robotFoundryTM

robotFoundry is a powerful graphical coding environment for robotics. Use drag and drop modules to add functionality to your code, quickly linking them to create program flow and robot controls. Generate code with a click, and transfer your code to your robot or robotSim with another click. Code for a physical robot or simulated robot at the same time – switch between them at any time to generate code for the robot or robotSim to run identical code. Choose from pre-existing robotFoundry robot templates, or add components to create your own. Many modules are available, ranging from simple controllers such as line trackers and wall followers to basic building blocks like variables, mathematics and logical operators. Choose your own level of programming, and allow robotFoundry to take the coding out of your coding.

Patented algorithms makes robotic programming with robotFoundry easy for anyone. Use the Task Specification tool to find the robot available for your task and need, and generate the code developed for you. Fine tune the generated code in the easy-to-use visual coding environment using some of the many modules available. Drag and drop modules into an architecture, and link modules to connect data flows. Mark a robot as “Simulate” to generate code for robotSim, or generate on unmarked robots to generate code for the physical robot. Transfer your code easily and quickly to robotSim, or run it locally on your own machine for quick and easy execution. Watch the headaches of robotics melt away as you harness the power of robotFoundry.

<!–// research | //–> careers | <!–// strategic partnerships and distributors | //–> technologies | contact us

9 Langkah Jitu Membasmi Rontok Bro

 

Apakah ada format multimedia file yang paling banyak dicari di Indonesia akhir- akhir ini ? MP3 ? …. MP4 ? … MPEG-4 ?…… Jawaban anda kurang tepat. Yang benar adalah 3GP. 3GP merupakan standar format file multimedia (gambar dan suara) yang digunakan pada handphone 3G. Lebih tepatnya adalah 3GPP (3rd Generation Partnership Project) yang digunakan oleh provider 3G GSM. Sedangkan provider CDMA menggunakan format 3G2 (3GPP2) yang singkatannya sama saja 3rd Generation Partnership Project2.

Lalu apa hubungannya 3GP dengan virus ?

Rupanya selain memiliki hobi coding, rupanya banyak pembuat virus yang senang nonton infotainment. Terbukti dengan keluarnya virus baru dari kota Gudeg yang di identifikasi oleh Norman Virus Control sebagai W32/Gedug.A. Virus yang satu ini memanfaatkan kasus peredaran video syur anggota DPR dengan menggunakan nama file “Anggota_DPR_mesum.exe” dan “Lokal_Punya_Selera.exe”. Jadi, bagi anda yang belum pernah mendapatkan file tersebut dan “tiba-tiba” di UFD (USB Flash Disk) atau harddisk anda muncul file dengan nama menggiurkan tersebut, percayalah bahwa file tersebut tidak di kirimkan oleh Sinterklas kepada anda sebagai hadiah Natal (karena anda tidak nakal) melainkan merupakan hasil ciptaan Piet Hitam (virus lokal) asal kota Gudeg dengan nama W32/Gedug.A.

Salah satu ciri dari virus ini adalah semua file yang dikompresi menggunakan WINZIP/WinRAR akan disembunyikan dan akan muncul file duplikat sesuai dengan file yang disembunyikan tersebut dengan ukuran 35 KB. (lihat gambar 1)

 

Gambar 1, Contoh file virus W32/Gedug.A

 

Ciri lain dari virus ini adalah jika anda menjalankan program regedit/msconfig/taskmanager ataupun notepad maka akan muncul program permainan seperti Solitaire, Free Cell atau spider.exe dan dilihat dari script yang ada kemungkinan virus ini berasal dari kota Malioboro Flavour…..Yogyakarta.

 

Virus yang aktif pada mode Normal, Safe mode dan Safe Mode with Command Prompt ini sudah dapat dikenali oleh Norman dengan nama W32/Gedug.A. (lihat gambar 2)

 

 

Gambar 2, Norman Virus Control sudah mengenali virus W32/Gedug.A dengan baik

 

Seperti yang sudah dijelaskan sebelumnya virus W32/Gedug.A akan mempunyai ukuran 35 KB, untuk mengelabui user W32/Gedug.A akan menggunakan icon WINZIP/WINRAR dengan ekst. .EXE. Biasanya file induk virus W32/Gedug.A ini akan mempunyai 2 nama yakni Anggota_DPR_mesum.exe atau Lokal Punya Selera.exe.

 

Jika salah satu file tersebut dijalankan maka secara otomatis ia akan memunculkan 2 buah file lain di direktori yang sama dengan nama file berikut serta mempunyai ukuran 35 KB

·         [DATA]Anggota_DPR_mesum.exe

·         [DATA]Lokal Punya Selera.exe

 

Jika diperhatikan lebih teliti, pada direktori yang sama akan muncul 2 buah file lain dimana kedua file ini akan disembunyikan [hidden file] dengan nama file berikut dengan ukuran 35 KB

·         [DATA]Anggota_DPR_mesum.rar

·         [DATA]Lokal Punya Selera.rar

 

Jika salah satu file tersebut diatas dijalankan ([DATA]Anggota_DPR_mesum.exe, [DATA]Lokal Punya Selera.exe, [DATA]Anggota_DPR_mesum.rar atau [DATA]Lokal Punya Selera.rar) maka akan muncul pesan error, seperti terlihat pada gambar 3 dibawah ini:

 

Gambar 3

 

Untuk melihat secara lengkap file yang diciptakan oleh Gedug silahkan lihat gambar 4 dibawah ini

 

Gambar 4-File yang diciptakan virus setelah dijalankan oleh user

 

Setelah file tersebut dijalankan ia akan membuat beberapa file induk yang akan dijalankan pertama kali setiap kali komputer dinyalakan, seperti :

 

§         C:\Documents and Settings\LocalService

·         WINRAR.exe

·         msvbvm60.dll

§         C:\Program Files\WindowsUpdate

·         WinUpdate.exe [zip file]

·         pingstatus.dat

§         C:\Anggota_DPR_mesum.exe [disetiap drive]

§         C:\Anggota_DPR_mesum.rar [disetiap drive]

§         C:\[DATA]Anggota_DPR_mesum.exe [disetiap drive]

§         C:\[DATA]Lokal Punya Selera.exe [disetiap drive]

§         C:\[DATA]Anggota_DPR_mesum.rar [disetiap drive]

§         C:\[DATA]Lokal Punya Selera.rar [disetiap drive]

§         C:\Lokal Punya Selera.exe [ disetiap drive]

§         C:\Lokal Punya Selera.rar [ disetiap drive]

§         C:\Documents and Settings\LocalService\AcrobatInfo.exe

§         C:\Documents and Settings\%user%

·         Anggota_DPR_mesum.exe

·         Anggota_DPR_mesum.rar

·         Lokal Punya Selera.exe

·         Lokal Punya Selera.rar

 

Virus ini akan membuat string pada registry berikut dengan tujuan agar salah satu file induk ini dapat dijalankan secara otomatis setiap kali komputer dihidupkan :

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

   NT\CurrentVersion\Winlogon

o        userinit = C:\WINDOWS\system32\userinit.exe,C:\Documents and

Settings\LocalService\WinRAR.exe

 

Untuk mempertahankan dirinya W32/Gedug.A akan mencoba untuk blok beberapa fungsi windows, kali ini ia akan “menjiplak” cara yang dilakukan oleh virus Lightmoon dimana jika komputer anda terinfeksi virus Lightmoon maka setiap kali menjalankan  program regedit/taksmanager atau msconfig maka yang muncul bukanlah program yang anda inginkan melainkan sebuah program “notepad” yang berisikan bahasa “ASCII”. Begitupun yang akan dilakukan oleh virus W32/Gedug.A tetapi bukan program notepad yang akan dimunculkan melainkan program permainan [game] seperti Solitaire, FreeCell atau Spider. Untuk melakukan hal tersebut ia akan membuat string pada registry berikut : (lihat gambar 5)

 

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

§         Taskmgr = [debugger=C:\WINDOWS\System32\freecell.exe]

§         Regedit = [debugger = C:\WINDOWS\System32\sol.exe]

§         Notepad = [debugger = C:\WINDOWS\System32\spider.exe]

 

Gambar 5, Game yang muncul ketika menjalankan program regedit/notepad

 

Begitupun jika anda menjalankan program CMD [command] maka secara tidak langsung akan mengaktifkan virus ini, dengan membuat string pada registry berikut:

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

§         cmd = [debugger =C:\Documents and Settings\LocalService\AcrobatInfo.exe]

 

Selain blok fungsi Windows diatas, ia juga akan mencoba untuk blok beberapa fungsi windows lainnya seperti : (lihat gambar 6)

§         Disable klik kanan pada Task Bar

§         Disable Search

§         Disable “system restore”

§         Disable konfigure “Mouse”

§         Disable Add/remove Program

§         Disable configure “game controllers”

§         Disable configure “keyboard”

§         Disable Add/Remove User Account

§         Disable Add Hardware

§         Disable Configure “Display”

§         Disable Themes Tab sehingga tidak bisa mengganti tampilanDesktop/Wallpaper

§         Menyembunyikan tampilan Jam pada Task Bar

§         Disable Turn Off Windows

 

 

Gambar 6, Virus W32/Gedug.A akan disable Display Windows

 

Untuk melakukan hal tersebut, ia akan membuat beberapa string pada registry berikut:

 

-          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

§         ClassicShell

§         DisallowRun

§         HideClock

§         HideClock

§         NoFind

§         NoInstrumentation

§         NoPrinters

§         NoSetTaskbar

§         NoSMHelp

§         NoStartMenuMorePrograms

§         NoThemesTab

§         NoTrayContextMenu

§         NoUserNameInStartMenu

 

-          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

§         NoDispAppearancePage

§         NoDispScrSavPage

§         NoDispSettingsPage

 

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

§         ClassicShell

§         NoClose

§         NoFind

§         NoPrinters

§         NoThemesTab

 

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

§         NoDispAppearancePage

§         NoDispScrSavPage

§         NoDispSettingsPage

 

-          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore

§         DisableSR = 0

 

-          HKEY_CURRENT_USER\Control Panel\don’t load

§         appwiz.cpl = No

§         desk.cpl = No

§         hdwwiz.cpl = No

§         joy.cpl = No

§         main.cpl = No

§         ncpa.cpl = No

§         netcpl.cpl = No

§         nusrmgr.cpl = No

 

-          HKEY_CURRENT_USER\Control Panel\Desktop

§         MenuShowDelay = 5000

 

-          HKEY_CURRENT_USER\Control Panel\Mouse

§         DoubleClickSpeed = 150

 

Jika komputer anda sudah terinfeksi W32/Gedug.A anda akan kesulitan untuk menampilkan file-file yang telah disembunyikan sekalipun jika anda berusaha untuk memampilkan ekstensi file karena virus ini akan berusaha untuk mengunci kedua option pada “Folder Option” tersebut dengan merubah string pada registry berikut :

 

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt

§         UncheckedValue = 1

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt

§         CheckedValue = 1

§         DefaultValue = 1

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden

§         UncheckedValue = 0

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden

§         CheckedValue = 0

§         DefaultValue = 0

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

§         CheckedValue = 0

§         DefaultValue = 0

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN

§         CheckedValue = 0

§         DefaultValue = 0

 

Selain itu W32/Gedug.A juga akan menyembunyikan ekst. EXE, dengan membuat string pada registry berikut :

-          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile

§         NeverShowExt = 1

 

W32/Gedug.A juga akan blok beberapa software security seperti HijackThis, Killbox, Iknown Process atau proceexp  serta akan mencoba blok program antivirus Norman dengan memunculkan pesan error (lihat gambar 7) jika program tersebut dijalankan, untuk melakukan hal tersebut ia akan membuat string pada registry berikut :

-          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

 

§         1 = HijackThis.exe

§         2 = KillBox.exe

§         3 = Pocket KillBox.exe

§         4 =ShowKillProcess.exe

§         5 = CurrProcess.exe

§         6 = IKnow Process.exe

§         7 = Iknown.exe

§         8 = iKnowPS.exe

§         9 = Procexp.exe

§         10 = bantu.exe

§         11 = Zlh.exe

 

 

Gambar 7, Pesan error yang muncul jika menjalankan tools security yang diblok olah virus

 

Masih banyak lagi aksi yang dilakukan oleh vW32/Gedug.A seperti merubah format jam pada task bar dengan merubah format PM menjadi <[@_@]> dan AM menjadi  <[~_~]>  (lihat gambar atau merubah nama pemilik komputer dengan merubah :

 

§         RegisteredOrganization = >> KOTA GUDEG <<

§         RegisteredOwner = >>> G04T  74V4 <<<

 

Untuk melakukan kedua hal tersebut W32/Gedug.A akan merubah string pada registry berikut:

 

-          HKEY_CURRENT_USER\Control Panel\International

§         s1159 = <[@_@]>

§         s2359 = <[~_~]>

 

 

Gambar 8, Tampilan jam yang diubah oleh virus

 

Jangan harap anda dapat menemukan format jam yang ada di task bar karena W32/Gedug.A akan menyembunyikannya. (lihat gambar 9)

 

-          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion

§         RegisteredOrganization = >> KOTA GUDEG <<

§         RegisteredOwner = >>> G04T  74V4 <<<

 

 

Gambar 9, Registered owner dan Organization yang diubah oleh virus

 

Jika anda membuka [Windows Explorer] jangan kaget jika tools bar yang ada akan berubah dengan tambahan gambar Drip, (lihat gambar 10)  hal ini dilakukan oleh Gedug dengan membuat string  pada registy berikut:

 

-          HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar

§         BackBitmap = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp

 

 

Gambar 10, Toolbar Windows yang diubah oleh virus

 

Untuk menyebarkan dirinya, ia masih menggunakan media Disket/Flash Disk dengan membuat file berikut, dimana file ini akan mempunyai ukuran 35 KB

§         Anggota_DPR_mesum.exe

§         Anggota_DPR_mesum.rar [hidden file]

§         Lokal Punya Selera.exe

§         Lokal Punya Selera.rar [hidden file]

 

Sebagai penutup, W32/Gedug.A akan menyembunyikan semua file yang dikompresi dengan menggunakan WINZIP/WINRAR dan untuk mengelabui user ia akan membuat file duplikat sesuai dengan nama file yang disembunyikan tersebut dengan ciri-ciri:

 

-          Mengunakan icon WinRAR

-          Ukuran 35 KB

-          Ext. EXE

-          Type File “Application” (lihat gambar 11)

 

 

Gambar 11, File duplikat yang dibuat oleh virus

 

Cara membersihkan Gedug :

 

1.      Putuskan hubungan komputer yang akan dibersihkan dari jaringan

2.      Matikan  proses virus yang aktif dimemori. Untuk mematikan proses virus tersebut kami sarankan anda jangan menggunakan tools Pocket Killbox/Iknow Process/CurrProcess atau ProceesXP karena tools ini akan diblok oleh virus. Sebagai gantinya anda dapat mengunakan tools XrayPC [www.x-raypc.com], kemudian matikan file virus dengan nama WinRAR.exe yang berada di direktori C:\Documents and Settings\LocalService (lihat gambar 12)

 

Klik tombol ini untuk mamatikan proses virus yang aktif di memori

Gambar 12 Gunakan X-Ray PC untuk mematikan proses virus yang aktif di memori

 

3.      Hapus string registry yang sudah dibuat oleh virus dengan menyalin script dibawah ini pada program notepad dan simpan dengan nama repair.inf kemudian jalankan file tersebut dengan cara :

§         Klik kanan repair.inf

§         Klik Install

 

[Version]

Signature=”$Chicago$”

Provider=Vaksincom

 

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

 

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”

HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN, CheckedValue,0×00010001,2

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN, DefaultValue,0×00010001,2

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue,0×00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue,0×00010001,2

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0×00010001,0

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,CheckedValue,0×00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,DefaultValue,0×00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0×00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, CheckedValue,0×00010001,0

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, DefaultValue,0×00010001,0

HKCU, Control Panel\International, s1159,0, “AM”

HKCU, Control Panel\International, s2359,0, “PM”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, “Your Organization”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0,”YourOwner”

HKCU, Control Panel\Desktop, MenuShowDelay,0, “400″

HKCU, Control Panel\Mouse, DoubleClickSpeed,0, “500″

 

 

[del]

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,NoDispAppearancePage

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,NoDispScrSavPage

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,NoDispSettingsPage

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,ClassicShell

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,DisallowRun

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,HideClock

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,HideClock

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFind

HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoClose

HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoThemesTab

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoInstrumentation

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoPrinters

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSetTaskbar

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSMHelp

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoStartMenuMorePrograms

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoThemesTabNoThemesTab

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoTrayContextMenu

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoUserNameInStartMenu

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, ClassicShell

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoClose

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoFind

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoPrinters

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoThemesTab

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,NoDispAppearancePage

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,NoDispScrSavPage

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,NoDispSettingsPage

HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore,DisableSR

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

HKCU, Software\Microsoft\Internet Explorer\Toolbar, BackBitmap

HKLM, SOFTWARE\Classes\exefile, NeverShowExt

HKCU, Control Panel\don’t load, appwiz.cpl

HKCU, Control Panel\don’t load, desk.cpl

HKCU, Control Panel\don’t load, hdwwiz.cpl

HKCU, Control Panel\don’t load, joy.cpl

HKCU, Control Panel\don’t load, main.cpl

HKCU, Control Panel\don’t load, ncpa.cpl

HKCU, Control Panel\don’t load, netcpl.cpl

HKCU, Control Panel\don’t load, nusrmgr.cpl

 

4.      Hapus file induk yang dibuat oleh virus. Sebelum menghapus file induk dari virus tersebut pastikan anda sudah menampilkan semua file yang disembunyikan dengan memilih option “Show Hidden files and foldders” dan menghilangkan tanda check list pada option “Hide protected operating system files (recommended)” serta “hide extension for known file types” pada Folder Options [Lihat gambar 13 di bawah]

 

Gambar 13, Menampilkan file yang disembunyikan

           

Kemudian hapus file berikut:

 

§         C:\Documents and Settings\LocalService

·         WINRAR.exe

·         msvbvm60.dll

§         C:\Program Files\WindowsUpdate

·         WinUpdate.exe [zip file]

·         pingstatus.dat

§         C:\Anggota_DPR_mesum.exe [disetiap drive]

§         C:\Anggota_DPR_mesum.rar [disetiap drive]

§         C:\[DATA]Anggota_DPR_mesum.exe [disetiap drive]

§         C:\[DATA]Lokal Punya Selera.exe [disetiap drive]

§         C:\[DATA]Anggota_DPR_mesum.rar [disetiap drive]

§         C:\[DATA]Lokal Punya Selera.rar [disetiap drive]

§         C:\Lokal Punya Selera.exe [ disetiap drive]

§         C:\Lokal Punya Selera.rar [ disetiap drive]

§         C:\Documents and Settings\%user%

·         Anggota_DPR_mesum.exe

·         Anggota_DPR_mesum.rar

·         Lokal Punya Selera.exe

·         Lokal Punya Selera.rar

§         C:\Documents and Settings\LocalService

·         AcrobatInfo.exe

5.      Hapus file duplikat yang dibuat oleh virus dengan ciri-ciri:

§         Mengunakan icon WinRAR

§         Ukuran 35 KB

§         Ext. EXE

§         Type File “Application”

6.      Tampilkan kembali file ZIP/RAR yang sudah diubah oleh virus dengan menulis perintah berikut pada DOS PROMPT

ATTRIB –s –h C:\*.ZIP /s

ATTRIB –s –h C:\*.RAR /s

 

Jika anda ingin menampilkan file ZIP/RAR di drive lain [contoh D:\] tulis perintah di atas dengan menganti lokasi drive yang akan diperiksa, contoh jika ingin memeriksa drive D:\

 

ATTRIB –s –h D:\*.ZIP /s

ATTRIB –s –h D:\*.RAR /s

7.      Untuk pembersihan optimal dan  mencegah infeksi ulang, gunakan antivirus yang sudah dapat mengenali virus ini dengan baik.

New Technologies

In countries such as Zimbabwe where media freedom is extremely restricted, new technologies have become powerful tools for political campaigning, communication, advocacy and mobilisation.

Since Robert Mugabe turned the country into a dictatorship, bloggers and civic organisations have resorted to using new tools and applications such as blogs, Flickr, Facebook, SMS, YouTube and mashups to fight for democracy, media freedom and good governance.

SMS
If you are in Zimbabwe and your phone rings, you might be receiving news headline from SW Radio, election update from Kubatana.net or a political joke about Robert Mugabe. Widespread mobile phone access in Africa has made SMS a powerful and useful tool for activists.

Zimbabweans are using SMS to send each other political jokes. Comrade Fatso writes about this particular use of SMS:

Anyone know someone with a truck? There’s a guy wanting to move all his stuff from State House to Zvimba. The jokes spread as text messages refer to our aged dictator relocating to his rural home. People really do believe this is a general election – because our generals decide who gets elected. Another joke walking the streets of Harare is that the only difference between an election and an erection is that you can’t rig the latter.

The UK-based SW Radio uses SMS to send news headlines to mobile phones:

We now have an SMS news headline service sent to mobile phones.
If you have a friend or relative in Zimbabwe who would like to receive this service please email their mobile phone number to: talk@swradioafrica.com

Kubatana, an online community of Zimbabwean activists, uses FrontlineSMS to send election news to their SMS subscribers and facilitate conversations:

Join the Kubatana SMS Subscriber list!
Kubatana uses a variety of technologies to communicate with Zimbabweans – SMS is one of them. We send out notifications of public events, inspiring quotations, selected comments from current and past articles and statements and we convert some of our web site content into thought provoking tasty 160 character messages.
What we really value is getting to know what you think, and to facilitate this you can respond to any SMS we send out. Democracy is a two way thang!
Often we take some of what you say and share it on the Kubatana Blog Site so that more people benefit from the conversation.
Let’s get together, and message together.

The organisation has also used FrontlineSMS to run its campaign, “What we want in Zimbabwe?” The organisation posts messages from subscribers on Kubatana blog so that more people can benefit:

In addition to inviting email contributions, we also asked our many SMS subscribers what a new Zimbabwe looks like to them. Read some of their ideas below, and text your dreams for a new Zimbabwe to +263912452201

Amanda Atwood writes, “Text messages for change”:

As announcements by the Zimbabwe Electoral Commission have been trickling out, we’ve been forwarding them to our SMS subscribers, many of whom do not have access to television or radio, or who are hit by Zimbabwe’s persistent electricity shortage.

FrontlineSMS is a text messaging system designed to meet the needs of the non-profit sector. FrontlineSMS was also used by the Nigeria Mobile Election Monitors last year. Ken Banks, the creator of Frontline SMS writes:

Back in the summer of 2006 I was fortunate to spend three weeks in Zimbabwe working with them. A local NGO seeking to promote human rights and good governance, Kubatana were the very first users of FrontlineSMS when it launched back in 2005, starting a trend which has seen the software used for similar activities in a number of other countries around the world. In their own words, FrontlineSMS finally opened up the possibilities for text messaging in their work, and I knew they had plans to use it during the 2008 elections. This is what they’ve been doing.

Last year, Kubatana sent out an SMS soliciting public opionion about the the Stay Away, which was called by the Zimbabwe Congress of Trade Unions. They published some of the reponses on their blog:

In advance of the Stay Away called by the Zimbabwe Congress of Trade Unions (ZCTU) for Wednesday and Thursday, 19 and 20 September, we at Kubatana sent out a text message and email asking our subscribers what they thought of the stay away, whether their workplace would be participating, and what their friends and neighbours were saying about it.
We were flooded with emails and text messages expressing a range of opinions, from eager support for the stay away and a commitment to stay home even if their work place was open, to others who questioned the usefulness of the tactic or whether it would make any difference on the ground.
Here is just a small sampling of people’s responses:
Don’t think it will be a success. People are tired of stay aways.
———————————
Supporting it, not coming to work, enough is enough.
———————————
Yes and all my friends want to stay away in order to make a statement.

In addition to their SMS service, Kubatana uses listserv, email newsletter and electronic activism campaigns:

Our regular electronic activism campaigns encourage Zimbabweans and other visitors to our web site to mobilise, lobby and advocate. Being involved lessens one’s feeling of despair while helping us to keep inspired.
As Joan Baez said: Action is the antidote to despair.
Our email listserv and regular email newsletters keep thousands of Zimbabweans and regional and international subscribers informed. Kubatana also helps Zimbabwean civil society to strengthen their use of Information Communication Technologies (ICTs) through email, Internet and motivational training workshops. We often spend a day with a group of information activists teaching them how to use ICTs more effectively either in their organisations, or as individual activists.

Electronic Cards
Sokwanele-Zvakwana is another pro-democracy civic organisation using new media tools to fight for democracy and rule of law. Its website offers free e-cards as part of its non-violent campaigns for change.

Sokwanele’s Zimbabwean e-cards can be used, for FREE, to help Zimbabweans campaign for non violent peaceful change in Zimbabwe.

The cards are organised around different themes:
Bob Must Go:

Bob Must Go! It’s as simple as that.

Elections and democracy:

Parliamentary and presidential elections are set for 2008. You can get ready and start campaigning using our e-cards. Zimbabweans want elections that are genuinely free and fair, and we want a return to the rule of law, and a life free of violence and intimidation.

Memories of Zimbabwe:

A set of e-cards evoking whimsical and fond memories of our beloved Zimbabwe. Use these for any occasion, or simply to send quick notes to friends and colleagues. Do you have an image that would make a great memory e-card? If you’d like to share your special memory with everyone by turning it into an e-card – contact us and let us know.

Economy e-cards:

Zimbabwe’s economy is in free-fall and it’s no laughing matter. Spread a bit of cheer by sending a humorous e-card, or send a card to alert someone of the reality of our country’s economic state.