One of [the] virus characteristic hokage from guessed to come from sampit change icon flash menyk be icon winamp. this virus is actually stills easy to exterminated.
next manner destroys virus sampit also known with vbworm. gen16, quoted from official explanation vaksincom, thursday (10/4/200
1. kill “system restore” during cleaning process (if use windows xp)
2. kill virus process (uses currprocess).
after run tools “currprocess”, choose file all files mempuyai icon winamp (rin. exe, obito. exe, kakashihatake. exe and hokage4. exe).
3. erase registri that made by vbworm. gen16. to simplify abolition process, copy script under this in program notepad then save by the name of repair. inf. run file repair. . inf by:
click right repair. inf
click install
[version
signature=”$chicago$”
provider=vaksincom naruto
[defaultinstall
addreg=unhookregkey
delreg=del
[unhookregkey
hklm, software\classes\batfile\shell\open\command, , , ”””%1? ” %*”
hklm, software\classes\comfile\shell\open\command, , , ”””%1? ” %*”
hklm, software\classes\exefile\shell\open\command, , , ”””%1? ” %*”
hklm, software\classes\piffile\shell\open\command, , , ”””%1? ” %*”
hklm, software\classes\regfile\shell\open\command, , , ”regedit. exe “%1? ”
hklm, software\classes\scrfile\shell\open\command, , , ”””%1? ” %*”
hklm, software\microsoft\windows nt\currentversion\winlogon, shell, 0, “explorer. exe”
[del
hkcu, software\microsoft\windows\currentversion\policies\system, menyableregistrytools
hkcu, software\microsoft\windows\currentversion\policies\system, menyabletaskmgr
hkcu, software\microsoft\windows\currentversion\policies\explorer, nofolderoptions
hkcu, software\microsoft\windows\currentversion\policies\explorer, nofind
hkcu, software\microsoft\windows\currentversion\policies\explorer, norun
hkcu, software\microsoft\windows\currentversion\policies\winoldapp
hklm, software\microsoft\windows\currentversion\run, hokage 4
hklm, software\microsoft\windows\currentversion\run, kakashi hatake
hklm, software\microsoft\windows\currentversion\run, obito uchiha
hklm, software\microsoft\windows\currentversion\run, rin
4. look for and file erase that made by virus. to speed up abolition livelihood process, use fitur “search windows”. before do livelihood and virus file abolition, display beforehand latent file so that livelihood more maximal. to display latent file does step berkut:
- open windows explorer
- click menu “tools”, then click “folder options”
- in sail “folder options”, click tabulation “view”
- in folder “hidden files and folders”, eliminate sign ticks off in option “hide extensions for known file types” and “hide protected operating system files (recomended)”
- click button “ok”
to look for and wipe off virus file, do step next:
- click “start” menu
- click “search”, then click “for files or folders”
- after appear sail “search result”, click menu “all files and folders”
- then in column “all or part of the file name” contents with extension. exe
- in column “look in”, ascertain aim to location drive that be inspected to belong to location flash menyk.
- click menu “what size is it”, then choose option “specify size (in kb)
choose “at most”
contents of the size “42?
- click menu “more advanced option”, then choose option
searh system folders
search hidden files and folders
search subfolders
- then click button “search” to begin livelihood process
- virus file erase menyemua drive belong flash menyk that has feature: icon winamp, size 42 kb, type file “application”, extension. exe
5. also file desktop. this, folder. htt, autorun. inf and anbu. txt at flash menyk.
6. for maximal cleaning and prevent infection repeats, scan with counter virus up-to-date and can identified this virus well.
7. to prevent so that virus not mobile automatic at the (time) of access to a drive best you kill function autoplay.
8. for anticipation so that this virus doesn't return menginfeksi your computer besides with menginstall antivirus up-to-date, also can make script simple for lethal this virus process if tries mobile at memory its way, copy script under this in program notepad then save by the name of removehokage. reg. then run file (click 2x), click “yes” if found confirmation to add registri.
windows registry editor version 5.00
[hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\hokage4. exe
“debugger”=”cmd. exe /c del”
[hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\hokagefile. exe
“debugger”=”cmd. exe /c del”
[hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\kakashihatake. exe
“debugger”=”cmd. exe /c del”
[hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\rin. exe
“debugger”=”cmd. exe /c del”
[hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\obito. exe
“debugger”=”cmd. exe /c del”
Saturday, November 8, 2008
8 instructions cleans virus ninja hokage”
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment