8 Step Eliminate 'Hopeless' in Computers
Senin, 05 Januari 2009
Just like a virus, in general, local, part II Hopeless virus spread through the media usb flash / external drive. In addition to the 3 main virus file, will also be Hopeless virus duplicate files on all folders.
1. Disconnect the computer that will be cleared from the network.
2. Should do the cleaning in safe mode.
3. Turn off the virus by using the tools of task manager, as itty Bitty Process Manager.
4. Make 'kill process', the file the virus is active, namely: C: \ WINDOWS \ system32 \ spool \ idle.exe
5. Remove string registry was created by the virus. To facilitate the registry can use the script below:
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe" "% 1" ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows, AppInit_DLLs, 0
HKLM, SYSTEM \ ControlSet001 \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM \ CurrentControlSet \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableRegistryTools
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableTaskMgr
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoFolderOptions
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoRun
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoFind
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, StartMenuLogoff
HKLM, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableRegistryTools
HKLM, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableTaskMgr
HKLM, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoFolderOptions
HKLM, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoRun
HKLM, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoFind
HKCU, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Repair
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Repair
6. Use notepad, then save with the name 'Repair.inf'. Then a Save As Type All Files to avoid an error occurred.
7. Repair.inf run with the right-click and select install. Repair.inf should create a file on a clean computer, so that the virus is not active.
8. Hapuskan master file and duplicate files that have been created by the virus Hopeless, where files are discrete icon folder, the file size is 247 kb, the file extension. Exe file and type 'application'.
Additional simply, to facilitate the removal of facilities can use the search. In addition to the optimal cleaning and prevent re-infection, use anti-virus that is able to recognize both the virus.
source : detikinet.com
0 komentar:
Posting Komentar