jump to navigation

Cara menghilangkan virus “Amburadul” from Sampit -Kalteng Desember 3, 2008

Posted by AryoBlackstar in Tutorial.
trackback

Bagi Rekan-rekan yang komputernya terserang virus amburadul, dengan ciri-ciri:

-Jika membuka Internet explorer muncul tulisan Babon Community, sampit, dan lain-lain

-Ada file baru dalam flashdisk dengan tulisan My Images, Jembatan Kahayan, Friendster Community, Palma, dan lainnya yang berekstensi .jpeg

Bisa menggunakan tutorial dibawah ini untuk membasminya….

Namun jangan lupa cek kembali dengan scan menggunakan antivirus yang cukup ampuh untuk virus lokal, misalnya PCMAV atau Ansav.

Semoga berguna

Disconnect komputer yang akan dibersihkan dari jaringan

-Disable “system restore” selama proses pembersihan (Windows ME/XP)

-Matikan proses virus yang aktif di memory resdent.

Untuk mematikan proses tersebut gunakan tools “currprocess”. Tool Tersebut bisa didownload dari mana saja dengan ukuran yang sangat kecil krg lebih 40 kB. Kemudian matikan proses virus yang mempunyai icon JPG. -Repair registry yang sudah di ubah oleh . Untuk mempercepat proses perbaikan silahkan salin script dibawah ini pada program notepad kemudian simpan dengan nama repair.inf

-Jalankan file tersebut dengan cara: -Klik kanan repair.inf -Klik Install

[Version] Signature=”$Chicago$”

Provider=Vaksincom

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\comm… %*”

HKLM, Software\CLASSES\comfile\shell\open\comm… %*”

HKLM, Software\CLASSES\exefile\shell\open\comm… %*”

HKLM, Software\CLASSES\piffile\shell\open\comm… %*”

HKLM, Software\CLASSES\regfile\shell\open\comm… “%1?”

HKLM, Software\CLASSES\scrfile\shell\open\comm… %*”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… UncheckedValue,0×00010001,0

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio…

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio…

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… UncheckedValue,0×00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… CheckedValue,0×00010001,0

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… DefaultValue,0×00010001,0

HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, “about:blank”

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… type,0, “checkbox”

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… type,0, “checkbox”

HKCU, Control Panel\International, s1159,0, “AM”

HKCU, Control Panel\International, s2359,0, “PM”

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoo… AlternateShell,0, “cmd.exe”

HKCU, Software\Microsoft\Windows\CurrentVersio… ShowSuperHidden,0×00010001,1

HKCU, Software\Microsoft\Windows\CurrentVersio… SuperHidden,0×00010001,1

HKCU, Software\Microsoft\Windows\CurrentVersio… HideFileExt,0×00010001,0

[del]

HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,

HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableConfig

HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableSR

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution

Options\kspoold.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspool.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HokageFile.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rin.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Obito.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMP.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KakashiHatake.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\http://www.vaksin.com/hall_of_fame.htm-C…

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\http://www.vaksin.com/hall_of_fame.htm-R…

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HOKAGE4.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\http://www.vaksin.com/hall_of_fame.htm

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\http://www.vaksin.com/hall_of_fame.htm

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansav.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe,debugger

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Instal.exe, debugger

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe,debugger

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansavgd.exe

HKCU, Software\Microsoft\Windows\CurrentVersio… DisableRegistryTools

HKCU, Software\Microsoft\Windows\CurrentVersio… NoFind

HKLM, SOFTWARE\Policies\Microsoft\Windows\Inst… DisableMSI

HKLM, SOFTWARE\Policies\Microsoft\Windows\Inst… LimitSystemRestoreCheckpointing HKCR, exefile, NeverShowExt

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… PaRaY_VM

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… ConfigVir

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… NviDiaGT

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… NarmonVirusAnti

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… AVManager

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersio… EnableLUA

Hapus file induk virus . Sebelum menghapus file tersebut sebaiknya tampilkan file yang

tersembunyi caranya :

– Buka Windows Explorer

– Klik menu “Tools”

– Klik “Folder Options”

– Klik Tabulasi View

– Pada kolom “Advanced settings”

– Pilih opsi “Show hidden files and folders”

– Unchek “Hide extensions for known file types”

– Uncheck “Hide protected operating system files (Recommended)

Kemudian hapus file berikut:

• C:\Windows\system32\~A~m~B~u~R~a~D~u~L~

• csrcc.exe

• smss.exe

• lsass.exe

• services.exe

• winlogon.exe

• Paraysutki_VM_Community.sys

• msvbvm60.dll

• C:\Autorun.inf

• C:\FoToKu xx-x-xxx.exe, dimana x menunjukan tanggal virus tesebut di aktifkan (contohnya:

FoToKu 14-3-2008.exe)

• C:\Friendster Community.exe

• C:\J3MbataN K4HaYan.exe

• C:\MyImages.exe

• C:\PaLMa.exe

• C:\Images

– Hapus juga file induk virus di flash disk /disket

– C:\Autorun.inf

– C:\FoToKu xx-x-xxx.exe, dimana x menunjukan tanggal virus

tesebut di aktifkan (contohnya: FoToKu 14-3-2008.exe)

– C:\Friendster Community.exe

– C:\J3MbataN K4HaYan.exe

– C:\MyImages.exe

– C:\PaLMa.exe

– C:\Images

Tampilkan file gambar yang telah disembbunyikan di Flash Disk dengan cara:

– Klik “Start” menu

– Klik “Run”

– Ketik “CMD”

– Pada Dos Prompt, pindahkan posisi kursor ke lokasi Flash Disk

kemudian ketik perintah berikut ATTRIB –s –h /s /d

– Untuk pembersihan optimal dan mencegah infeksi ulang scan dengan

antivirus yang up-to-date dan sudah dapat mengenali virus ini dengan

baik.

Komentar»

No comments yet — be the first.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: