technorati
del.icio.us
digg
yahoo
google
reddit
blinklists
blogmarks
facebook
twitter
VAKSINCOMJAKARTA, KOMPAS.com - Do not worry if all of a sudden the computer virus that infected the scalp Sandra Dewi. Even if the antivirus has not been able to off, you can stop serangannya the manual steps.
Sandra Dei virus spreads via USB flash with the file named Sandra Dewi Bugil.exe. The virus is not harmful, but because the very akan kill a number of Windows functions and shut down repeatedly.
7 Next steps manually clean the virus Sandra Dewi:
1. Should disconnect the computer that will be cleared from the network.
2. Turn off "System Restore" during the process of cleaning the virus (for Windows XP / Vista)
3. Turn off the virus active in memory. Use tools for task managers, such as Process Explorer which can be downloaded at the following address http://www.sysinternals.com/utils/index.html
4. Do kill process, some files on the active virus (Figure 1)
- C:-Documents and Settings-%user%-Start Menu-Programs-Startup-Sandra Dewi Bugil.exe
- C:-WINDOWS- Sandra Dewi Bugil.exe
5. Delete registry string that has been created by the virus. To facilitate the registry can use the script below.
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCR, batfile-shell-open-command,,,"""%1"" %*"
HKCR, comfile-shell-open-command,,,"""%1"" %*"
HKCR, exefile-shell-open-command,,,"""%1"" %*"
HKCR, piffile-shell-open-command,,,"""%1"" %*"
HKCR, lnkfile-shell-open-command,,,"""%1"" %*"
HKCR, scrfile-shell-open-command,,,"""%1"" %*"
HKLM, SOFTWARE-Microsoft-Windows NT-CurrentVersion, RegisteredOrganization,0, "Organization"
HKLM, SOFTWARE-Microsoft-Windows NT-CurrentVersion, RegisteredOwner,0, "Owner"
HKLM,SOFTWARE-Microsoft-Windows-CurrentVersion-Explorer-Advanced-Folder-Hidden-SHOWALL, CheckedValue, 0x00010001,1
HKLM,SOFTWARE-Microsoft-Windows-CurrentVersion-Explorer-Advanced-Folder-Hidden-SHOWALL, DefaultValue, 0x00010001,2
[del]
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-System, DisableRegistryTools
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-System, DisableMsConfig
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-System, DisableTaskMgr
HKCU, Software-Policies-Microsoft-Windows-system, DisableCMD
HKCU, Software-Microsoft-Internet Explorer-Main, Window Title
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoFolderOptions
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoFind
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoClose
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoControlPanel
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoRun
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoStartMenuMorePrograms
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoViewContextMenu
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoViewOnDrive
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, StartMenuLogoff
6. Delete the file that the virus has characteristics as follows:
Icon-picture (JPEG Image)
- Extension exe
- Size 132 KB
- We show the hidden files in order to simplify the search process in the virus file.
- To facilitate the search process should use the "Search Windows" with the filter *. exe files that have a size of 132 KB.
- Delete the file that the virus usually have the same modified date. (Figure 2)
7. For optimal cleaning and prevent re-infection, you should use the anti-ter-virus update and recognize this well. You can also use tools Norman Malware Cleaner which you can download the http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
Source: Vaksincom
