Yesterday I tried to access Google Analytics blog, almost 90% of visitors from more than 30 countries found this blog with a keyword shortcut around the virus, the virus was present this shortcut is rampant throughout the world. For that I will try to discuss the return of the virus.
PIF Virus / Starter or better known as the virus shortcut upset victim with a lot of shortcuts that are created by the virus. Fuss, if ways of handling this virus is not right then he actually will come back again, again and again
Here are some ways of a virus analyst at MG Vaksincom Lat shortcut to stop the flood caused this virus:
1. Previously turning off system restore process.
2. Turn off the process of Wscript file located in C: \ Windows \ System32, by using tools such as CProcess, HijackThis or can also use the Task Manager of Windows.
3. Once off the process of Wscript, we need to delete or rename the file so as not to be used temporarily by the virus.
For the record, if we are to rename the file wscript.exe it automatically, it will be copied again in the folder. Therefore, we must find where the file wscript.exe others, usually in C: \ Windows \ $ NtServicePackUninstall $, C: \ Windows \ ServicePackFiles \ i386.
Unlike other VBS viruses, we can change the Open With from the vbs file into Notepad, the virus that matters is berextensi MDB Microsoft Access file. So Wscript DATABASE.MDB will run the file as if he is VBS file.
4. Delete an existing parent file in C:\Documents and Settings\\My Documents\database.mdb, for every time the computer boots will not load the file. And do not forget we also open MSCONFIG, disable the run command.
5. Now we are going to delete the files autorun.inf. Microsoft.INF and Thumb.db. Way, click the START button, type CMD, and moved to the drive to be cleaned, for example, drive C:\, then we have to do is:
Type C:\del Microsoft.inf/s, this command will be to delete all files microsoft.inf the whole folder on drive C:. Meanwhile, if you want to move the drive to stay just renamed drive example: D:\del Microsoft.inf/s.
For the autorun.inf file, type C:\del autorun.inf /s/ah/f, the command would be to delete the autorun.inf file (syntax /ah/ f) is used because the file is taking attrib RSHA, as well as to file Thumb . db also do the same thing.
6. To delete files older than 4 files, we must find a way search files with extensions. Lnk size 1 kb. In the 'More advanced options' make sure the option 'Search system folders' and 'Search hidden files and folders' are both checked.
Please be careful, not all files shortcut / LNK file size of 1 kb is a virus, we can distinguish it from an icon, size and type. For a shortcut icon is created virus always uses icons 'folder', size 1 kb and type 'shortcut'. While the correct folder should not have 'size' and its type is 'File Folder'.
7. Fix the registry has been changed by the virus. To speed up the process of repair registry copy the script below on the program 'notepad' and save with the name 'repair.inf'. Run the file in the following manner:
- Right-click repair.inf
- Click Install
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKLM, SYSTEM \ ControlSet001 \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM \ ControlSet002 \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
[Del]
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Winupdate
HKCU, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, explorer
Please leave comments, suggestions or constructive criticism, may be useful to readers.
13 komentar:
Tiny Shortcut remover
http://www.321infos.co.cc/search/label/antivirus
I had an excruciating time with one of those shortcut viruses that hid all my folders after creating shortcuts of it. I just completed a project over at www.kirk-f.com when I put my pen drive into my friends computer.
Anyways, instead of opting for the painstaking ATTRIB method, I used isReset.
A renaming job that would normally take 10-15 minutes can be done within a few seconds. Those with many files and folders would love this tool.
Its a FREE for commercial use Tool and can be downloaded from http://www.sergiwa.com/modules/mydownloads/singlefile.php?cid=2&lid=10
Regards,
www.kirk-f.com
Thanks for your suggestion, may be useful to us
I'd like to find out more? I'd love to find out more details.
Check out my weblog; smoke stop
You could certainly see your enthusiasm within the work you write.
The sector hopes for more passionate writers such as you who aren't afraid to mention how they believe. Always follow your heart.
Also visit my page :: el cigaret
Its like you read my mind! You seem to know a lot about this, like you wrote the book in it
or something. I think that you can do with some pics to drive the message home a
little bit, but instead of that, this is excellent blog.
An excellent read. I will definitely be back.
My web blog: quit smoking fags
This post will assist the internet viewers for
setting up new web site or even a blog from start to end.
Also visit my webpage ... quit smoking fags
I leave a response each time I especially enjoy a article on a website or I have something to contribute to the discussion.
It is triggered by the sincerness communicated in the article I browsed.
And after this article "How to remove virus shortcuts without an AntiVirus?".
I was excited enough to drop a leave a responsea response ;-) I actually do have
a couple of questions for you if it's allright. Is it just me or does it look like a few of the comments appear like they are left by brain dead people? :-P And, if you are writing at other places, I'd like to follow anything new you have to post.
Could you list all of all your communal pages like your linkedin profile, Facebook page or twitter feed?
Feel free to surf to my homepage - jewellery shop
What a information of un-ambiguity and preserveness of
precious experience about unpredicted emotions.
Also visit my page - free homemade porn
Thanks a lot for sharing this with all people you actually
know what you're speaking about! Bookmarked. Please also consult with my web site =). We may have a link trade agreement between us
Feel free to surf to my webpage :: vaping ecigs
Howdy! This is kind of off topic but I need some guidance from an established blog.
Is it tough to set up your own blog? I'm not very techincal but I can figure things out pretty fast. I'm thinking about setting up my own but I'm not sure where to begin. Do you have any tips or suggestions? Many thanks
Look at my weblog - e-cigz
Very energetic article, I loved that a lot. Will there be
a part 2?
Feel free to visit my blog post tobacco e-liquid
Excellent web site you have got here.. It's hard to find high-quality writing like yours nowadays. I seriously appreciate individuals like you! Take care!!
Feel free to visit my blog :: e-cig
Post a Comment
Please leave a comment here
Comment spam and other promotions will be deleted