Monday, June 15, 2009

Next Step 7 Clean Virus Sandra Dewi


VAKSINCOMVAKSINCOM
Gambar 2, Hapus file virus melalui fitur search windows.

JAKARTA, KOMPAS.com - Do not worry if all of a sudden the computer virus that infected the scalp Sandra Dewi. Even if the antivirus has not been able to off, you can stop serangannya the manual steps.

Sandra Dei virus spreads via USB flash with the file named Sandra Dewi Bugil.exe. The virus is not harmful, but because the very akan kill a number of Windows functions and shut down repeatedly.

7 Next steps manually clean the virus Sandra Dewi:

1. Should disconnect the computer that will be cleared from the network.
2. Turn off "System Restore" during the process of cleaning the virus (for Windows XP / Vista)
3. Turn off the virus active in memory. Use tools for task managers, such as Process Explorer which can be downloaded at the following address http://www.sysinternals.com/utils/index.html

4. Do kill process, some files on the active virus (Figure 1)

- C:-Documents and Settings-%user%-Start Menu-Programs-Startup-Sandra Dewi Bugil.exe
- C:-WINDOWS- Sandra Dewi Bugil.exe

5. Delete registry string that has been created by the virus. To facilitate the registry can use the script below.

[Version]

Signature="$Chicago$"

Provider=Vaksincom Oyee



[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKCR, batfile-shell-open-command,,,"""%1"" %*"

HKCR, comfile-shell-open-command,,,"""%1"" %*"

HKCR, exefile-shell-open-command,,,"""%1"" %*"

HKCR, piffile-shell-open-command,,,"""%1"" %*"

HKCR, lnkfile-shell-open-command,,,"""%1"" %*"

HKCR, scrfile-shell-open-command,,,"""%1"" %*"

HKLM, SOFTWARE-Microsoft-Windows NT-CurrentVersion, RegisteredOrganization,0, "Organization"

HKLM, SOFTWARE-Microsoft-Windows NT-CurrentVersion, RegisteredOwner,0, "Owner"

HKLM,SOFTWARE-Microsoft-Windows-CurrentVersion-Explorer-Advanced-Folder-Hidden-SHOWALL, CheckedValue, 0x00010001,1

HKLM,SOFTWARE-Microsoft-Windows-CurrentVersion-Explorer-Advanced-Folder-Hidden-SHOWALL, DefaultValue, 0x00010001,2

[del]

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-System, DisableRegistryTools

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-System, DisableMsConfig

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-System, DisableTaskMgr

HKCU, Software-Policies-Microsoft-Windows-system, DisableCMD

HKCU, Software-Microsoft-Internet Explorer-Main, Window Title

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoFolderOptions

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoFind

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoClose

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoControlPanel

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoRun

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoStartMenuMorePrograms

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoViewContextMenu

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoViewOnDrive

HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, StartMenuLogoff

Use the notepad, then save with the name "repair.inf" (use the Save As Type option to be All Files so that the error does not occur). Repair.inf run with a click on the File menu in Windows Explorer and select install. Repair.inf should create a file on the computer clean, so that the virus is not active.

6. Delete the file that the virus has characteristics as follows:
Icon-picture (JPEG Image)
- Extension exe
- Size 132 KB
Note
- We show the hidden files in order to simplify the search process in the virus file.
- To facilitate the search process should use the "Search Windows" with the filter *. exe files that have a size of 132 KB.
- Delete the file that the virus usually have the same modified date. (Figure 2)

7. For optimal cleaning and prevent re-infection, you should use the anti-ter-virus update and recognize this well. You can also use tools Norman Malware Cleaner which you can download the http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe

Source: Vaksincom
Related Posts with Thumbnails

Followers

 

free4any © 2008 using D'Bluez Theme Designed by Ipiet Supported by Tadpole's Notez Based on FREEmium theme | Suport by : prafangga.com News Online solo culture writing inspiration