Wahyu CF: Februari 2010

Liberty Reserve

Quick Wallet

An easy access account that you can easily access to make payments quickly.
Just like wallet is to your bank account, LR's Wallet allows you to keep a small balance handy for quick payments, while keeping the bulk of your balance in your main Liberty Reserve account.

Live Chat

Have questions? Liberty Reserve provides personal, live, one-to-one chat with a customer support representative to answer your questions. No more waiting hours or days to get a simple question answered. Our representatives can also push a URL onto your computer as a pop-up so that you do not have to go looking for a particular link.
You can also get the chat history automatically emailed to you!

Private Payment Option

Unique to Liberty Reserve, truly private payments.
You now have the option of making your payment to any other account without revealing your account number - recipient will not see the account number you have sent funds from.

Active security

Stop Account feature and hacker proof Login page with a custom welcome message that you select yourself in order to see that you are logged in to a genuine Liberty Reserve web site. We do more than anyone else to protect your money.

Free Private Messaging

Your Liberty Reserve account is not just for sending or receiving payments. Create an account and use the built-in messaging system to privately send and receive messages from your friends and business associates. This is much more private and secure than email or instant messenger services.

Business SCI/API

The most advanced and secure tools and scripts that allow your business to securely receive, verify and send funds to other Liberty Reserve members.

How to resize a partition in Windows Vista

Because programs such as Partition Magic don’t work on Windows Vista, some of you may be wondering how to resize partitions without losing any data. The good news is that you probably won’t be needing those programs because Windows Vista can manage your partition resizing.

To resize a partition with Windows Vista, follow these steps:
Be sure to back up any valuable information, because there is a slight chance that data can be lost when dealing with partitions.
1) Click on the Start menu
2) Right click on Computer and click on Manage

3) You may get a User Account Control dialog here; just click Continue
4) In the left pane, open up the Storage category and click on Disk Management

5) Here, you will find your partitions for your disks. Right click on the partition you’d like to modify.

6) Click on Extend Volume or Shrink Volume to extend or shrink the selected partition.

If this doesn’t work for you because some options were greyed out, you can check out this post for an alternate method.
Still need help? Check out our new forums where you can get an even faster and better response!

How Does the Welchia Worm Infect My Computer?

How Does the Welchia Worm Infect My Computer?

Copies itself to the Wins directory in the System or System32 folder in Windows usually

C:\Windows\System32\Wins\Dllhost.exe for Windows XP or
C:\WinNT\System32\Wins\Dllhost.exe for Windows NT/2000

There is a legitimate file called Dllhost.exe (about 5-6K) in the System32 directory.

Makes a copy of the TFTP server (TFTPD.exe) from the Dllcache directory to the following directories.

C:\Windows\System32\Wins\svchost.exe for Windows XP or
C:\WinNT\System32\Wins\svchost.exe for Windows NT/2000

NOTE: Svchost.exe is a legitimate program, which is not malicious, found in the System32 directory

Creates the following services:

Service Name: RpcTftpd
Display Name: Network Connections Sharing
File: %System%\wins\svchost.exe

This service will be set to start manually.

Service Name: RpcPatch
Display Name: WINS Client
File: %System%\wins\dllhost.exe

This service will be set to start automatically.

Ends the process, MSBLAST, and delete the file %System%\msblast.exe which is dropped by the worm, MSBlast.A. First, it checks the operating system version, then it downloads the appropriate patch from the designated Microsoft Web site. After executing the patch, it reboots the system.
Some of the patches it downloads into the system are as follows:

http://download.microsoft.com/download/6/9/5/6957d785-fb7a-4ac9-b1e6-cb99b62f9f2a/Windows2000-KB823980-x86-KOR.exe
http://download.microsoft.com/download/5/8/f/58fa7161-8db3-4af4-b576-0a56b0a9d8e6/Windows2000-KB823980-x86-CHT.exe
http://download.microsoft.com/download/2/8/1/281c0df6-772b-42b0-9125-6858b759e977/Windows2000-KB823980-x86-CHS.exe
http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8ad2-b4b9d42049d5/Windows2000-KB823980-x86-ENU.exe
http://download.microsoft.com/download/e/3/1/e31b9d29-f650-4078-8a76-3e81eb4554f6/WindowsXP-KB823980-x86-KOR.exe
http://download.microsoft.com/download/2/3/6/236eaaa3-380b-4507-9ac2-6cec324b3ce8/WindowsXP-KB823980-x86-CHT.exe
http://download.microsoft.com/download/a/a/5/aa56d061-3a38-44af-8d48-85e42de9d2c0/WindowsXP-KB823980-x86-CHS.exe
http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe
The downloaded patch has the file name, RpcServicePack.exe. This worm deletes this file after it is run.

Before downloading or installing the patch on the system, this worm first checks if the system has been previously patched by checking for specific registry keys to make sure the patch hasnt been installed.

The worm travels through a computer network or local area network looking for unpatched and vulnerable machines. The worm will use a ping to determine if the active machine is on a network.Once the worm identifies a machine as being active on the network, it will either send data to TCP port 135, which exploits the DCOM RPC vulnerability, or it will send data to TCP port 80 to exploit the WebDav vulnerability.

Creates a remote shell on the vulnerable host that will connect back to the attacking computer on a random TCP port between 666 and 765 to receive instructions.

Launches the TFTP server on the attacking machine, instructs the victim machine to connect and download Dllhost.exe and Svchost.exe from the attacking machine. If the file, %System%\dllcache\tftpd.exe exists, the worm may not download svchost.exe.

Menghilangkan cvlu.exe

I. click Start > Run.. ketik MSCONFIG. Pada tab startup hilangkan check (V) pada CVLU.EXE. Lalu lihat alamat tempat file CVLU.EXE ditempatkan. Itu induk dari virus tersebut.
II. tekan kombinasi tombol CTRL+ALT+DELETE satu kali untuk membuka Task Manager. Pada tab process, kill process CVLU.EXE.
III. delete file CVLU.EXE pada lokasi yang ditunjukkan oleh MSCONFIG tadi.. tenang, virus itu sudah non-aktif sekarang.
IV. delete CVLU.EXE pada Removable Disk lalu delete AUTORUN.INF.

Setelah itu copy seluruh data anda dari Removable Disk ke satu folder di HDD, lalu format Removable Disk anda. Masukkan kembali file² yang ada.. selesai..