One feature the computer is infected with the virus JeNGKol akan logoff the computer if the user runs the file. Inf and when the user edit the vbs file.
This virus will hide the file berekstensi. DOC, with how to create a duplicate file in accordance with the file name that is hidden to trick users. How do I clean this virus?
Follow the steps below:
1. Disconnect the computer that will be cleared from the network (LAN).
2. Disable "System Restore" during the cleaning process (Windows XP).
3. Turn off the virus.
To kill the virus can use tools such as task manager for "Process explorer". Please downlod tools Here
4. Delete the registry made by the virus.
To simplify the process of elimination, please copy the script below on the notepad program and save it with the name repair.vbs, then Run the file (click 2x).
Dim oWSH: Set oWSH = CreateObject ( "WScript.Shell")
on error resume Next
oWSH.Regwrite "HKEY_LOCAL_MACHINE \ Software \ CLASSES \ batfile \ shell \ open \ command \ ","""% 1" "% *" oWSH.Regwrite "HKEY_LOCAL_MACHINE \ Software \ CLASSES \ comfile \ shell \ open \ command \ ","""% 1" "% *" oWSH.Regwrite "HKEY_LOCAL_MACHINE \ Software \ CLASSES \ exefile \ shell \ open \ command \ ","""% 1" "% *" oWSH.Regwrite "HKEY_LOCAL_MACHINE \ Software \ CLASSES \ piffile \ shell \ open \ command \ ","""% 1" "% *" oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ SafeBoot \ AlternateShell", "cmd.exe" oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Control \ SafeBoot \ AlternateShell", "cmd.exe" oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ AlternateShell", "cmd.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Shell", "Explorer.exe" oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ VBSFile \ Shell \ Edit \ Command \", "C: \ Windows \ System32 \ notepad.exe% 1"
oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ VBSFile \ DefaultIcon \", "C: \ Windows \ System32 \ WScript.exe, 2"
oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ inffile \ shell \ Install \ command \", "C: \ Windows \ System32 \ rundll32.exe setupapi, InstallHinfSection DefaultInstall 132% 1"
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFind")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFolderOptions") oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoRun")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFileAssociate")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoDrives")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableRegistriTools")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableTaskMgr")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableCMD")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableRegedit")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ RunLogonScriptSync")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ HideLegacyLogonScripts")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ HideLogoffScripts")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ HideStartupScripts")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ RunStartupScriptSync")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ run \ JeNGKoL") oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ VBSFile \ NeverShowExt")
oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ VBSFile \", "VBScript Script File"
oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ VBSFile \ FriendlyTypeName", "VBScript Script File" oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableRegistriTools")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableTaskMgr")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableRegedit")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ RunLogonScriptSync") oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ EnableLUA")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFolderOptions")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NOFind")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NORun")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoDrives")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoDriveAutoRun")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ WinOldApp \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Msconfig.exe \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ regedit.exe \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ cmd.exe \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ cmd.exe \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ regedit32.exe \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ rstrui.exe \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ attrib.exe \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ command.com")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ install.exe \ debugger")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ setup.exe \ debugger")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ ActiveDesktop \") oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Associations \")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ DisallowRun \")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run \")
oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ WindowsUpdate \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ ActiveDesktop \")
oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer \ Run \")
5. Remove duplicate file is created by the virus with the characteristics:
* Using vbs or JPEG icon
* Size 14 KB
* Image Type JPEG file or VBScript Script File To simplify the search process of the virus, please use the Search windows.
6. For optimal cleaning and prevent re-infection, protect your computer with anti virus that is able to detect and eradicate this virus.
Source:detikinet.com
Entri Populer
-
Belajar sejarah tentang Kota Bandung, para blogger yang tergabung dalam Bandung Kota Blogger (Batagor) berjalan kaki menyusuri jalan-jalan y... -
3 top hosting gratis dengan kapasitas besar yang kami informasikan dalam artikel kali ini adalah hasil penelusuran lewat internet. Selain ho... -
Gara gara namanya sama dengan kelompok teroris, gadis cantik ini bermasalah dengan Facebook. Akunnya tiba-tiba saja kena blokir oleh jeja... -
Pada dasarnya OS windows sudah membatasi bandwidth untuk koneksi internet sebanyak 20% dari total bandwidth yang seharusnya bisa maksimal. J...
-
Lupa dengan password login Windows, Kini anda tak perlu khawatir dengan hal tersebut. ada solusi yang akan membantu persoalan anda. Yang p...
-
Anda sudah Tahu Windows 7? Mungkin juga anda sudah menggunakan Windows 7...Sudah cukup banyak user yang menjajal Windows 7. Meski baru versi... -
Microsoft Office 2010 (previously referred to by its codename Office 14) is the next version of the Microsoft Office generation. It entered... -
Serangan program jahat dengan julukan Gumblar makin serius. Pengguna internet diharap makin waspada dengan serangan yang 'meracuni' ... -
Ada banyak cara untuk mengakali koneksi internet yang lambat, apalagi Anda menggunakan akses internet di warnet-warnet yang kebanyakan merek...
-
Google Wave is a new tool for communication and collaboration on the web, coming later this year. Watch the demo video below, sign up for up...
Share
Posts
Recent Posts
0 komentar:
Post a Comment