How to Make your PC immune from Ramnit virus attacks
Although a bit late I share this article on Ramnit virus. But remember there are still many victims of this virus, then I want to share tricks how to make your PC or laptop to be more resistant to Ramnit virus attacks.
Although a bit late I share this article on Ramnit virus. But remember there are still many victims of this virus, then I want to share tricks how to make your PC or laptop to be more resistant to Ramnit virus attacks.
First half of 2011 is owned Ramnit. Ramnit ranked first as the most malware infecting computers in Indonesia. Until now many variants that produced by the virus Ramnit nevertheless this virus has the traits, characteristics and the same action, the parent file name was not changed to keep using the name of the file WaterMark.exe. To spread it self, Ramnit will utilize a variety of media such as:
USB Flash, to create a file:
USB Flash, to create a file:
autorun.infCopy of Shortcut to (1). LnkCopy of Shortcut to (2). LnkCopy of Shortcut to (3). LnkCopy of Shortcut to (4). Lnk
Create a file in the folder RECYCLER virus with the extension .CPL and EXE files and infects an application (EXE), DLL and HTM / HTML.
Exploits the Windows MS10-046 security KB2286198.
Internet, the spread Ramnit through the internet can occur when a user accesses a file from the webserver htm or html already on the injection by Ramnit.
Network (LAN / WAN) by injecting a file EXE / DLL / HTM / HTML on the folder / drive on the share.
Preventive Measures
Preventive Measures
From the analysis, the current virus Ramnit "always" use a master file with the same name ie "WaterMark.exe" although the storage location varies depending on the variant that infects the computer and create a file "Explorermgr.exe" located in the directory [C : \ Windows], the file "Explorermgr.exe" is created if Ramnit managed to infect a file "Explorer.exe". To make your computer will can not to be victims of violence Ramnit, here are some tips and tricks for your computer to be immune from Ramnit attack.
Create an empty folder with the name "WaterMark.exe" and "svchost.exe" in the usual location in the drill by a virus, then change the file attributes to Hidden, System and Read Only. This step is done so that Ramnit can not make the main virus file in the same location.
Create an empty folder with the name "WaterMark.exe" and "svchost.exe" in the usual location in the drill by a virus, then change the file attributes to Hidden, System and Read Only. This step is done so that Ramnit can not make the main virus file in the same location.
Create a file "Recycler" on each drive, then change the attributes to Hidden, System and Read Only. This step is performed in order Ramnit can not create a master file (in the form of an EXE extension and CPL) to a RECYCLER file. RECYCLER because this form of file (not a FOLDER) then Ramnit not be able to make a virus file at that location.
Create 2 (two) in the following registry key:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options (see figure).
Key: Explorermgr.exe and WaterMark.exe
String value: Debugger
Type: REG_SZ
Data value: ntsd-d
This step is done, so that the script / code that is on file virus Ramnit virus can not execute, so Ramnit not be active in memory.
May be useful.
"How to Make your PC immune from Ramnit virus attacks"
Tidak ada komentar:
Posting Komentar