowsSearch.exe; Thread infected: ID = 3448; Start Address: $20027010;
- Thread 3448 terminated.
- Checking FLComServ.exe; PID: 1824;
- Process: FLComServ.exe; Thread infected: ID = 2808; Start Address: $20027010;
- Thread 2808 terminated.
- Checking svchost.exe; PID: 2352;
- Process: svchost.exe; Thread infected: ID = 3108; Start Address: $20027010;
- Thread 3108 terminated.
- Checking spoolsv.exe; PID: 3544;
- Process: spoolsv.exe; Thread infected: ID = 2956; Start Address: $20027010;
- Thread 2956 terminated.
- Checking ATKKBService.exe; PID: 3928;
- Process: ATKKBService.exe; Thread infected: ID = 3120; Start Address: $20027010;
- Thread 3120 terminated.
- Checking WinFlip.exe; PID: 540;
- Process: WinFlip.exe; Thread infected: ID = 1776; Start Address: $20027010;
- Thread 1776 terminated.
- Checking WinFLService.exe; PID: 1752;
- Process: WinFLService.exe; Thread infected: ID = 192; Start Address: $20027010;
- Thread 192 terminated.
- Checking SeaPort.exe; PID: 2528;
- Process: SeaPort.exe; Thread infected: ID = 3964; Start Address: $20027010;
- Thread 3964 terminated.
- Checking svchost.exe; PID: 3240;
- Process: svchost.exe; Thread infected: ID = 3784; Start Address: $20027010;
- Thread 3784 terminated.
- Checking TuneUpUtilitiesService32.exe; PID: 3724;
- Process: TuneUpUtilitiesService32.exe; Thread infected: ID = 940; Start Address: $20027010;
- Thread 940 terminated.
- Checking TuneUpUtilitiesApp32.exe; PID: 1780;
- Process: TuneUpUtilitiesApp32.exe; Thread infected: ID = 1476; Start Address: $20027010;
- Thread 1476 terminated.
- Checking ServiceLayer.exe; PID: 3912;
- Process: ServiceLayer.exe; Thread infected: ID = 3024; Start Address: $20027010;
- Thread 3024 terminated.
- Checking wscntfy.exe; PID: 2692;
- Process: wscntfy.exe; Thread infected: ID = 3996; Start Address: $20027010;
- Thread 3996 terminated.
- Checking alg.exe; PID: 1516;
- Process: alg.exe; Thread infected: ID = 3636; Start Address: $20027010;
- Thread 3636 terminated.
- Process: alg.exe; Thread infected: ID = 768; Start Address: $20026FE9;
- Thread 768 terminated.
- Checking NclRSSrv.exe; PID: 3780;
- Process: NclRSSrv.exe; Thread infected: ID = 2056; Start Address: $20027010;
- Thread 2056 terminated.
- Checking EngIndoDic.exe; PID: 3444;
- Process: EngIndoDic.exe; Thread infected: ID = 2732; Start Address: $20047010;
- Thread 2732 terminated.
- Checking Folder Lock.exe; PID: 3940;
- Process: Folder Lock.exe; Thread infected: ID = 2724; Start Address: $20027010;
- Thread 2724 terminated.
- Checking NclUSBSrv.exe; PID: 2376;
- Process: NclUSBSrv.exe; Thread infected: ID = 2756; Start Address: $20027010;
- Thread 2756 terminated.
- Checking svchost.exe; PID: 1296;
- Process: svchost.exe; Thread infected: ID = 3200; Start Address: $2001B97D;
- Thread 3200 terminated.
- Process svchost.exe terminated.
- Process: svchost.exe; Thread infected: ID = 360; Start Address: $2001B23A;
- Thread 360 terminated.
- Process svchost.exe terminated.
- Process: svchost.exe; Thread infected: ID = 2944; Start Address: $2001B647;
- Thread 2944 terminated.
- Process svchost.exe terminated.
- Process: svchost.exe; Thread infected: ID = 1052; Start Address: $2001A2FB;
- Thread 1052 terminated.
- Process svchost.exe terminated.
- Process: svchost.exe; Thread infected: ID = 1496; Start Address: $2001A315;
- Thread 1496 terminated.
- Process svchost.exe terminated.
- Checking svchost.exe; PID: 3384;
- Process: svchost.exe; Thread infected: ID = 4028; Start Address: $20017010;
- Thread 4028 terminated.
- Process svchost.exe terminated.
- Checking RamnitKiller.exe; PID: 3260;
- Process: RamnitKiller.exe; Thread infected: ID = 1948; Start Address: $20017010;
- Thread 1948 terminated.
Scanning registry...
Fixing registry...
Scanning all drives, please wait...
- Scanning C:\
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\mfc80u.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\msvcp80.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\msvcr80.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\ATILog.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\ATIManifestDLMExt.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\CompressionDLMExt.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\ControlCenterActions.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\CRCVerDLMExt.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\DetectionManager.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\DLMCom.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\EncryptionDLMExt.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\InstallManager.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\InstallManagerApp.exe -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\LanguageMgr.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\mfc80u.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\msvcp80.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\msvcr80.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\PackageManager.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\xerces-c_2_6.dll -> Ramnit.A
- File cured: C:\ATI\Support\11-2_xp32_dd_ccc_enu\Bin\zlibwapi.dll -> Ramnit.A
- File cured:
C:\ATI\Support\11-2_xp32_dd_ccc_enu\Packages\Drivers\Display\XP_INF\B112566\atiiiexx.dll ->
Ramnit.A
- File cured: C:\d49174b4cb729e49a6e8ee9474\i386\filterpipelineprintproc.dll -> Ramnit.A
- File cured: C:\d49174b4cb729e49a6e8ee9474\i386\mxdwdrv.dll -> Ramnit.A
- File cured: C:\d49174b4cb729e49a6e8ee9474\i386\xpssvcs.dll -> Ramnit.A
- File cured: C:\Documents and Settings\All Users\Application Data\ACD
Systems\ACDSee\8.0\ACDInTouch\EN\StaticPages\Cannot_Connect.htm -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\ACD
Systems\ACDSee\8.0\ACDInTouch\EN\StaticPages\Chose_Not_To_Connect.htm -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\ACD
Systems\ACDSee\8.0\ACDInTouch\EN\StaticPages\privacy-popup.htm -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\ACD
Systems\ACDSee\8.0\ACDInTouch\EN\StaticPages\registration-cancel.htm -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\ACD
Systems\ACDSee\8.0\ACDInTouch\EN\StaticPages\Registration.htm -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\ACD
Systems\ACDSee\8.0\ACDInTouch\EN\StaticPages\trial-cannot-connect.htm -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\2050_troubleshooting.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\BCGGFIHA.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\howdoi.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\loadMedia.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\orderInk.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v10557049.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v106119432.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v167925466.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v218078186.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v219372518.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v219372532.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v219372545.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v219372679.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v219372685.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v219372857.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v220090244.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v220090265.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v220090334.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v220090433.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v241183500.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v241185239.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v241217995.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v242193567.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v242663037.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v246756744.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v250315011.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v252591864.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v270866037.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v270866044.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v272862552.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v278386287.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v280384830.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v313297254.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v313297628.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v313349820.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v318075781.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v318286690.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v320539471.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v324906067.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v328645139.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v328782249.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v331488257.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v331669189.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v332614997.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v333348923.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v70935656.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v70935710.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v97537308.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\v98442524.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\GeneratedFiles\HomePage.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application Data\HP\HP Deskjet 1050 J410
series\Help\1033\GeneratedFiles\IndexerProgressBar.html -> Ramnit.A.html
- File cured: C:\Documents and Settings\All Users\Application
Data\Installations\{C96AA90C-9DE0-4C37-92F2-49CC3FE8C330}\Installer\CommonCustomActions\
Sleep2008.exe -> Ramnit.A
Scanning aborted.

System time: 11/16/2011 12:41:09 PM
Scan finished: 0:3:36.562
File scanned: 3254
File infected: 82
File cured: 82
File removed: 0
Sumber : virus indonesia webiste-PCMAV
by di 15.20
Label:

1 komentar:

  1. mithun30 Agustus 2016 pukul 18.31



    I'm happy to joining this blog, It is a very nice experience for me... Thank you for all your postings.

    123 HP PS 5520 Setup - 123.hp.com/ps5520

    BalasHapus

SILAHKAN TINGGALKAN KOMENTAR
PLEASE LEAVE COMMENT

Langganan: Posting Komentar (Atom)