Jakarta - There are currently 304 fake antivirus detected circulating infection and thousands of computers in India. In addition to the flash, this virus can spread through e-mail to send false messages contain attachments.
Viruses act by giving a false message that resembles the Windows program, that seems that the computer tells you there is a spyware / virus, then install the antispyware program that is bogus' XP antispyware 2009.
Up to, there are several steps that need to be done. This is how:
1. Disconnect the computer that will be cleared from the network.
2. Scan your computer using the removal tool. You can use the removal tool from Norman up to (you can download here http://download.norman.no/public/Norman_Malware_Cleaner.exe
3. Delete registry string that has been created by the virus. To facilitate the registry can use the script below.
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe" "% 1" ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Search Bar, 0
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Search Page, 0
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Start Page, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page, 0
HKLM, SOFTWARE \ Microsoft \ Internet Explorer \ Search, SearchAssistant, 0
HKLM, SOFTWARE \ Microsoft \ Security Center, AntiVirusDisableNotify, 0
HKLM, SOFTWARE \ Microsoft \ Security Center, FirewallDisableNotify, 0
HKLM, SOFTWARE \ Microsoft \ Security Center, UpdateDisableNotify, 0
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows, AppInit_DLLs, 0
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, braviax
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, braviax
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, brastk
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ MountPoints2, (706ab86c-937e-11dd-a04c-000c290bc510)
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Executions Options, Explorer.exe
Use the notepad, then save with the name "Repair.inf" (use the Save As Type option to be All Files so that the error does not occur). Repair.inf run with the right click, then select install. Repair.inf should create a file on the computer clean, so that the virus is not active.
4. For optimal cleaning and prevent re-infection, you should use the antivirus update files and identify all of the installation with this virus either.
Tidak ada komentar:
Posting Komentar