root@fandigunawan

March 14, 2009

Fandi’s Virus Removal Guide

Filed under: Security, Virus — Tags: , , — fandigunawan @ 12:25 pm

I have faced many people asking me how to tackle the virus and kill them. I just offered them by several tips and now as the way which usually I do getting structured I need to write the procedures here:

The condition which is assumed here is a computer with

  • no antivirus
  • outdated antivirus
  • antivirus which could not recognize the virus
  • infected computer

The one which I always told to people that they need to know their computer especially by watching normal processes loaded in their computer (use task manager or Process Explorer), if you have a clean computer do it right now and you are required to be

Guide 1 : if you dont know the virus or where the virus is

Rule 1 : Don’t ever scan your computer from infected system

Please remember that computer virus behaves as much as human’s virus it will not react on clean system except you trigger it. I usually suggest people to scan it using

  1. (recommended) using Windows PE and put you antivirus on flashdisk
  2. other clean computer or borrowing others PC with installed antivirus

Rule 2 : use portable or forced to be portable antivirus in case you use Windows PE with flashdisk

The following link contains a great information about portable antivirus, usually I use Avira that I have used since five years ago (I never install it though, I just made it portable in case someone need my help).

Rule 3 : make sure if you have precious infected documents don’t let antivirus delete the document or quarantine it (this is one of the reason I choose Avira). List all infected documents and move it to a specific folder for restoration (if possible). If you already know the virus name (once you scan the infected file you will be prompted by the name of virus) go to Google and seek the cure (do not let antivirus delete you files !) if there is no cure than you may make an password protected archive in case in the future the cure is invented.

Guide 2 : if you know the virus

Rule 1 : You may use online virus scanning such as :

Rule 2 : using the information above, get the antivirus which can detect the virus or specific cure for the virus. I recommend you to use specific cure for the virus because you will need no hassle by installing antivirus etc. If you have infected files or documents try to scan and to list all of those and move it to a specific folder.  Try googling by using keyword repair tool virus name.

Procedural ways which usually I used.

1. If you don’t know the virus name (since I don’t use antivirus on my PC), copy one sample, zip it and send the sample to online antivirus scanner (see Guide 2, Rule 1)
2. Get the virus name and find for cure
3. If cure is not exist then download antivirus which can be made portable e.g. Clam Win, Avira. Cure is tool used to repair infected files (not to delete them)
4. Put all of your weapons on Flash disk
5. Boot your PC using other clean OS (other PC’s or in my case I used my windows live CD/ Windows PE)
6. Plug your flashdisk (cantaining cure/antivirus) and run the weapon
7. Clean the virus/repair infected files
8. Reboot and you get your PC clean
9. In case your windows critical files infected -> reinstall your PC

Advertisements

February 28, 2009

White house email server’s down

Filed under: Misc, Security, Tulisan — Tags: , , — fandigunawan @ 10:30 am

Well this is a fantastic news, the unimaginable sacred white house suffers email server meltdown.

 

 

 

 

Excerpt from CNN :

President Obama has his blackberry — but his tech-savvy press operation has been without e-mail for most of the day, and it’s not yet clear when they’ll get it back.

Obama press staffers had just made the leap to their official White House e-mail addresses Monday morning when the Outlook server went down. They weren’t the only ones affected by the crash, which also hit the first lady’s office and other White House offices.

So basically we need to learn from this, this proprietary mail server (they call exchange server) has nothing special than the free and open source mail server. The free and open source mail server has been proved be able to serve at high performance with smaller costs and better security (I am not saying it is bug free, but at least it is easily patched and traced). I think Windows is not suitable for server operating system and I think it will remains like this for another ten years from now (except Microsoft does a revolutionary change on NT core). So, the UNIX or *NIX OS be happy! This occasion is a good change to campaign against Microsoft products for server.

The time of UNIX or *NIX to reign their place in this computing world.  

February 15, 2009

Mencegah Infeksi Virus Tanpa Antivirus (Jilid 2)

Beberapa saat yang lalu saya membaca sebuah artikel menarik [update : tambahan artikel]  yang harusnya dibaca oleh semua pengguna komputer. Setelah tulisan saya yang lalu mengenai bagaimana memproteksi komputer Anda dengan tidak menggunakan akun administrator dan penggunaan file-system dengan kepemilikan semacam NTFS maka kali ini saya akan membahas tentang pentingnya access control untuk whitelisted dan blacklisted program. Idenya sih sederhana, daripada kita mempunyai daftar program malicious ala antivirus, kenapa tidak kita gunakan pendekatan yang lain semisal kita buat daftar program apa saja yang boleh dijalankan. Saya rasa ini masuk akal berhubung berapa banyak sih program yang kita pakai dikomputer kita? Ratusan kah? saya rasa tidak !.

[Update : 26 Feb 2009] Cara ini tidak bisa digunakan untuk mencegah exploit yang merupakan bug/kesalahan operating system atau aplikasi diatasnya. Untuk rujukan baca : artikel 1 dan  artikel 2. Untuk mencegah masalah exploit Anda sebaiknya menggunakan OS yang selalu update dengan dukungan yang baik semisal Linux :D, kalau Windows ada baiknya Anda berdoa supaya Microsoft cepat mengeluarkan patch/ tambalan untuk OSnya. Untuk aplikasi diatas OS yang rentan eksploitasi berharaplah pada vendor pembuatnya (untuk yang close source/proprietary) atau gunakan produk opensource dengan patch yang cepat diirilis :D.

(more…)

April 4, 2008

Idnaf.Office.Recover : Generic Recovery Tool for Infected M$ Office’s Documents

Several days ago, I came up to design a “simple” recovery tool for files infected by virus by embedding it to virus’ body. I call this software : Idnaf.Office.Recover.
The current software will detect the signature of *.DOC, *.XLS and *.PPT.

IMPORTANT
Don’t blame me if there is something wrong, see the source code to solve your problem!

NOTE
Version 0.2 beta 1 and 0.1 beta 1 have different algorithms. So, it may end up in different results.

Please tell me if there is bug or new suggestion. Please be aware that this application is in early development and yet free of charge.

Software Requirement :
.NET Framework 2.0
Microsoft Windows.

License :
Please see https://fandigunawan.wordpress.com/licensing or License.txt in the archive.

Version 0.2 beta 1
Binary :
Office.Recover02b1-bin.zip

Source Code (C#):
Office.Recover02b1-src.zip

Version 0.1 beta 1
Binary :
Office.Recover01b1-bin.zip

Source Code (C#):
Office.Recover01b1-src.zip

Screenshots :
Screenshot 0
Screenshot 1
Screenshot 2
Screenshot 3
Screenshot 4
Screenshot 5
Screenshot 6

Other resource :
preventing-microsoft-offices-document-from-virus-infection [English]
mencegah-infeksi-berkas-microsoft-office [Indonesian]

Important links:
Microsoft Office
http://www.microsoft.com/interop/docs/OfficeBinaryFormats.mspx

March 28, 2008

Preventing Microsoft Office’s Document from Virus Infection.


This time I will discuss about tricks to prevent virus infection on Microsoft Office’s documents. The original article was published in Ilmukomputer.com and was translated into english.

The article describes the tricks to prevent viruses from scanning Microsoft Office’s documents.
For the details please download the folowing file:

PreventingMicrosoftOfficesDocumentfr.zip

March 24, 2008

Mencegah Infeksi Berkas Microsoft Office


Kali ini saya menyoroti persoalan tentang banyaknya dokumen buatan Microsoft Office yang terinfeksi oleh virus. Berikut tips dan trik dari saya untuk mencegah terinfeksinya berkas-berkas buatan Microsoft Office semisal : DOC (Word), XLS (Excel), PPT (PowerPoint) , MDB (Access) dan VSD (Visio).

Tautan untuk mengunduh secara langsung:
fandi-mencegahinfeksiberkasoffice-pre1.zip (Ilmukomputer.com)
atau
fandi-mencegahinfeksiberkasoffice-pre1.zip (Googlepages.com)

Tautan penting :
artikel-mencegah-virus-tanpa-anti-virus-untuk-win-xp-win2k-win2k3/
senjata-paling-ampuh-menyelamatkan-data-dari-komputer-yang-terinfeksi-virus/
fandi-cegahvirus-113.zip

Referensi :

Microsoft Office
Pelbagai Antivirus
Kaspersky Antivirus
Avira Antivirus
Symantec Norton Antivirus

January 16, 2008

Cryptography in Microcontroller

Filed under: Microcontroller, Security — Tags: , , — fandigunawan @ 8:21 am

One of my junior at President University, Edi Permadi finally released his works on the net about en/decryption and hashing method for PIC16F84. I personally like cryptography as well as its implementation in hardware (microcontroller or IC design). His works which already published are :

 

 

Implementing Simplified DES using PIC16F84

Direct file download :

http://edipermadi.googlepages.com/sdes-pic16f84.7z

Implementing MD5 using PIC16F84

Direct download:

 http://edipermadi.googlepages.com/md5-pic16f84.7z

Implementing Simplified DES using EEPROM

Direct download

 http://edipermadi.googlepages.com/sdes-encryption-lookup.7z

 http://edipermadi.googlepages.com/sdes-decryption-lookup.7z

Simplified DES Simulator

Direct download :

 http://edipermadi.googlepages.com/sdes-simulator.7z

To open files above you will need WinRAR or  7-ZIP (recommended)

My comment :

It is a very interesting implementation, however NIST has chosen Rijndael to replace DES. I hope in the future he will be able to implement Rijndael in microcontroller or FPGA.

MD5 is no longer secure, it has collision. SHA1 is much better.

Links :

January 11, 2008

Core.NET : Starter Kit and Virus Revealed released

Filed under: Security — Tags: — fandigunawan @ 11:23 am

After postponing about two weeks, finally I be able to upload two files for Core.NET.

 

 

 

 

1. Core.NET starter kit 1.0-pre1
This package contains fundamental and manifesto of Core.NET
Grab it here : http://mihd.net/3y2hkx

2. Core.NET – Virus Revealed 1.0-pre1
This package contains introduction to virus and simple recovery for delf.axz
Grab it here : http://mihd.net/z1yft7

The files are self extracting archive. Please scan your file before open it.

Other file :

http://coredotnet.files.wordpress.com/2007/09/intro.pdf

December 9, 2007

Senjata Paling Ampuh Menyelamatkan Data Dari Komputer yang Terinfeksi Virus

Filed under: Security, Virus — Tags: , — fandigunawan @ 4:22 am

Berikut senjata-senjata ampuh yang biasanya saya pakai untuk membantai virus dan menyelamatkan data.

  • Windows Live CD (maaf tidak ada tautan, coba Anda cari menggunakan google dengan kata kunci “windows live cd”) atau Linux Live CD yang dilengkapi antivirus.
  • Antivirus yang portable (semisal ClamAV, Avast, Avira dan yang lain belum coba)
  • Flashdisk/harddisk eksternal/media penyimpanan lain

Langkah-langkahnya :

  • Boot Windows Live CD/Linux Live CD
  • Letakkan antivirus yang portable didalam flashdisk/harddisk eksternal
  • Scan sistem Anda
  • Kalau ada virus jangan cepat-cepat mengambil kesimpulan untuk menghapus file-file tersebut
  • Sebaiknya data-data penting Anda dipindahkan ke partisi lain (yang sudah di-scan) atau ke media penyimpanan seperti flashdisk termasuk yang terkontaminasi virus. Coba catat nama virus yang bersangkutan. Pisahkan file yang bersih dengan yang terkontaminasi. Bila file kita tidak dapat disembuhkan jangan buru-buru dihapus, tunggulah beberapa saat sembari mencari di-google untuk file-recovery nya.

NB: Disini antivirus saya gunakan hanya sebagai scanner virus saja dan bukan sebagai shield/resident protection.

Tautan penting:

5 Alasan Untuk Tidak Sepenuh Hati Percaya Antivirus

Filed under: Security, Virus — Tags: , — fandigunawan @ 3:44 am

Berikut alasan-alasan mengapa kita tidak harus 100% percaya dengan antivirus (meski sudah diupdate)

  • Definisi ataupun signature antivirus berasal dari sampel virus yang dikirimkan pelanggan. Dalam kata lain tidak ada antivirus yang bisa mendeteksi benda-benda yang mencurigakan sampai mendekati 100%. Ini seperti analogi polisi dan maling. Tidak ada ceritanya polisi datang duluan daripada maling.
  • Penggunaan teknologi untuk memprediksi benda-benda yang mencurigakan/ Teknologi untuk menyaring barang-barang berbahaya sebenarnya ada (kebanyakan sudah ditanamkan dalam antivirus) namun masih terbukti banyak ditembus virus.
  • Antivirus membuat kita cenderung was-was dan ketergantungan. Coba kita pikirkan ini baik-baik, bagaimana keadaan Anda apabila tidak ada koneksi internet dengan antivirus yang tidak update (lebih dari satu tahun)? Kebanyakan dari kita pasti merasakan was-was. Kita sering berpersepsi tentang adanya satu antivirus yang benar-benar super karena termakan kata-kata orang.
  • Antivirus tidak membuat kita jadi tidak hati-hati dan terlalu percaya diri. Kita sering mengalami kejadian dimana ketika antivirus kita sudah update kita merasa sudah bebas masalah. Ingatlah masih banyak virus lokal/asing yang baru yang belum banyak dikenali.
  • Jangan pernah berpikir kalau antivirus terus menemukan metode pendeteksian virus, para penulis virus (virus writer) bakalan berhenti melakukan riset untuk mengelabui/membunuh antivirus. Bahkan saya sering menjumpai mereka saling berbagi source code virus dan metode untuk mengelabui antivirus. Seperti yang saya bilang antivirus dan virus seperti polisi dan maling. Maling pasti akan menemukan cara untuk membuat modus baru… bukankah demikian ….

Tulisan ini saya buat bukan untuk tidak memakai antivirus sama sekali, namun untuk menunjukkan pada Anda semua kenyataan ketika menggunakan antivirus. Kita tetap membutuhkan antivirus sebagai sabuk keamanan, tidak lebih.

Saya pernah melakukan satu tes untuk menguji antivirus yang dapat Anda baca di tautan berikut. Tes ini saya coba dikantor menggunakan ClamAV yang paling update pada waktu itu dan diujicobakan dikomputer teman. Tes ini yang paling sederhana yaitu mempaket virus dengan pelbagai exe-compressor. Seharusnya semua antivirus sudah dapat mendeteksi virus-virus ini namun hasilnya tidaklah demikian. Hasilnya dapat Anda baca sendiri di tautan tadi. Meski demikian kalaupun ada dari Anda yang mau mencoba men-scan harap memberi komentar berupa nama Anda, Antivirus dan tanggal update.

Tautan penting :

Older Posts »

Create a free website or blog at WordPress.com.