Thursday, September 2, 2010

Tips Delete Virus SortCut (exploiters Cracks Windows)

by Cecep Rahmat M
 
Hi my friend all this time I will try to discuss, how do I remove a virus a new local or referred Virus Sortcut this very disturbing. As quoted, the virus is a virus that utilizes local user negligence and worse again this virus can break through Windows security holes.

 Next I tried to give eight practical steps to eliminate the virus capable of transforming an existing folder in a USB flash disk into the shortcut, this step was taken from her tips Adang Jauhar Taufik, an analyst with Vaksincom:
  
1. Turn off 'System Restore' for a while during the cleaning process.
2. Decide which computer will be cleaned from the network.
3. Turn off the active virus process in memory by using the tools 'Ice Sword'. After the tools are installed, select the files that have a icon 'Microsoft Visual Basic Project' and click 'Terminate Process'. Please download these tools at http://icesword.en.softonic.com/


4. Delete the registry that has been made by the virus by:-. Click [Start]-. Click [Run]-. RegEdit.exe type, then click the [OK]-. In the Registry Editor application, browse the key [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run]-. Then delete the key that has the data [C: \ Documents and Settings \% user%].
5. Disable the autoplay / autorun Windows. Copy the script below on notepad then save with name repair.inf, install the files in the following manner: repair.inf Right Click -> INSTALL




[Version]

Signature="$Chicago$"

Provider=Vaksincom



[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del



[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""

HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

6. Delete Files parent and duplicate files are created by the virus included in the flash disk. To accelerate the search process, my friend can use the 'Search'. Before conducting the search should show all hidden files by changing the Folder Options settings.
Do not get an error when deleting files on the parent and duplicate files that have been made by the virus. Then delete the files parent virus that has the characteristics:
-. Icon 'Microsoft Visual Basic Project'.-. File Size 128 KB (for other variants will have varying sizes).-. Ekstesi files '. EXE' or '. SCR'.-. File type 'Application' or 'Screen Saver'.
Then delete the shortcut that has a duplicate file characteristics:
>. Folder icon or the icon>. Extension. LNK>. File Type 'Shortcut'>. 1 KB file size
Delete the file also. DLLs (example: ert.dll) and Autorun.inf file on flash disk or folder to share. Meanwhile, to avoid the virus is active again, delete the files that have a parent EXE or SCR extensions first and then remove Shortcut file (. LNK).
7. Unhide the folder that had been hidden by the virus. To expedite the process, please download the tools Unhide Files and Folders in http://www.flashshare.com/bfu/download.html.
Once installed, select the directory [C: \ Documents and Settings] and folders that exist on the flash disk by shifting to a column that is already available. On the menu [Attributes] empty of all choices, then click the [Change Attributes].
8. Install security patches 'Microsoft Windows Shell shortcut remote code execution vulnerability handling-MS10-046'. Please download the security patch at http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx
Thus considerable steps to remove the virus Sortcut practical, may be useful.

Note: To make cleaning more maximal and prevent the return of the virus, it is advisable to install Anti Virus buddy all up to date, which can detect the virus is certainly ..^_^
 

No comments:

Post a Comment