I will discuss some initial steps Malware prevention of entry into the computer with the assumption that the operating system used is Windows.
Description of Terms:
Extension = sign identifier owned by file order to know what program created this file and can be opened (for example, dokumenku.xls. *. Xls extension =:: or file_gw.doc. Extension = *. doc)
Folder = Used to store the files. Usually the pictorial map in yellow.
Files = has extensions and run with a particular program (eg, fileku.xls, fileku.doc, gambar.jpg)
I. Turn off Auto Run.
Auto Run means when mounted external data storage device (such as USB Flash Disk, CD, External Hard Disk), then Windows will automatically open the contents of external data storage media without waiting for commands from computer users. All you need to know that the malware exploit one of the advantages of Windows is that without us knowing if indeed in the external data storage media that there were already installed malware files, then the malware file will run automatically.
1. On the menu “START”, select “Run …” and type “regedit” and click “OK” button.
2. Open one by one, begin by selecting
[HKEY_CURRENT_USER], then go to [SOFTWARE], [Microsoft], [Windows], [CurrentVersion], [Policies], and select [Explorer]
3. Then right click the mouse on the [Explorer], select “New” and select “DWORD Value”
4. Give it the name “NoDriveTypeAutoRun”
5. Click the left mouse button 2x on “NoDriveTypeAutoRun” and on the “Base” select “Hexadecimal”. Then type “ff” (no quotes) in the “Value data”
6. Click the “OK”.
How do I make him run malware automatically from a data storage media?
It’s easy. Initially we did not realize when we want to retrieve data from another computer for example, it turns out that computers are controlled by the malware. And when we insert a USB Flash Disk, then the malware will be happy to copy itself and enter into the USB Flash Disk. After doubling itself, the malware creates a file “Setup Information” extension *. inf file named “Autorun.inf”. In the Autorun.inf file that malware can enter a command to run the malware files automatically. Unfortunately, these files including hidden and system files so that Windows be happy to run the commands in the Autorun.inf file and this file can not be seen directly, but must make some changes in Windows Explorer to make it look.
II. Opening with a secure data
If you have to disable Auto Run function as in step I, it is possible you could be exposed to malware attacks. There is still that you must understand.
In Windows Explorer, maybe you’re used to open a folder or data that exists in drive C: or D: with the way the left mouse click 2x. This method may conveniently be done, but if in the folder / drive you have malware, the chances of malware that will run automatically if indeed there is a file Autorun.inf.
To further secure the open folders or drives you, do not use the left mouse click 2x. However, use right click mouse and select “Explore”.
If you feel uncomfortable, use the following ways:
1. In “Windows Explorer”, there is a series of menus ranging from the File menu, Edit, View, Favorites, Tools and Help
2. On the “View” menu, select “Explorer Bar” and click “Folders” to select it (if there is already a check mark in front of the “Folders”, then it is selected)
3. Will display a sequence starting from the “Desktop”, “My Documents”, “My Computer”, and so on with a [+] (plus) in front of each. Click the plus sign [+] to see the drives and folders that exist.
4. Just click the folder you want opened directly from the windows “Folder” on the left, it will immediately open the contents of a folder in the right window
III. Shows the Hidden and Super Hidden Files.
Windows Operating System has the support files that have an important role in running this Operating System. And Windows hides those files because it is very risky and dangerous if until erased. If that happens then the Operating System will completely paralyzed and can not be executed.
Malware (Virus / Worm) take advantage of this situation, namely by making himself hidden (Hidden) and also change the status of a file system so that Windows considers the files of malware as part of the files that are important.
Perform the following steps to show hidden files:
1. Open Windows Explorer from the menu “Start”> “Programs” or “All Programs”> “Accessories”> “Windows Explorer”
2. If already open, see the top of Windows Explorer (under the title bar / box title) there is a series of menus from the menu File, Edit, View, Favorites, Tools and Help
3. On the “Tools” menu, select “Folder Options …”
4. Then will come the “Folder Options” with 4 tabs, namely “General” tab, “View”, “File Types”, and “Offline Files”
5. Select the tab “View”
6. You should see a box called “Advanced settings:”. Inside this box looks a structured series of sentences in each of the next sentence there is a choice that is round (called Radio) and box (called a Check Box).
7. Now in the “Advanced settings:”, try your search for a name: “Hidden Files and Folders”, it will show two options under it, namely “Do not show hidden files and folders” and “Show hidden files and folders”. Select the second, the “Show hidden files and folders” by clicking the left mouse button on the selection.
8. Further search of his name: “Hide file extensions for known file types”. See the small box located in front of this option. Uncheck the box by clicking the left mouse button on the box.
9. Then find the name: “Hide protected operating system files (Recommended)”. See the small box located in front of him. Uncheck the box by clicking the left mouse button on the box. Then a confirmation box will appear. Click the “Yes”.
10. When finished, click the “OK”
11. To see if changes were made successfully, you just go to “My Computer” and select drive “C: \” (assuming that your Windows Operating System installed on drive “C: \”). Right click on empty area on the C: and click “Refresh”.
Then you will see some file called “Boot.ini”, “autoexec.bat”, and so that seems a little transparent. That means you’ve succeeded.
12. Please enter your external storage media devices (eg USB Flash Disk). Open a manner as in step II (Open Data with Secure).
13. If you look at the data storage device there is a file that is not your files (foreign files), delete it. Especially if the files you see on the back of the file (file extension) uses. Exe (for example, “file_saya.exe”). Be careful because it is most likely malware files.
14. If you have performed the steps from 1-9, but still those files (in step 11) is not visible, there is the possibility of being exposed to attack your computer malware (viruses / worms)
I will discuss a bit about the techniques used by virus to trick the victim with the same file name with the original file.
Once you have done as in step III (Show Hidden and Super Hidden Files), then automatically all the data that is hidden will be visible. If you have installed such as USB Flash Disk because there are files that would be resolved, do as in step II (Open Data with Safety) to open your file. All you need to consider is the contents of the USB Flash Disk. I will tell you how you can distinguish between genuine and counterfeit which the file (containing malware).
1. The original folder has no extension. For example folderku.exe or folderku.scr.
2. If there are folders that seem transparent, see first that the folder names you know. If you are familiar with, then most likely it was the original folders have been hidden by the malware, and folders that appear clear (not transparent), especially if you have the extension *. exe or *. scr, chances are it is a malware file that trick the victim by name and view similar original folder. Deleted course.
3. If there is a file that is transparent to the extension *. exe or *. scr you do not know, then delete it.
4. If you see any files named “Autorun.inf” and “Desktop.ini”, delete it. But if you already understand the file and not dangerous, leave it alone. Because generally, this is what is used malware files (especially viruses) to run himself.
5. If you save a file that is typed using Microsoft Office Word or Excel, then this notice carefully.
Ø The actual Word files have the extension *. doc (or *. rtf for example). However, if your Word files with extension *. exe (eg fileku.exe), means the file you’ve attacked the virus. There are 2 possibilities: file is damaged because you’ve laid waste not a virus or damaged but the virus will run if you open your file. The solution: use Anti Virus Scan.
Ø The actual Excel files have the extension *. xls (eg fileku.xls). However, if your Excel files with extension *. exe or *. scr possible, meaning your files are already under attack viruses. Solution: Scan using the Anti-Virus.
6. It also did not rule occur in your image file. The image file usually with extension *. jpg, *. jpeg, *. gif and so on. However, if the extension *. exe or *. scr, then scanned with Anti Virus. If not recognized, you can try another anti virus. If not, you should just give up your files to delete them. From the data in your computer is attacked by malware.
Filed under: Study |