Here are eight practical steps for ejecting a virus capable of transforming an existing folder on the USB flash disk into the shortcut: 1. Disable 'System Restore' for a while during the cleaning process. 2. Decide who will clean your computer from the network. 3. Turn off the virus active in memory by using the tools 'Ice Sword'.Once the tools are installed, select the file that has the icon "Microsoft Visual Basic Project 'then click' Terminate Process'.Please download these tools at http://icesword.en.softonic.com/ 4. Delete the registry is created by the virus by: -. Click the [Start] -. Click [Run] -. Type Regedit.exe, and click the [OK] -. On application the Registry Editor, browse the key [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] -. Then delete the key that has the data [C: \ Documents and Settings \% user%]. 5. Disable autoplay / autorun Windows. Copy the script below in notepad and save it as repair.inf, install the following manner: Right-click repair.inf -> INSTALL [Version] Signature = "$ Chicago $" Provider = Vaksincom [DefaultInstall] AddReg = UnhookRegKey DelReg = del [UnhookRegKey] HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * " HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * " HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * " HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * " HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 "" HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * " HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer NoDriveTypeAutoRun, 0x000000ff, 255 HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer NoDriveTypeAutoRun, 0x000000ff, 255 6. Delete Files parent and duplicate files are created by the virus included in the flash disk. To expedite the search process, you can use the 'Search'. Before conducting the search should show all hidden files by changing the Folder Options settings. Do not get an error occurs when deleting a master file and duplicate files that have been created by the virus. Then delete the master files that have virus characteristics: -. Icon 'Microsoft Visual Basic Project'. -. File Size 128 KB (for other variants will have varying sizes). -. Ekstesi file '. EXE' or '. SCR'. -. File type 'Application' or 'Screen Saver'. Then delete the files that have duplicate shortcuts characteristics: >. Folder icon or the icon >. Extension. LNK >. File Type 'Shortcut' >. 1 KB file size Delete the file. DLL (example: ert.dll) and the Autorun.inf file on flash disk or a shared folder. Meanwhile, to avoid the virus is active again, delete the master file that has the extension EXE or SCR first and then remove Shortcut file (. LNK). 7. Unhide the folders have been hidden by the virus. To speed up the process, please download the tools Unhide Files and Folders in http://www.flashshare.com/bfu/download.html. Once installed, select the directory [C: \ Documents and Settings] and folders that exist on the flash disk by sliding into a column that is already available. In the [Attributes] empty of all the options, then click the [Change Attributes]. 8. Install security patches 'Microsoft Windows Shell shortcut handling remote code execution vulnerability, MS10-046'. Please download the security patch at http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx As always, for optimal cleaning and menecegah re-infection, you should install and scan with antivirus is up-to-date and was able to detect this virus very well. Original source: Vaccine [dot] com & detikinet [dot] com VIRUS REMOVE SHORTCUT METHOD 2:
The characteristics of the virus shortcut: First of all, after infecting a computer, he will create a master file in My Documents database.mdb The second is the virus will create a autorun.inf file on each hard disk drives, flash disks, and folders without exception. The third is that he will create a file Thumb.db (caution, note that this file without an s, while the thumbnail cache of the original on the computer has an extra letter alias thumbs.db s) in each folder To lure the victim, he will create a file Microsoft.lnk and New Harry Potter and .... Lnk in each folder which if exercised will immediately activate the virus. Like other local viruses, he will duplicate every folder but this time not with the extension. Exe but the extension. Ink alias shortcut. In task manager there are processes that are running wscript.exe services. In normal conditions, there is no process like this. The steps to remove the virus shortcut: 1. Turn off System Restore. Since I used to always turn off system restore as soon as the windows installation process. For the purposes of backup and imaging systems, I prefer using a third party such as Acronis or Norton Ghost (read and dowload: Norton Ghost 15.0.0.35659 (2010) Full Crack Serial) 2. Turn off the virus wsrcipt.exe (C: \ WINDOWS \ System32 \ wscript.exe) Can use Process Explorer or misc. tool in HijackThis (read and download: HijackThis 2.0.2). 3. Delete virus files in My Documents .. database.mdb 4. Remove duplicate files virus .. For the process of elimination, you can use the search facility in Windows .. In the "More advanced options", make sure the option "Search system folders" and "Search hidden files and folders" are both checked. Search a file named autorun.inf in size 8 KB Search files by name Thumb.db size 8 KB Search files with extensions. Lnk.lnk size 1 KB Delete all files found .. To further facilitate the search process as well as deleting files that exist, you can use the software UTool, a freeware which you can download for free. The program will automatically find and then delete the files as desired (see figure). 5. Remove Autorun registry created the virus using HijackThis .. Search in the HKCU \ .. \ Run: database.mdb related files (in the picture but I've database.mdb file delete) regedit_run For more memantabkan prevention process and protect our computers from virus attacks locally very confusing, you can do the following things: 1. After the windows installation process, immediately turn off system restore. 2. Install third party software such as Magic Tweak or Tweak UI to disable autorun and prevent teraktivasinya files. Inf. Maybe in Windows XP Professional, disable autorun process can be done easily, but on the version of Win XP Home, you need this software.Additional information, program MagicTweak besides functioning of disabling autorn can also be used to prevent executable files. Inf file autorun.inf which usually is the beginning of the outbreak of the virus will be automatically converted into pure alias notepad txt file by this program and he is no longer can be executed. This is very helpful if we inadvertently activate or execute autorun.inf autorun is disabled even though the process for all drives (including flash disk). 3. After all of the windows installation, drivers, programs, and others have been completed, immediate backup of your system image using software like Acronis True Image or Norton Ghost, so that if later there is a problem that you can not resolve easily, you can merestoreasi backup system them. 4. If necessary, install Deep Freeze also if your computer is used by many people, thus setting the computer will not change. 5. Update info: The characteristics of the virus presence of virus shortcut on the flash can be determined by differences in the flash icon is usually shaped like a drive icon to be changed as a folder icon. If you see this icon, it means the flash is there a virus. Use explorer and open the flash through the explorer (do not click 2x from my computer) and delete the autorun file and file2 suspects other viruses manually by pressing shift + DEL (to not get caught in the recycle bin). The average local virus can be prevented by hand like this as long as OPTION DISABLE Autorun on Windows and / or MagicTweak has been activated, and also OPTION DISABLE. INF FILE MagicTweak is turned on. Well, it might be a little tips on how to remove virus smoga shortcut and remove viruses your computer after the shortcut to be free from viruses deh shortcut. Original source: maswafa [dot] blogger [dot] com
No comments:
Post a Comment