Currently there are 304 antivirus software detected the circulation of fake and menginfeksi thousands of computers in Indonesia. In addition to bring through, the virus can spread through e-mail to send false messages containing attachments.
Viruses act by providing a false message that resembles the Windows program, which seems to tell that in your computer, there are spyware / virus, and then install the antispyware program that is false 'XP AntiSpyware 2009.
To clean up, there are several steps that need to be done. This was how:
1. Disconnect the computer from the network will be cleaned.
2. Scan your computer using a removal tool. You can use the removal tool to clean up from Norman (you can download it here http://download.norman.no/public/Norman_Malware_Cleaner.exe
3. Remove string registry, which was created by the virus. To ease the registry can use the script below.
[Version]
Signature = "$ $ Chicago"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command, "regedit.exe" "% 1"
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Search Bar, 0
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Search Page, 0
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Start Page, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Search, SearchAssistant, 0
HKLM, SOFTWARE \ Microsoft \ Security Center, AntiVirusDisableNotify, 0
HKLM, SOFTWARE \ Microsoft \ Security Center, FirewallDisableNotify, 0
HKLM, SOFTWARE \ Microsoft \ Security Center, UpdateDisableNotify, 0
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows, AppInit_DLLs, 0
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, braviax
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, braviax
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, brastk
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ MountPoints2, (706ab86c-937e-11dd-a04c-000c290bc510)
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Options Executions, Explorer.exe
Use a notepad, and then save with the name "Repair.inf" (use the Save As Type option to become All Files to avoid the mistakes). Run repair.inf with right-click and select install. Repair.inf should create a file on the computer clean, so that the virus is not active.
4. For optimal cleaning and prevent re-infection, should use the antivirus update and identify all the installation files with the virus this good.
Viruses act by providing a false message that resembles the Windows program, which seems to tell that in your computer, there are spyware / virus, and then install the antispyware program that is false 'XP AntiSpyware 2009.
To clean up, there are several steps that need to be done. This was how:
1. Disconnect the computer from the network will be cleaned.
2. Scan your computer using a removal tool. You can use the removal tool to clean up from Norman (you can download it here http://download.norman.no/public/Norman_Malware_Cleaner.exe
3. Remove string registry, which was created by the virus. To ease the registry can use the script below.
[Version]
Signature = "$ $ Chicago"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command, "regedit.exe" "% 1"
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Search Bar, 0
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Search Page, 0
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Start Page, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Search, SearchAssistant, 0
HKLM, SOFTWARE \ Microsoft \ Security Center, AntiVirusDisableNotify, 0
HKLM, SOFTWARE \ Microsoft \ Security Center, FirewallDisableNotify, 0
HKLM, SOFTWARE \ Microsoft \ Security Center, UpdateDisableNotify, 0
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows, AppInit_DLLs, 0
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, braviax
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, braviax
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, brastk
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ MountPoints2, (706ab86c-937e-11dd-a04c-000c290bc510)
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Options Executions, Explorer.exe
Use a notepad, and then save with the name "Repair.inf" (use the Save As Type option to become All Files to avoid the mistakes). Run repair.inf with right-click and select install. Repair.inf should create a file on the computer clean, so that the virus is not active.
0 comments:
Post a Comment