7 Steps Stops Virus Flood Shortcut
virus pif/starter or more knowledgeable with virus shortcut make peevish the victim with many once shortcut that made by virus. the busy, if this virus handling manner not correct so he even will return again, again and again.
on that account, correct reading 7 precise manners from virus analyst vaksincom mg lat to stops flood shortcut
shortcut that made virus (vaksin)diakibat this virus:
1. previous kill formerly process system restore.
2. kill process from file wscript located in c: \windows\system32, by use tools like cprocess, hijackthis or can also use task manager from windows.
3. after deaden process from wscript, we must men-delete or me-rename from file so that is not used for by virus.
as note, if we are me-rename from file wscript. exe automaticly, so mengopikan again at folder. on that account, we must look for where file wscript. exe the other, usually in c: \windows\$ntservicepackuninstall$, c: \windows\servicepackfiles\i386.
doesn't like viruses vbs another, we can replaced open with from file vbs be notepad, this virus is berextensi mdb that means microsoft file access. will so wscript will run database file. mdb impressing he is file vbs.
4. delete the mother file exist in c: \documents and settings\\my documents\database. mdb, so that each time computer will be be run will not me-load file. and don't forget us open also msconfig, menyable command that run it.
5. now we men-delete files autorun. inf. microsoft. inf and thumb. db. its way, click button start, type cmd, will move to drive that be cleaned, for example drive c: \, so that must we do:
type c: \del microsoft. inf /s, this command men-delete all microsoft files. inf in all folder at drive c: . temporary if want to move drive live to replaced name drive example: d: \del microsoft. inf /s.
for file autorun. inf, type c: \del autorun. inf /s /ah /f, command men-delete file autorun. inf (syntax /ah /f) used because file wear attrib rsha, so also for file thumb. db do also same thing.
6. to men-delete files besides 4 earlier files, we must look for it by search file with extension. lnk the size 1 kb. in 'more advanced options ascertain option 'search system folders and 'search hidden files and folders both mencentang.
hope careful, not all files shortcut / file lnk that measure 1 kb virus, we can distinguish it from ikon, size and the type. to shortcut that created virus ikon always use 'folder icon, measure 1 kb and bertipe 'shortcut. while true folder must it can not has 'size and the type folder 'file.
7. fix registry that changed by virus. to speed up repair process registry copy script under this in program 'notepad then save by the name of 'repair. inf. run file by:
- click right repair. inf
- click install
[version
signature=" chicago$"
provider=vaksincom oyee
[defaultinstall
addreg=unhookregkey
delreg=del
[unhookregkey
hklm, software\classes\batfile\shell\open\command, , , " " " %1" " %*"
hklm, software\classes\comfile\shell\open\command, , , " " " %1" " %*"
hklm, software\classes\exefile\shell\open\command, , , " " " %1" " %*"
hklm, software\classes\piffile\shell\open\command, , , " " " %1" " %*"
hklm, software\classes\regfile\shell\open\command, , , " regedit. exe" %1" "
hklm, software\classes\scrfile\shell\open\command, , , " " " %1" " %*"
hklm, software\microsoft\windows nt\currentversion\winlogon, shell, 0, " explorer. exe"
hklm, system\controlset001\control\safeboot, alternateshell, 0, " cmd. exe"
hklm, system\controlset002\control\safeboot, alternateshell, 0, " cmd. exe"
[del
hklm, software\microsoft\windows\currentversion\run, winupdate
hkcu, software\microsoft\windows\currentversion\run, explorer (ash / fyk)
trimakasih atas artikelnya... sangat bermanfaat