FakeFD.Winsvc.DB Virus Yang Menyusup Ke .RAR

Nama file: setup-Install.exe

Ukuran: 87.5 KB (89,600 bytes)

SHA256: 9EA5CA537EFB9BB5A8AA9C1934126E8CE3104767665E6C050A296FD3D65EF596

Dibuat/dipack: Borland Delphi

Per-Juli – Agustus 2018, virus yang memiliki ID: DBB50432 ini menjadi nominasi virus yang poluper atau banyak menyebar, di Indonesia khususnya, namun tidak menutup kemungkinan di Internasional juga banyak yang jadi korbannya.

Saat pertama kali aktif, virus ini menggandakan dirinya untuk dijadikan indukan (virus) yang bersarang di komputer pada alamat folder: C:\Windows\winsvc32.exe

Setelah aktif, virus akan memindai semua isi folder dan mencari file dengan ekstensi “*.rar” untuk dijadikan wadah penitipan atau penyebaran virus, dengan nama file “setup-Install.exe” pada setiap file .rar.

FakeFD.Winsvc.DB menyisipkan diri di .RAR

FakeFD.Winsvc.DB menyisipkan diri di .RAR

Selain itu, virus juga mencoba berkomuniskasi pada servernya dengan alamat: nexter.x0rg.com

Sayangnya server tersebut saat ini sudah dibisa diakses, atau hanya aktif pada waktu-waktu tertentu, sehingga tidak tau apa isi pesan yang mereka bicarakan.

Daftar File yang dicari

Entah apa yang dipindai / dicari sehingga virus ini mengincar daftar file-file berikut:

Adobe Acrobat 7.0 Professional.exe

Adobe Acrobat 8 Professional.exe

Adobe Acrobat 8 Professional Crack.exe

Adobe All Products Keygen.exe

Adobe All Products v1.0 Keymaker.exe

Adobe Cracks and Keygen Collection 2009.exe

Adobe CS4 Master Collection.exe

Adobe Photo Elements Multi Keygen.exe

Adobe Photoshop CS2 2009 Install.exe

Adobe Photoshop CS2 2009 Install Full Version 2009.exe

Adobe Photoshop CS3 KeyGen.exe

Adobe Photoshop CS3.exe

Adobe Photoshop CS4 Extended.exe

Adobe Photoshop CS4 KeyGen.exe

Adobe Photoshop CS4-Extended.exe

Adobe Photoshop Ultimate Serials Crack.exe

Google Earth Final Build 2009 Version Install .exe

Google Earth Pro 3.0 beta.exe

Google Earth Pro Final Setup.exe

Grand Theft Auto GTA Vice City Crack.exe

Hotmail Cracker v3.2.6.exe

ICQ Password Cracker 2009.exe

Kasperksy 2009 Crack.exe

Kasperksy 2009 Full Suite Crack.exe

Kasperksy 2009 KeyGen.exe

Kaspersky Antivirus 7.0.0.125 Full Crack Editon.exe

Kaspersky Full Suite Crack.exe

Kaspersky 2009 Crack.exe

Kaspersky Internet Security 2009 KeyGen.exe

Limewire Full Speed Patch.exe

Mega Pack WinZip 11.1.exe

Microsoft Office 2003 Professional Edition.exe

Microsoft Office 2007 Home and Student.exe

Microsoft Office 2007 Enterprise.exe

Microsoft Office 2007.exe

Microsoft Visual Basic 2009 KeyGen.exe

Windows 7 Keygen.exe

Windows 7 Theme Sidebar.exe

Windows Ultimate Keygen.exe

Windows Vista ULTIMATE Crack.exe

Windows XP SP2 -Serial Original.exe

Windows XP ULTIMATE Keygen.exe

Myspace Account Cracker.exe

Nero 7.x.x.x All Products.exe

Nero 8 Ultra Edition 8.3.0.exe

Nero 8.1.1.0 Install.exe

Nero 9 Portable Full Final Version.exe

Nero Burning Rom v9.4.13.2c.exe

Norton Internet Security 2009 v16.2.0.7.exe

Norton Internet Security 2009 BR Edition.exe

Nude Celebreties Pics 4.jpg.exe

Paris Hilton Blowjob.jpg.exe

PhotoShop Keygen.exe

PowerDVD v9 Ultra Version.exe

Spyware Doctor 5.01.205.exe

Steam Account Cracker.exe

Steinberg Cubase SX v101 WORKING.exe

Tune Up Utilities 2009 Install.exe

TuneUp Utilities.exe 2009.v8.2000.35.exe

Microsoft Windows 7 Crack.exe

Windows 7 Keygen.exe

Windows 7 Sidebar Install.exe

Windows 7 Theme Install.exe

Windows Vista Cracker.exe

Windows Vista Home Premium KeyGen.exe

Windows Vista Keygen.exe

Windows Vista Serial Keygen.exe

Windows XP Crack.exe

Windows XP Professional CDKey.exe

WinRAR.v3.80 Full Version Cracked 2009.exe

WinRar 3.71 Cracked.exe

WinRar 3.71 Full Patched.exe

WinRAR 3.80 Unplagged.exe

WinRAR v4.3 Full Suite Cracker.exe

World of Warcraft Private Server Launcher v1.0.exe

LimeWire v4.4.3.exe

CDBurnerXP Pro 3.exe

AVG Anti-Virus System v.6.0.exe

Free DVD Ripper 2.25.exe

Spybot Search & Destroy Final Build.exe

Adobe Reader 7.0.5.exe

Jodix Free WMA to MP3 Converter.exe

Clony XXL 2.0.1.5.exe

Nero 6 Reloaded 6.6.0.1.exe

SpeedUpMyPC v4.52.exe

DVD to iPod Video Suite.exe

Kazaa Full Speed Patch.exe

Kazaa Final Build 2009.exe

K-Lite Codec Pack 5.0.0 Full, Standard and Basic.exe

Codec Pack All in 1 6.0.3.0.exe

Nero Burning ROM 9.4.13.2c.exe

Vista Codec Package 5.3.5 install.exe

DivX Free 5.2.1 Install.exe

Daemon Tools 4.30.4 Install.exe

Winamp 5.56.2512.exe

Real Alternative 1.90.exe

FFDShow MPEG-4 Video Decoder 2009-07-25 Install.exe

Samsung PC Studio 3.2.1 HB6 Vista Install.exe

Internet Download Manager 5.17.5.exe

Utorrent 1.8.3 Install.exe

DAEMON Tools 4.10 X64 Install.exe

LG Phone Manager 1.5.0.25.exe

BlueSoleil C 5.0.5.178 Install.exeDivX Free 5.2.1 Crack.exe

Nero Burning Rom 9.4.* Crack.exe

Nero Burning Rom 9.* Full Version Crack

Adobe Full Crack Suite.exe

Need For Speed NO CD Crack (Scanned With Norton AV 2009).exe

Need For Speed Keygen (Scanned With Norton AV 2009).exe

Need For Speed Underground NO CD Crack (Scanned With Norton AV 2009).exe

Zone Alarm Pro 4.x Crack (Scanned With Norton AV 2005).exe

Zone Alarm Pro 5.x Crack (Scanned With Norton AV 2005).exe

GTA San Andreas [PS2] – ISO FTP Info.exe

GTA San Andreas [XBOX] – ISO FTP Info.exe

Ad-Aware Pro – Software Keygen.exe

Clone CD 5 – Software Keygen.exe

Daftar Website yang Diblockir Virus yang diblockir melalui hosts :

www.symantec.com

securityresponse.symantec.com

bottalk.us

symantec.com

www.sophos.com

sophos.com

www.mcafee.com

mcafee.com

liveupdate.symantecliveupdate.com

www.viruslist.com

viruslist.com

viruslist.com

f-secure.com

www.f-secure.com

kaspersky.com

kaspersky-labs.com

www.avp.com

www.kaspersky.com

avp.com

www.networkassociates.com

networkassociates.com

www.ca.com

ca.com

mast.mcafee.com

my-etrust.com

www.my-etrust.com

download.mcafee.com

dispatch.mcafee.com

secure.nai.com

nai.com

www.nai.com

update.symantec.com

updates.symantec.com

us.mcafee.com

liveupdate.symantec.com

customer.symantec.com

rads.mcafee.com

trendmicro.com

pandasoftware.com

www.pandasoftware.com

www.trendmicro.com

www.grisoft.com

www.microsoft.com

microsoft.com

www.virustotal.com

virustotal.com

threatexpert.com

novirusthanks.org

scanner.novirusthanks.org

Anti-Debug – Anti Caption

Diduga, virus ini juga memiliki beberapa teknik Anti-Debug. Berikut beberapa Caption pada Form yang diduga masuk daftar berbahaya oleh virus ini:

Jitbit Network Sniffer

Sniffem Win32

SoftPerfect Network Protocol Analyzer

BurnSoft Connection Sniffer

Process And Port Analyzer

Ether Detect

EtherDetect Packet Sniffer – Unregistered Version

The Wireshark Network Analyzer

Project 1 – Packet Analyzer – Colasoft Capsa

TCPView – Sysinternals: www.sysinternals.com

Process Monitor – Sysinternals: www.sysinternals.com

Process Explorer – Sysinternals: www.sysinternals.com

File Monitor – Sysinternals: www.sysinternals.com

PIAFCTM – Waiting

PIAFCTM – Stopped

SwitchSniffer v1.3.2.0 Registered

SwitchSniffer v1.3.2.0 UnRegistered

CurrProcess

Security Task Manager – Alexander Neuber

Auto Start and Process Viewer : www.konradp.com

Remote Process Viewer for Windows Networks

Process Heap Viewer – www.SecurityXploded.com

Soft191 Process Viewer

 

Anti  Debug – Anti Proccess

Virus ini juga sepertinya anti dengan program yang berjalan di komputer korban dengan daftar proses:

joeboxserver.exe

joeboxcontrol.exe

wireshark.exe

sniff_hit.exe

sysAnalyzer.exe

UserName

user

sandbox

honey

vmware

currentuser

nepenthes

andy

CurrentUser

SbieDll.dll

dbghelp.dll

ntdll.dll

ZwQuerySystemInformation

ZwQueryInformationProcess

*VMWARE*

*VBOX*

*VIRTUAL*

Mengizinkan Firewall terhadap program dengan nama “1.exe”: netsh firewall add allowedprogram 1.exe 1 ENABLE