by : Ardhi SuryadhiPIF Virus / Starter or a virus known as the shortcut to make the victim of sorts with lots of shortcuts made by the virus. Repotnya, if the means of the virus is not right even then he will come back, again and again.
Therefore, I see 7 sharpshooter from virus analyst Vaksincom MG Lat shortcut to stop the flood of virus that caused this:
1. Previous first turn off system restore process.
2. Turn off the process of Wscript file located in C: \ Windows \ System32, by using tools such as CProcess, HijackThis or can also use the Task Manager of Windows.
3. After the process of Wscript off, we had to delete-me-or rename the file so that's not to be used by the virus.
As a note, me-if we rename the file from Wscript.exe with the automatic, it will be copied again in the folder. Therefore, we must find where the file Wscript.exe the other, usually in C: \ Windows \ $ NtServicePackUninstall $, C: \ Windows \ ServicePackFiles \ i386.
No virus-like virus vbs other, we can change the Open With from the vbs file into Notepad, the virus berextensi this means is that mdb file Microsoft Access. So Wscript will run the file DATABASE.MDB as though he is a vbs file.
4. Delete the files in the parent C: \ Documents and Settings \ \ My Documents \ database.mdb, so that every time the computer will not run load the file. And do not forget we are also open msconfig, disable the run command.
5. Now we will delete the files Autorun.INF. Microsoft.INF and Thumb.db. How, click the START button, type CMD, moved to the drive to be cleaned, for example, drive C: \, then we should do is:
Type C: \ del Microsoft.inf / s, this command will delete all files in all microsoft.inf folder on drive C:. While the move would drive live just replaced the name drivenya example: D: \ del Microsoft.inf / s.
For the autorun.inf file, type C: \ autorun.inf del / s / ah / f, the command will delete the file autorun.inf (syntax / ah / f) is used because the file using the attrib RSHA, as well as to file Thumb . db also do the same.
6. For a delete-file file earlier than 4, we must find ways to search files with the extension. Lnk size 1 kb. In the 'More advanced options' option make sure that' Search system folders' and 'Search hidden files and folders' both are checked.
Please be careful, not all the shortcut files / LNK file size of 1 kb that is a virus, we can distinguish them from icons, size and type. To create a shortcut icon for the virus using icon 'folder', and the size of 1 kb bertipe 'shortcut'. While the correct folder should not have 'size' and the type is' File Folder '.
7. Fix the registry is modified by the virus. To speed up the process of repair registry copy the script below on the program 'notepad' and save it with the name 'Repair.inf'. Run the file in the following manner:
- Click right repair.inf
- Click Install
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKLM, SYSTEM \ ControlSet001 \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM \ ControlSet002 \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
[del]
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Winupdate
HKCU, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, explorer (ash / fyk)
source : detikinet.com
Other related articles :
- Prevent the virus from active autorun.inf with USB Firewall
- Beware, virus attacks' Hopeless' in First Year
- 10 Tips for Securing Computer When Vacation
- Tips for Reducing Risks are Computer Virus
- 7 Step to eradicate virus' K0pL4xZ '
0 comments:
Post a Comment