by Cecep Rahmat M
  
Hi my friend all this time I will try to discuss, how  do I remove a virus a new local or referred Virus Sortcut this very  disturbing. As quoted, the virus is a virus that utilizes local user  negligence and worse again this virus can break through Windows security  holes.
 Next I tried to give eight practical steps  to eliminate the virus capable of transforming an existing folder in a  USB flash disk into the shortcut, this step was taken from her tips  Adang Jauhar Taufik, an analyst with Vaksincom:
  1. Turn off 'System Restore' for a while during the cleaning  process.
2. Decide which  computer will be cleaned from the network.
3.  Turn  off the active virus process in memory by using the tools 'Ice Sword'. After the tools  are installed, select the files that have a icon 'Microsoft Visual Basic  Project' and click 'Terminate Process'. Please download  these tools at http://icesword.en.softonic.com/
4. Delete the  registry that has been made by the virus by:-.  Click  [Start]-. Click [Run]-. RegEdit.exe type, then click the [OK]-.  In  the Registry Editor application, browse the key [HKEY_CURRENT_USER \  Software \ Microsoft \ Windows \ CurrentVersion \ Run]-. Then delete the key that has the data [C: \ Documents and  Settings \% user%].
5. Disable the autoplay / autorun Windows. Copy the script  below on notepad then save with name repair.inf, install the files in  the following manner: repair.inf Right Click -> INSTALL
[Version]
Signature="$Chicago$"
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM,  Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM,  Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM,  Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM,  Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM,  Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM,  Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU,  Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,  NoDriveTypeAutoRun,0x000000ff,255
HKLM,  SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,  NoDriveTypeAutoRun,0x000000ff,255
6. Delete Files parent and duplicate files are created by the  virus included in the flash disk. To accelerate  the search process, my friend can use the 'Search'. Before conducting the search should show all hidden files by  changing the Folder Options settings.
Do  not get an error when deleting files on the parent and duplicate files  that have been made by the virus. Then delete the  files parent virus that has the characteristics:
-. Icon 'Microsoft Visual Basic Project'.-. File Size 128 KB (for other variants  will have varying sizes).-. Ekstesi files '. EXE' or '. SCR'.-. File type 'Application' or 'Screen Saver'.
Then delete the shortcut that has a duplicate file  characteristics:
>. Folder icon or the icon>. Extension. LNK>. File Type 'Shortcut'>. 1 KB file size
Delete the file  also. DLLs (example: ert.dll) and Autorun.inf file on flash disk or  folder to share. Meanwhile, to avoid the virus is  active again, delete the files that have a parent EXE or SCR extensions  first and then remove Shortcut file (. LNK).
7. Unhide the folder that had been hidden  by the virus. To expedite the process, please  download the tools Unhide Files and Folders in  http://www.flashshare.com/bfu/download.html.
Once installed, select the directory [C: \ Documents and  Settings] and folders that exist on the flash disk by shifting to a  column that is already available. On the menu  [Attributes] empty of all choices, then click the [Change Attributes].
8. Install security patches 'Microsoft  Windows Shell shortcut remote code execution vulnerability  handling-MS10-046'. Please download the security  patch at  http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx
Thus considerable steps to remove the virus Sortcut practical,  may be useful.
Note: To make cleaning more maximal and  prevent the return of the virus, it is advisable to install Anti Virus  buddy all up to date, which can detect the virus is certainly ..^_^  
      

 
 
.jpg)


 









No comments:
Post a Comment