Skrip Repairing registri Conficker

Conficker lagi,
kali ini ane mau shared aja bgaimana kembalikan registri yang terinfeksi conficker,
caranya :
- buka notepad
- Copy paste script di bawah ini dan simpan dalam extensi [dot]inf
- cara ngejalanin nya, klik kanan dan install,

selamat mencoba..


[Version]

Signature="$Chicago$"

Provider=xxvr



[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del



[UnhookRegKey]

HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0x00000001,1

HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden, 0x00000001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0x00000001,1

HKLM, SYSTEM\CurrentControlSet\Services\BITS, Start, 0x00000002,2

HKLM, SYSTEM\CurrentControlSet\Services\ERSvc, Start, 0x00000002,2

HKLM, SYSTEM\CurrentControlSet\Services\wscsvc, Start, 0x00000002,2

HKLM, SYSTEM\CurrentControlSet\Services\wuauserv, Start, 0x00000002,2



[del]

HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, dl

HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, ds

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, dl

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, ds

HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, TcpNumConnections

Read Maneh »»  

Semua tau virus KIDO,
kido merupakan virus Conficker varian A/B, virus jaringan yang membuat koneksi inet menjadi lemot atau berat, bagi para admin mikrotik disini aku mau share aja bagaimana antisipasi Kido pake forewall mikrotik

/ ip fi fi
add chain=forward protocol=udp src-port=135-139 action=drop comment="Block W32.Kido - Conficker" disabled=no
add chain=forward protocol=udp dst-port=135-139 action=drop comment="" disabled=no
add chain=forward protocol=udp src-port=445 action=drop comment="" disabled=no
add chain=forward protocol=udp dst-port=445 action=drop comment="" disabled=no
add chain=forward protocol=tcp src-port=135-139 action=drop comment="" disabled=no
add chain=forward protocol=tcp dst-port=135-139 action=drop comment="" disabled=no
add chain=forward protocol=tcp src-port=445 action=drop comment="" disabled=no
add chain=forward protocol=tcp dst-port=445 action=drop comment="" disabled=no
add chain=forward protocol=tcp dst-port=4691 action=drop comment="" disabled=no
add chain=forward protocol=tcp dst-port=5933 action=drop comment="" disabled=no

add chain=forward protocol=udp dst-port=5355 action=drop comment="Block LLMNR" disabled=no
add chain=forward protocol=udp dst-port=4647 action=drop comment="" disabled=no

add action=drop chain=forward comment="SMTP Deny" disabled=no protocol=tcp src-port=25
add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp

Read Maneh »»  

Rule Firewall Mikrotik blok Conficker

rule conficker by xxvr

1. besarkan memory cache
/ip dns set cache-size=20480


2. Buat schedule untuk auto flush dns cache
:local a [ /ip dns get cache-used ];
:if ($a>=2048) do { /ip dns cache flush };


3. IP yang scr-conficker
/ip firewall address
add address=64.70.19.33 list=conficker
add address=66.90.81.140 list=conficker
add address=72.167.51.186 list=conficker
add address=74.208.46.216 list=conficker
add address=74.208.64.145 list=conficker
add address=83.68.16.6 list=conficker
add address=97.74.200.45 list=conficker
add address=143.215.143.11 list=conficker
add address=149.20.56.32 list=conficker
add address=199.2.137.252 list=conficker
add address=205.188.161.4 list=conficker
add address=221.7.91.31 list=conficker



4. firewall untuk mencari conficker yang bersarang pada pc Client
/ip firewall filter
add chain=forward action=add-src-to-address-list dst-address-list=conficker address-list=src-conficker address-list-timeout=3d comment="ADD to address-list src-conficker"



5. time out conficker pada add list
/ip firewall filter print

chain=forward action=add-src-to-address-list dst-address-list=conficker address-list=src-conficker address-list-timeout=3d
chain=forward action=jump jump-target=tcp protocol=tcp
chain=forward action=jump jump-target=udp protocol=udp
chain=forward action=jump jump-target=icmp protocol=icmp





/ip firewall filter
add chain=forward in-interface=Wan out-interface=Lan dst-address=192.168.1.30/24 action=accept comment="Allow semua akses internet to client" disabled=no
add chain=input in-interface=Wan protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no
add chain=input in-interface=Wan protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no
add chain=input in-interface=Wan protocol=icmp action=accept comment="Allow Ping Traceroute Traffic" disabled=no
add chain=input in-interface=Wan connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no
add chain=input in-interface=Wan action=drop comment="Drop Semua Akses yang tidak di ijinkan" disabled=no




6. untuk remove duplicate rule conficker.

:if ( [:pick $line 0 1] != "\n" ) do={
:local entry [:pick $line 0 ($lineEnd ) ]
:if ( [:len $entry ] > 0 ) do={
:local listip [:resolve "$entry"]
:if ($listip != "failure" ) do={
:if ((/ip firewall address-list find list=daily-conficker address=$listip) = "") do={
/ip firewall address-list add list=daily-conficker address=$listip comment=$entry
:log info "$listip"
} else={:log info "duplicate IP $entry"}
}
}
}
} while ($lineEnd < $contentLen)
}
:log info "Address List Modification Complete"

#cleaning up
/file remove "$month-$day-$year.txt"

Read Maneh »»