depan

Friday, October 15, 2010

How to Cope Virus Shortcut

The virus is actually not very dangerous shortcut and not damage the system, but quite disturbing because he's creating a shortcut that many files and folders on the computer, at least 5 shortcut to a file / folder. For external antivirus sometimes there is not recognize this virus, because it includes local virus. So the handling is done manually.Feature - Feature Shortcut Virus are:
  •     First of all, after infecting a computer, he will create a master file in My Documents database.mdb
  •     The second is the virus will create a autorun.inf file on each hard disk drives, flash disks, and folders without exception
  •     The third is that he will make Thumb.db file (be careful, be aware that these files without an s, while the thumbnail of the original cache in the computer has an additional letter alias thumbs.db s) in each folder
  •     To lure the victim, he will create a file Microsoft.lnk and New Harry Potter and .... Lnk in each folder which if exercised will immediately activate the virus.
  •     As with other local viruses, he will make a duplicate of each folder but this time not with the extension. Exe but the extension. Ink alias shortcut. 
 Step - Step eradication:
  1. Turn off System Restore. Since I used to always turn off system restore windows immediately after the installation process. For backup and imaging systems, I'd prefer using a third party such as Acronis or Norton Ghost.
  2. Turn off the virus wsrcipt.exe (C: \ WINDOWS \ System32 \ wscript.exe) Can use Process Explorer or misc. tool in HijackThis ..
  3. Delete files in My Documents database.mdb virus ..
  4.  Remove duplicate files virus ..
  • For the removal process, you can use the search facility in Windows .. In the "More advanced options", make sure the option "Search system folders" and "Search hidden files and folders" both checked.
  • To further facilitate the search process as well as deleting a file is found, you can use UTool software, a freeware which can be downloaded for free HERE. This program will automatically find and then delete the files you want (see picture).
  
Search by name autorun.inf file size 8 KBSearch files by name Thumb.db size 8 KBSearch files with the extension. Lnk.lnk size 1 KBDelete all files found .. 
        5. Delete the registry autorun virus created by using Registry Editor
Search in the HKCU \ .. \ Run: database.mdb related file
         6. Fix the registry has been in the change by the virus. To speed up the process of repair registry copy the script below on the "notepad" and then save it with the name "repair.inf". Run the file in the following manner:
- Right-click repair.inf- Click Install
[Version]
Signature=”$Chicago$”
Provider=Vaksincom Oyee

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
[del]
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Winupdate
HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Run, explorer


Related Articles

Diposkan oleh ismay
Label: , , ,
Be a Fan
Subscribe to: Post Comments (Atom)