Here are 8 practical steps for ejecting the virus is able to change the folder that is in the USB flash disk into the shortcut:
1. Disable 'System Restore' for a while during the cleaning process.
2. Decide who will clean your computer from the network.
3. Turn off the virus active in memory by using the tools 'Ice Sword'. Once the tools are installed, select the file that has the icon 'Microsoft Visual Basic Project' and click 'Terminate Process'. Please download these tools at http://icesword.en.softonic.com/
4. Delete the registry that has been created by a virus by:
-. Click the [Start]
-. Click [Run]
-. Type Regedit.exe, and click the [OK]
-. On application the Registry Editor, browse the key [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run]
-. Then delete the key that has the data [C: \ Documents and Settings \% username%].
5. Disable autoplay / autorun Windows. Copy the script below in notepad and save it as repair.inf, install the following manner: Right click repair.inf -> INSTALL
[Version]
Signature=”$Chicago$”
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
6. Delete Files parent and duplicate files are created by the virus, including the flash disk. To expedite the search process, you can use the 'Search'. Before conducting the search should show all hidden files by changing the Folder Options settings.
Do not let an error occurred while deleting the parent files and duplicate files that have been created by the virus. Then delete the master file that has the virus characteristics:
-. Icon 'Microsoft Visual Basic Project'.
-. File Size 128 KB (for other variants will have varying sizes).
-. Ekstesi file. 'EXE' or '. SCR'.
-. File type 'Application' or 'Screen Saver'.
Then delete the duplicate shortcut files that have the characteristics:
>. Folder icon or icon
>. The extension. LNK
>. File Type 'Shortcut'
>. 1 KB file size
Delete the file. DLL (eg ert.dll) and Autorun.inf file on flash disk or a shared folder. Meanwhile, to avoid the virus is active again, delete the master file that has the extension EXE or SCR first, then remove Shortcut file (. LNK).
7. Unhide the folders that have been hidden by the virus. To expedite the process, please download the tools Unhide Files and Folders in http://www.flashshare.com/bfu/download.html.
Once installed, select the directory [C: \ Documents and Settings] and folders that exist on the flash disk by sliding into a column that is already available. In the [Attributes] empty of all the options, then click the [Change Attributes].
8. Install security patches 'Microsoft Windows Shell shortcut handling remote code execution vulnerability, MS10-046'. Please download the security patch at http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx
Once installed, select the directory [C: \ Documents and Settings] and folders that exist on the flash disk by sliding into a column that is already available. In the [Attributes] empty of all the options, then click the [Change Attributes].
8. Install security patches 'Microsoft Windows Shell shortcut handling remote code execution vulnerability, MS10-046'. Please download the security patch at http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx
As usual, for an optimal cleaning and menecegah re-infection, you should install and scan with antivirus is up-to-date and was able to detect this virus very well.
Original source: vaccines [dot] com & detikinet [dot] com
Original source: vaccines [dot] com & detikinet [dot] com
The Second Way :
The characteristics of the virus shortcut:
First of all, after infecting a computer, he will create a master file in My Documents database.mdb
The second is the virus will create a file autorun.inf in every hard disk drives, flash disks, and folders without exception.
The third is that he will make Thumb.db file (be careful, note that this file without the letter s while the thumbnail cache of the original on the computer has an extra letter alias thumbs.db s) in each folder
To lure the victim, he will create a file Microsoft.lnk and New Harry Potter and .... Lnk in each folder which if executed will immediately activate the virus.
Like other local viruses, he will make a duplicate of every folder but this time not with the extension. Exe but the extension. Ink alias shortcut.
First of all, after infecting a computer, he will create a master file in My Documents database.mdb
The second is the virus will create a file autorun.inf in every hard disk drives, flash disks, and folders without exception.
The third is that he will make Thumb.db file (be careful, note that this file without the letter s while the thumbnail cache of the original on the computer has an extra letter alias thumbs.db s) in each folder
To lure the victim, he will create a file Microsoft.lnk and New Harry Potter and .... Lnk in each folder which if executed will immediately activate the virus.
Like other local viruses, he will make a duplicate of every folder but this time not with the extension. Exe but the extension. Ink alias shortcut.
In task manager there are processes that are running wscript.exe services. In normal conditions, there is no process like this.
The steps to remove viruses shortcut:
1. Turn off System Restore. Since I used to always turn off system restore as soon as the windows installation process. For the purposes of backup and imaging systems, I prefer using a third party like Acronis or Norton Ghost (read and dowload: Norton Ghost 15.0.0.35659 (2010) Full Serial Crack)
The steps to remove viruses shortcut:
1. Turn off System Restore. Since I used to always turn off system restore as soon as the windows installation process. For the purposes of backup and imaging systems, I prefer using a third party like Acronis or Norton Ghost (read and dowload: Norton Ghost 15.0.0.35659 (2010) Full Serial Crack)
2. Turn off the virus wsrcipt.exe (C: \ WINDOWS \ System32 \ wscript.exe)
Can use Process Explorer or misc. tool in HijackThis (read and download: HijackThis 2.0.2).
3. Delete files in My Documents database.mdb virus ..
4. Remove duplicate file viruses ..
For the process of elimination, you can use the search facility in Windows .. In the "More advanced options", make sure the option "Search system folders" and "Search hidden files and folders" are both checked.
Can use Process Explorer or misc. tool in HijackThis (read and download: HijackThis 2.0.2).
3. Delete files in My Documents database.mdb virus ..
4. Remove duplicate file viruses ..
For the process of elimination, you can use the search facility in Windows .. In the "More advanced options", make sure the option "Search system folders" and "Search hidden files and folders" are both checked.
Search a file named autorun.inf in size 8 KB
Search files by name Thumb.db size 8 KB
Search files with extensions. Lnk.lnk size 1 KB
Delete all files found ..
To further facilitate the search process as well as deleting the file is found, you can use the software UTool, a freeware which you can download it for free. The program will automatically find and then delete the files that are desired (see figure).
5. Remove Autorun registry created the virus using Hijackthis ..
Search in the HKCU \ .. \ Run: database.mdb related files (on the picture but I've database.mdb file delete)
Search files by name Thumb.db size 8 KB
Search files with extensions. Lnk.lnk size 1 KB
Delete all files found ..
To further facilitate the search process as well as deleting the file is found, you can use the software UTool, a freeware which you can download it for free. The program will automatically find and then delete the files that are desired (see figure).
5. Remove Autorun registry created the virus using Hijackthis ..
Search in the HKCU \ .. \ Run: database.mdb related files (on the picture but I've database.mdb file delete)
egedit_run
For more memantabkan prevention process and protect our computers from virus attacks the very confusing this locally, you can do the following things:
1. After the windows installation process, immediately turn off system restore.
2. Install third party software such as Tweak UI or Magic Tweak to disable AutoRun and prevent teraktivasinya files. Inf. Maybe in Windows XP Professional, the process of disabling autorun can be done easily, but on the version of Win XP Home, you need this software. Additional information, programs MagicTweak besides functioning of disabling autorn can also be used to prevent executable files. Inf file autorun.inf which usually is the beginning of the outbreak of the virus will be automatically converted into pure notepad aka txt file by this program and he is no longer could be executed. This is very helpful if we inadvertently activate or execute the autorun autorun.inf even though the process has been disabled for all drives (including flash disk).
3. After all the windows installation, drivers, programs, and others have done, soon your system backup image using software like Acronis True Image or Norton Ghost, so that if later there is a problem that you can not finish with ease, you can merestoreasi backup system them.
4. If necessary, install Deep Freeze also if your computer is used by many people, thus setting the computer will not change.
5. Update info: The characteristics of the virus presence of the virus on the flash shortcut can be determined by differences in the flash icon is usually shaped like a drive icon to be changed as a folder icon. If you see this icon, it means the flash is there a virus. Use explorer and open the flash through explorer (do not click 2x from my computer) and delete the autorun file and file2 suspects other viruses manually by pressing shift + DEL (to not get caught in the recycle bin). Average local virus can be prevented by hand like this as long as the OPTIONS DISABLE autorun on windows and / or MagicTweak has been activated, and also OPTION DISABLE. INF FILE MagicTweak is turned on.
Well, it might be a little tips on how to remove viruses and smoga shortcut your computer after a virus delete the shortcut to be free from viruses deh shortcut.
For more memantabkan prevention process and protect our computers from virus attacks the very confusing this locally, you can do the following things:
1. After the windows installation process, immediately turn off system restore.
2. Install third party software such as Tweak UI or Magic Tweak to disable AutoRun and prevent teraktivasinya files. Inf. Maybe in Windows XP Professional, the process of disabling autorun can be done easily, but on the version of Win XP Home, you need this software. Additional information, programs MagicTweak besides functioning of disabling autorn can also be used to prevent executable files. Inf file autorun.inf which usually is the beginning of the outbreak of the virus will be automatically converted into pure notepad aka txt file by this program and he is no longer could be executed. This is very helpful if we inadvertently activate or execute the autorun autorun.inf even though the process has been disabled for all drives (including flash disk).
3. After all the windows installation, drivers, programs, and others have done, soon your system backup image using software like Acronis True Image or Norton Ghost, so that if later there is a problem that you can not finish with ease, you can merestoreasi backup system them.
4. If necessary, install Deep Freeze also if your computer is used by many people, thus setting the computer will not change.
5. Update info: The characteristics of the virus presence of the virus on the flash shortcut can be determined by differences in the flash icon is usually shaped like a drive icon to be changed as a folder icon. If you see this icon, it means the flash is there a virus. Use explorer and open the flash through explorer (do not click 2x from my computer) and delete the autorun file and file2 suspects other viruses manually by pressing shift + DEL (to not get caught in the recycle bin). Average local virus can be prevented by hand like this as long as the OPTIONS DISABLE autorun on windows and / or MagicTweak has been activated, and also OPTION DISABLE. INF FILE MagicTweak is turned on.
Well, it might be a little tips on how to remove viruses and smoga shortcut your computer after a virus delete the shortcut to be free from viruses deh shortcut.
I have used AVG protection for a number of years now, and I'd recommend this product to you all.
ReplyDelete