Tips : Cleaning Onlinegames Virus

Written By The Ones on Tuesday, October 27, 2009 | 8:52 AM


For those of you who do not want important data lost or stolen should not be infected with the virus OnlineGames, Avoid the execution and installation of software programs and the unknown.

Also to remember, be careful on the online forum on the Internet that provides links to suspicious or not you believe in its validity.

Especially for companies with computers in a network that many, Vaksincom recommend that you do IP-IP filter suspicious.The results of filtering using Vaksincom NNP conducted on ISP traffic in Indonesia confirms that W32/OnlineGames is a real threat to watch out for the moment.

However, if you are already infected with this trojan, you inevitably have a little struggle to clean viruses OnlineGames, before the critical data you stolen by this Trojan. Here are the steps to clean that:

1. Disable System Restore (XP / ME) (when used)
2. Turn off the virus, Use the Windows Task Manager to kill the virus process.
3. Perform End Process on the current virus files (liser.exe)
4. Remove string registry that was created by the virus, To make it easier to use the registry script below.

[Version] [Version]

Signature="$Chicago$" Signature = "$ Chicago $"

Provider=Vaksincom Oeyy Provider = Vaksincom Oeyy

[DefaultInstall] [DefaultInstall]

AddReg=UnhookRegKey AddReg = UnhookRegKey

DelReg=del DelReg = del



[UnhookRegKey] [UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "

HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "

HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "

HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "

HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1""" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ regfile \ shell \ open \ command,,, "regedit.exe" "% 1" ""

HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*" HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, 0 HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows, AppInit_DLLs, 0



[del] [del]

HKCU, Software\Microsoft\Windows\CurrentVersion\Run, Kell HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, Kell

Use the notepad, then save with the name "repair.inf" (use the Save As Type option to All Files to avoid mistakes).

5. Delete virus files (liser.exe & liser.dll) manually, which is in the folder "C: \ Program Files \ Manson" or can use tools Norman Malware Cleaner. You can download the following link http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe

0 comments:

Post a Comment