FREE SOFTWARE DOWNLOAD'S: Step 6 Clearing the Virus Jengkol

[03.37 | 0 komentar ]

Step 6 Clearing the Virus' JeNGKol '

One feature the computer is infected with the virus JeNGKol akan logoff the computer if the user runs the file. Inf and when the user edit the vbs file.

This virus will hide the file berekstensi. DOC, with how to create a duplicate file in accordance with the file name that is hidden to trick users. How do I clean this virus? Follow the steps below:

1. Disconnect the computer that will be cleared from the network (LAN).

2. Disable "System Restore" during the cleaning process (Windows XP).

3. Turn off the virus. To kill the virus can use tools such as task manager for "Process explorer". Please downlod tools at: http://download.sysinternals.com/Files/ProcessExplorer.zip.

4. Delete the registry made by the virus. To simplify the process of elimination, please copy the script below on the notepad program and save it with the name repair.vbs, kemudiai Run the file (click 2x).

Dim oWSH: Set oWSH = CreateObject ( "WScript.Shell")

on error resume Next

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ Software \ CLASSES \ batfile \ shell \ open \ command \ ","""% 1" "% *"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ Software \ CLASSES \ comfile \ shell \ open \ command \ ","""% 1" "% *"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ Software \ CLASSES \ exefile \ shell \ open \ command \ ","""% 1" "% *"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ Software \ CLASSES \ piffile \ shell \ open \ command \ ","""% 1" "% *"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ SafeBoot \ AlternateShell", "cmd.exe"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Control \ SafeBoot \ AlternateShell", "cmd.exe"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ AlternateShell", "cmd.exe"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Shell", "Explorer.exe"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ VBSFile \ Shell \ Edit \ Command \", "C: \ Windows \ System32 \ notepad.exe% 1"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ VBSFile \ DefaultIcon \", "C: \ Windows \ System32 \ WScript.exe, 2"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ inffile \ shell \ Install \ command \", "C: \ Windows \ System32 \ rundll32.exe setupapi, InstallHinfSection DefaultInstall 132% 1"

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFind")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFolderOptions")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoRun")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFileAssociate")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoDrives")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableRegistriTools")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableTaskMgr")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableCMD")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableRegedit")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ RunLogonScriptSync")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ HideLegacyLogonScripts")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ HideLogoffScripts")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ HideStartupScripts")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ RunStartupScriptSync")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ run \ JeNGKoL")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ VBSFile \ NeverShowExt")

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ VBSFile \", "VBScript Script File"

oWSH.Regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ VBSFile \ FriendlyTypeName", "VBScript Script File"

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableRegistriTools")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableTaskMgr")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableRegedit")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ RunLogonScriptSync")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ EnableLUA")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFolderOptions")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NOFind")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NORun")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoDrives")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoDriveAutoRun")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ WinOldApp \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Msconfig.exe \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ regedit.exe \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ cmd.exe \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ cmd.exe \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ regedit32.exe \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ rstrui.exe \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ attrib.exe \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ command.com")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ install.exe \ debugger")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ setup.exe \ debugger")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ ActiveDesktop \")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Associations \")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ DisallowRun \")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run \")

oWSH.RegDelete ( "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ WindowsUpdate \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ ActiveDesktop \")

oWSH.RegDelete ( "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer \ Run \")

5. Remove duplicate file is created by the virus with the characteristics:

Using vbs or JPEG icon

Size 14 KB

Image Type JPEG file or VBScript Script File

To simplify the search process of the virus, please use the Search windows.

6. For optimal cleaning and prevent re-infection, protect your computer with anti virus that is able to detect and eradicate this virus.

0 komentar

Posting Komentar

Pengikut

FREE SOFTWARE DOWNLOAD'S

FREE SOFTWARE DOWNLOAD'S