Greska sam, ponovo se javlja. Kaspersky jeste cudo ali ovog trojanca nikako da obrise.
Jos malo odgovora sam naso na netu ali ko uspe da prevede mozda nadje neko resenje.
kopirano sa
http://indo-me.blogspot.com/20...s-trojan-horse-from-china.html
--------------------------------------------------
Selasa, 2008 Juli 29
Tongji JS trojan horse from china
kwokowow awalnya gak sadar network ku terkena trojan Kang MAs Tongji JS.
Network jadi lemot and putus putus selama 3 har ini..
akhirnya reserse mode on .. bergaya bak pak polisi selidik sini selidik sana ..walah kena suntik kang mas tongji.js ... wkwowkowkwo firewall, antivir new update, DF 6 tembus iks ...
donworry .... bukan virus, trojan, spyware ato apalah namanya klo gak bikin mumet kepala...
==================
hasil scanning yg aku liat di simbah google ..wkwkwkwk berarti dah lama yah itu ..cuma baru2 ini masuk indonesia ...melebarkan pangsa pasar " istilah bussinesman "
Squid User Access Report
Period: 2008May02-2008May02
User: 140_117_198_202
Sort: BYTES, reverse
User Report
ACCESSED SITE DATE TIME
js.tongji.yahoo.com.cn 05/02/2008 22:00:31
js.tongji.yahoo.com.cn 05/02/2008 22:01:04
js.tongji.yahoo.com.cn 05/02/2008 22:01:44
js.tongji.yahoo.com.cn 05/02/2008 22:02:50
js.tongji.yahoo.com.cn 05/02/2008 22:02:52
js.tongji.yahoo.com.cn 05/02/2008 22:03:22
js.tongji.yahoo.com.cn 05/02/2008 22:03:24
js.tongji.yahoo.com.cn 05/02/2008 22:03:53
js.tongji.yahoo.com.cn 05/02/2008 22:03:55
js.tongji.yahoo.com.cn 05/02/2008 22:04:25
js.tongji.yahoo.com.cn 05/02/2008 23:22:00
js.tongji.yahoo.com.cn 05/02/2008 23:22:17
js.tongji.yahoo.com.cn 05/02/2008 23:22:23
js.tongji.yahoo.com.cn 05/02/2008 23:22:32
js.tongji.yahoo.com.cn 05/02/2008 23:22:40
js.tongji.yahoo.com.cn 05/02/2008 23:23:10
js.tongji.yahoo.com.cn 05/02/2008 23:23:43
js.tongji.yahoo.com.cn 05/02/2008 23:24:08
Squid Analysis Report Generator js_tongji_yahoo_com_cn.html
=========
connecting akses tongji :
http://mx.content-type.cn:443/day.js
http://js.tongji.cn.yahoo.com/621252/ystat.js
http://ad.5iyy.info/day.js
http://js.tongji.yahsoo.com.cn
Log is generated by FreShow.
[wide]http://www.in9.cn/index.php
[script]http://www.in9.cn/js/global.js
[script]http://www.in9.cn/js/pw_tagdata.js
[frame]http://www.aeroxr.cn/xu.html
[frame]http://www.aeroxr.cn/as.html
[object]http://www.tygvb.cn/4562.swf
[object]http://www.tygvb.cn/4561.swf
[frame]http://www.flashj.com.cn/lg.html
[object]http://www.flashj.com.cn/Baidu.cab
[frame]http://www.flashj.com.cn/1.html
[object]http://www.bnhkm.cn/google.exe
[frame]http://www.flashj.com.cn/l.html
[object]http://www.bnhkm.cn/google.exe
[frame]http://www.flashj.com.cn/bf.html
[object]http://www.bnhkm.cn/google.exe
[frame]http://www.flashj.com.cn/r.html
[object]http://www.bnhkm.cn/google.exe
[frame]http://www.flashj.com.cn/nr.html
[object]http://www.bnhkm.cn/google.exe
[script]http://js.users.51.la/1902390.js
[script]http://play.unionsky.cn/show/?placeID=51436
[script]http://www.in9.cn/js/Deploy.js
[script]http://www.in9.cn/js/pw_ajax.js
[script]http://www.in9.cn/js/popup.js
[script]http://js.tongji.cn.yahoo.com/261365/ystat.js
[script]http://js.tongji.cn.yahoo.com/261365/
http://www.tygvb.cn/4561.swf
http://www.tygvb.cn/4562.swf
http://www.flashj.com.cn/Baidu.cab
http://www.bnhkm.cn/google.exe
==========
kangmas tongji semangat lho klo kerja begitu dapet pc 1 biji .. dia akan menginfeksi pc pc lain yg terkoneksi dalam 1 network ato 1 gateway ...
trus dia akan melakukan arp spoofing jaringan network kita :D
"tahu thoh akibatnya klo network kita kena sniff :D klo gak tahu tanya mbah google aja apa itu arp spoofing , sniffing data, spoofer, sniffer, pencurian data :D "
dan juga selang beberapa menit 1 menit mungkin pc kita akan hang
Solusi :
1) jurus Sakti Simbah Windows : Di format aja mas komputernya ,klo males format
2) instal antivirus dengan update terbaru
3) download AddOn " NOSCRIPT " buat disable/enable javascript
4) and Update windows XP anda dengan SP3 service pack
-------------------------------------------------------------------------------