-Disconnect komputer yang akan dibersihkan dari jaringan- Disable “system restore” selama proses pembersihan (Windows ME/XP)
- Matikan proses virus yang aktif di memory resdent. Untuk mematikan proses tersebut gunakan tools “currprocess”. Kemudian matikan proses virus yang mempunyai icon JPG.
- Repair registry yang sudah di ubah oleh . Untuk mempercepat proses perbaikan silahkan salin script dibawah ini pada program notepad kemudian simpan dengan nama repair.inf.
- Jalankan file tersebut dengan cara:- Klik kanan repair.inf- Klik Install
[Version]Signature=”$Chicago$”Provider=Vaksincom
[DefaultInstall]AddReg=UnhookRegKeyDelReg=del
[UnhookRegKey]HKLM, Software\CLASSES\batfile\shell\open\comm… %*”HKLM, Software\CLASSES\comfile\shell\open\comm… %*”HKLM, Software\CLASSES\exefile\shell\open\comm… %*”HKLM, Software\CLASSES\piffile\shell\open\comm… %*”HKLM, Software\CLASSES\regfile\shell\open\comm… “%1?”HKLM, Software\CLASSES\scrfile\shell\open\comm… %*”HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… UncheckedValue,0×00010001,0HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio…HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio…HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… UncheckedValue,0×00010001,1HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… CheckedValue,0×00010001,0HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… DefaultValue,0×00010001,0HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, “about:blank”HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… type,0, “checkbox”HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… type,0, “checkbox”HKCU, Control Panel\International, s1159,0, “AM”HKCU, Control Panel\International, s2359,0, “PM”HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”HKLM, SYSTEM\CurrentControlSet\Control\SafeBoo… AlternateShell,0, “cmd.exe”HKCU, Software\Microsoft\Windows\CurrentVersio… ShowSuperHidden,0×00010001,1HKCU, Software\Microsoft\Windows\CurrentVersio… SuperHidden,0×00010001,1HKCU, Software\Microsoft\Windows\CurrentVersio… HideFileExt,0×00010001,0
[del]HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableConfigHKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableSRHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspoold.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspool.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HokageFile.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rin.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Obito.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMP.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KakashiHatake.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\http://www.vaksin.com/hall_of_fame.htm-C…HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\http://www.vaksin.com/hall_of_fame.htm-R…HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HOKAGE4.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\http://www.vaksin.com/hall_of_fame.htmHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\http://www.vaksin.com/hall_of_fame.htmHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansav.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe,debuggerHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Instal.exe, debuggerHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe,debuggerHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exeHKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansavgd.exeHKCU, Software\Microsoft\Windows\CurrentVersio… DisableRegistryToolsHKCU, Software\Microsoft\Windows\CurrentVersio… NoFindHKLM, SOFTWARE\Policies\Microsoft\Windows\Inst… DisableMSIHKLM, SOFTWARE\Policies\Microsoft\Windows\Inst… LimitSystemRestoreCheckpointingHKCR, exefile, NeverShowExtHKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… PaRaY_VMHKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… ConfigVirHKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… NviDiaGTHKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… NarmonVirusAntiHKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… AVManagerHKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… EnableLUA
- Hapus file induk virus . Sebelum menghapus file tersebut sebaiknya tampilkan file yang tersembunyi caranya :- Buka Windows Explorer- Klik menu “Tools”- Klik “Folder Options”- Klik Tabulasi View- Pada kolom “Advanced settings”- Pilih opsi “Show hidden files and folders”- Unchek “Hide extensions for known file types”- Uncheck “Hide protected operating system files (Recommended)
Kemudian hapus file berikut:
• C:\Windows\system32\~A~m~B~u~R~a~D~u~L~• csrcc.exe• smss.exe• lsass.exe• services.exe• winlogon.exe• Paraysutki_VM_Community.sys• msvbvm60.dll• C:\Autorun.inf• C:\FoToKu xx-x-xxx.exe, dimana x menunjukan tanggal virus tesebut di aktifkan (contohnya: FoToKu 14-3-2008.exe)• C:\Friendster Community.exe• C:\J3MbataN K4HaYan.exe• C:\MyImages.exe• C:\PaLMa.exe• C:\Images
- Hapus juga file induk virus di flash disk /disket
- C:\Autorun.inf- C:\FoToKu xx-x-xxx.exe, dimana x menunjukan tanggal virustesebut di aktifkan (contohnya: FoToKu 14-3-2008.exe)- C:\Friendster Community.exe- C:\J3MbataN K4HaYan.exe- C:\MyImages.exe- C:\PaLMa.exe- C:\Images
- Tampilkan file gambar yang telah disembbunyikan di Flash Disk dengan cara:- Klik “Start” menu- Klik “Run”- Ketik “CMD”- Pada Dos Prompt, pindahkan posisi kursor ke lokasi Flash Diskkemudian ketik perintah berikut ATTRIB –s –h /s /d
- Untuk pembersihan optimal dan mencegah infeksi ulang scan denganantivirus yang up-to-date dan sudah dapat mengenali virus ini denganbaik.
RSS Feed (xml)
Tidak ada komentar:
Posting Komentar