Virut virus is most dangerous virus than Conficker. Although spreading not fast as Conficker, but the virus is included in the level of very dangerous, even today there are no tools that can detect and eradicate the virus completely.
The following are virut virus characteristics, according Virut Vaksin.com:
1. Disable Windows File Protection
2. Spread through the web pages -based HTML , ASP and PHP
3. Infection host Windows file, and remote control to the IRC server, if the computer connected to the Internet
4. Making computers a source of virus updates and spam to spread a particular address
5. Making computers into spam servers by using the public IP
How to clean the virus:
1. Disable System Restore (XP / ME)
2. Download Norman Malware Cleaner at (http://normanasa.vo.llnwd.net/o29/public/Norman_Malwar e_Cleaner.exe)
to remove the virus from a clean computer, then save the file with the extension. com or cmd, or compress into the zip, then run.
3. After the cleaning process complete, restart your computer.
4. Remove string registry that was created by virus. To make it easier, use the following registry script.
[Version]
Signature=”$Chicago$”
Provider=Artikel tentang Komputer | ErhaesCom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Adva nced\Folder\Hidden\SHOWALL, CheckedValue, 0×00010001, 1
HKLM, SYSTEM\CurrentControlSet\Services\SharedAccess\Paramete rs\FirewallPolicy\StandardProfile, EnableFirewall, 0×00010001, 1
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, reader_s
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, servises
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Expl orer\Run
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Windows, load
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Windows, run
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, reader_s
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, servises
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 22951
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Regedit32
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Expl orer\Run
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Adva nced\Folder\Hidden\NOHIDORSYS
HKLM, SYSTEM\CurrentControlSet\Services\SharedAccess\Paramete rs\FirewallPolicy\StandarProfile\AuthorizedApplications \List, \??\C:\WINDOWS\system32\winlogon.exe
HKLM, SOFTWARE\Policies\Microsoft\WindowsFirewall
5. Use the notepad, then save with the name "repair.inf" (use option Save As Type to All Files for avoid mistakes).
6. To anticipate if network drive is not connected, replace network drive file "ndis.sys" (size 179 kb) and "TCPIP.SYS" (size 351 kb) from uninfected computer. Usually the file is located in C:\WINDOWS\system32\driver and C:\WINDOWS\system32\dllcache
7. Return the hosts file which already infected with replace the file "hosts" (size 1 kb) from uninfected computer. Usually located at C:\WINDOWS\system32\driver\etc.
8. Use antivirus which was updated and can detect and eradicate this virus very well.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment