Here are eight steps to clean the virus' Nadia Saphira 'alias' W32/VBTroj.AOQB' on the computer:
1. We recommend you disconnect the computer from the network will be cleaned
2. Turn off 'System Restore' for the virus cleaning process (for Windows XP / Vista).
3. Turn off the virus active in memory. Use tools for task managers, such as CProcess (you can download on the site Nirsoft)
4. Make a kill process, in some file that the virus is active are:
5.Delete registry string that has been created by the virus. To facilitate the registry can use the script below.
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCR, batfile\shell\open\command,,,"""%1"" %*"
HKCR, comfile\shell\open\command,,,"""%1"" %*"
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, piffile\shell\open\command,,,"""%1"" %*"
HKCR, lnkfile\shell\open\command,,,"""%1"" %*"
HKCR, scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
HKLM, SOFTWARE\Classes\exefile\DefaultIcon,,,""%1""
HKLM, SOFTWARE\Classes\exefile,,,"Application"
HKLM, SOFTWARE\Classes\exefile,infotip,0, "prop:FileDescription;Company;FileVersion;Create;Size"
HKLM, SOFTWARE\Classes\exefile,TileInfo,0, "prop:FileDescription;Company;FileVersion"
HKCU, Software\Microsoft\Command Processor, AutoRun,0,
HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0x00010001,1
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0x00010001,2
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, nofind
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, nofind
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sessmgr.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPYXX.exe
* Use the notepad, then save with the name "repair.inf * *" (use the Save As Type option to be All Files so that the error does not occur).
* Run repair.inf with a right click, then select install.
* We create a file on the computer that repair.inf clean, so that the virus is not active.
6. Remove the file that the virus has characteristics as follows:
* Icon application / folder
* Ext. exe
* Size 69 & kb 17 kb
* Note:
* We show the hidden files in order to simplify the search process in the virus file.
* To facilitate the search process should use the "Search Windows" with the filter file **. exe **. * & * have this size 69 KB & 17 KB.
* Delete the file that the virus usually have the same modified date.
7. Unhide the hidden folders on the drive or flash. Use the command 'attrib' in the command prompt.
* Click 'Start'
* Click the 'Run'
* Type in 'CMD' and press the Enter key
* Move the cursor position to drive Flash Disk
* * Then type the command attrib-s-h-r / s / d *, then press the enter
8. For optimal cleaning and prevent re-infection, you should use the anti-ter-virus update and recognize this well.
1 komentar:
I certainly agree to some points that you have discussed on this post. I appreciate that you have shared some reliable tips on this review.
Post a Comment