- Registry pemicu virus
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
String :
-
Shell = %lokasi file virus%
-
Userinit = %lokasi file virus%
2. Registry untuk blok fungsi windows
Alamat Registry:
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
String :
-
DisableRegistryTools -> regedit di blok
-
DisableCMD -> CMD di blok
-
DisableTaskMgr -> Task Manager di blok
Value : 1
Alamat Registry:
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
String :
-
NoFolderOptions -> Disable Folder Option
-
NoRun -> Disable menu Run
-
NoFind -> Disable menu Search
-
NoTrayContextMenu -> Disable klik kanan pd Tray Menu
-
NoViewContextMenu -> Disable klik kanan pd Desktop Windows
-
NoControlPanel -> Disable Control Panel
Value : 1
Alamat Registry:
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions
Contoh Key :
-
Mscinfog.exe
-
Regedit.exe
-
Cmd.exe
-
Taskmgr.exe
String : Debugger
Data Value : %lokasi file virus%
Alamat Registry:
-
HKEL_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer
String :
-
DisableMSI -> Disable Microsoft Installer [MSI]
-
LimitSysteRestoreCheckpointing
Value : 1
Alamat Registry:
-
HKEL_LOCAL_MACHINE\SOFWARE\Policies\Microsoft\WindowsNT\SystemRestore
String :
-
DisableSR -> Disable Sistem Restore
-
DisableConfig
Value : 1
3. Registry untuk blok system security
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
String:
-
AntiVirusDisableNotify (1)
-
AntiVirusOverride (0)
-
FirewallOverride (0)
-
UpdatesDisableNotify (1)
Value: 1
4. Registry untuk manipulasi internet explorer
Alamat Registry :
-
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Main
String:
-
-
SearchPage
-
StartPage
-
WindowsTitle
-
Value: alamat virus
5. Registry untuk blok akses file .com/.bat/.pit/.ink
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command
-
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command
-
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command
-
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inkfile\shell\open\command
-
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
String: Default
Value: %lokasi file virus%
6. Registry untuk merubah type file dari “Application” menjadi “File Folder”
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile
String: Default
Value: %acak%
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile
String: NeverShowExt
8. Registry untuk menyembuntikan file dan ekstensi file
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
Key: UncheckedValue
Value: 1
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
Key: UncheckedValue
Value: 0
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
String: CheckedValue
Value: 0
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile
String: NeverShowExt
9. Registry untuk merubah nama pemilik windows
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion
String:
-
RegisteredOrganization
-
RegisteredOwner
Value: %Acak sesuai dengan jenis virus%
10. Registry untuk dapat aktif di safe mode
Alamat Registry :
-
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot
-
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
String:
-
AlternateShell (cmd.exe)
Value: %lokasi file virus%
Sumber : buku “Tips dan Trik Membasmi & Melindungi Komputer dari Virus Lokal” oleh Adang Juhar Taufik
Penerbit : Penerbit Gava Media
