Pencarian Terpopuler

Lebih seru buka di aplikasi

Beri tahu kami apa yang Anda minati

Pengumuman! Telah hadir KASKUS GPT: Fitur yang membantu Gan/Sis menulis thread dengan Cepat. Daftar Beta Tester

TS f40ph

Kaskuser

Lapor Hansip

26-05-2015 07:56

Help Gan!. Windows 8 ane kenapa ya ini

Help Gan. windows 8 ane kenapa ya. waktu ane asik2 browsing tiba2 keluar ini

ini

Berberapa file tidak bisa dibuka gan. termasuk game emoticon-Berduka (S)

ane udah ubek2 mbah google tapi nggak ketemu emoticon-Berduka (S)

Diubah oleh f40ph 26-05-2015 08:08

Masuk untuk memberikan balasan

patchkom

Kaskus Geek

Lapor Hansip

26-05-2015 08:58

coba uninstall app lockernya di cp add/remove

TS f40ph

Kaskuser

Lapor Hansip

26-05-2015 09:10

Quote:Original Posted By patchkom ►
coba uninstall app lockernya di cp add/remove

ok sip gan ane coba dulu emoticon-I Love Kaskus (S)

dickaoppai

KASKUS Geek

Lapor Hansip

26-05-2015 09:43

kayaknya agan kena Ransomware jenis baru
tdi di trit sblah ada yg kena juga

Quote:Original Posted By Comdark.Bubnix ►

ini hasil investigasi awal,,dan masih akan terus diselidiki.
http://www.bleepingcomputer.com/foru...pts-your-data/

Locker ransomware hides until midnight on May 25th and then encrypts your data

A new ransomware called Locker has been discovered that once installed lay dormant until midnight local time on May 25th when it would activate and encrypt your data files. Once your files were encrypted it would demand .1 bitcoins in order to decrypt your files. If payment was not made within 72 hours, the ransom price would then increase to 1 bitcoin. This ransomware is currently widespread with global targeting.

Locker appears to be installed via a dropper that creates a daisy-chain installation of various Windows services that ultimately launches the Locker screen. The main dropper will be installed in C:\Windows\Syswow64 as a random name such as twitslabiasends.exe. This file will then create the Steg service that uses the C:\ProgramData\Steg\steg.exe executable. This executable will then install Tor into C:\ProgramData\Tor and create another called service called LDR. The LDR service is associated with the C:\ProgramData
kcl\ldr.exe and will ultimately launch the rkcl.exe program which displays the Locker interface. Finally the installation will also delete all Shadow Volume Copies so that you are unable to use them to restore your files

The main screen for the Locker ransomware will include a version number. This version number appears to be random with titles such as Locker v1.7, Locker v3.5.3, Locker V2.16, and Locker V5.52. The Locker screen is broken up into 4 different sections labeled Information, Payment, Files, and Status. The Information screen will display the ransom note and information on what has happened to the victim's data. The Payment screen will display the victims unique bitcoin address and information on how to make payment. The Files screen will load the list of files that have been encrypted and the Status screen will display payment status information.

In the C:\ProgramData
kcl folder there will be various files created. These files are:

data.aa0 - This file contains a list of the encrypted
data.aa1 - Unknown purpose
data.aa6 - The victim's unique bitcoin address
data.aa7 - An RSA key
data.aa9 - Unknown purpose
data.aa9 - The date the ransomware became active.
data.aa11 - Unknown purpose

point :
1. virus ini ternyata kayak punya timer gitu,jadi entah kapan dia masuk ke kompi,pas tengah malam tgl 25 mei,bakal aktif deh.
2. virus locker ini saat ini lagi happening banget alias korbannya banyak baik dari indonesia n luar negeri.
3. di artikel tertulis, The main dropper will be installed in C:\Windows\Syswow64, brarti kemungkinan ni virus keyaknya ngincer pc 64 bit aja kali yak ? apa agan2 kompinya 64 bit ?
4. jika di C:\ProgramData\ ada folder rkcl brarti kena virus ini,,di dalamnya udah dirinci gan,isi dari data aa nya apa aja. cek di artikel di atas.
5. virus ini diduga nyebar dari pdf via chrome. apa agan2 pake chrome smua n pernah buka pdf via chrome ??

Diubah oleh dickaoppai 26-05-2015 12:59

crixilian

Kaskus Addict

Lapor Hansip

26-05-2015 10:49

zharki memberi reputasi

1 0

alijoel

Aktivis Kaskus

Lapor Hansip

26-05-2015 11:09

kena ransomware itu,,, sabar gan...