Now the virus has been present Nadia Saphira, inspired with the virus Bulu Bebek, who had previously attended. Nadia Saphira virus created using the programming language visual basic. Distribution method to use Windows autoplay like autorun.inf and NadiaSaphira.ini, removable drives or flash.
Following characteristics of computer virus attacks affected Nadia Saphira, according to the site Vaksin.com:
* The file extension. "Exe" and ". This"
* Type of file "Application".
* File Size "17 kb" and "69 kb".
* There is a folder icon
* Create a duplicate folder fodler as the original and hide fodler
* Eliminate the "Folder Options"
* Can not use CD-ROM
* Not able to access the Command Prompt
How to remove the virus:
1. Disconnect the network that is connected to a computer has been infected.
2. Turn off "System Restore" in the system Windows XP or Vista
3. Download the program Cprocess (www.nirsoft.net / utils / index.html) for the virus in death:
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ lan.exe
C: \ WINDOWS \ system32 \ misconfig.exe
C: \ WINDOWS \ taskmgr.exe
4. Open notepad, and copy the registry script below, then save with the name "repair.inf" which is still in the computer clean:
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee
;
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKCR, batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCR, comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCR, exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCR, piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCR, lnkfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCR, scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Adva nced,
HKLM, SOFTWARE \ Classes \ exefile \ DefaultIcon ,,,""% 1 & q uot; "
HKLM, SOFTWARE \ Classes \ exefile,,, "Application"
HKLM, SOFTWARE \ Classes \ exefile, infotip, 0, "prop: FileDescription; Company; FileVersion; Create; S ize"
HKLM, SOFTWARE \ Classes \ exefile, TileInfo, 0, "prop: FileDescription; Company; FileVersion"
HKCU, Software \ Microsoft \ Command Processor, Autorun, 0,
HKLM, SOFTWARE \ Microsoft \ Command Processor, Autorun, 0,
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explor er \ Advanced \ Folder \ Hidden \ SHOWALL, CheckedValue, 0x00010001, 1
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explor er \ Advanced \ Folder \ Hidden \ SHOWALL, DefaultValue, 0x00010001, 2
[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Syst em, DisableRegistryTools
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Expl orer, NoFolderOptions
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Expl orer, nofind
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Expl orer, nofind
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ msiexec.exe
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ sessmgr.exe
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ SPYXX.exe
5. Repair.inf right-click, and install.
6. Delete the file or folder icon feature type application, file berekstensi. Exe, and the file size of 69 kb and 17 kb
7. Open the Command Prompt, and type the command attrib-s-h-r / s / d in the drive or removable flash media
8. Regularly update anti-virus
Tidak ada komentar:
Posting Komentar