How To Remove Virus Shortcut which is a virus which is rather difficult to remove. Indeed, many antivirus antivirus great and good in eliminating the virus this shortcut, but usually only to lock it so that the virus does not spread everywhere and the actual virus shortcut is still there and not deleted from your computer pc or your flash. Here is how to remove virus shortcut:
* Disable 'System Restore' for a while during the cleaning process.* Decide who will clean your computer from the network.
* Turn off the virus active in memory by using the tools 'Ice Sword'. Once the tools are installed, select the file that has the icon "Microsoft Visual Basic Project 'then click' Terminate Process'. Please download these tools at http://icesword.en.softonic.com/
* Delete the registry is created by the virus by:
-. Click the [Start]
-. Click [Run]
-. Type Regedit.exe, and click the [OK]
-. On application the Registry Editor, browse the key [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run]
-. Then delete the key that has the data [C: \ Documents and Settings \% user%].
* Disable the autoplay / autorun Windows. Copy the script below in notepad and save it as repair.inf, install the following manner: Right-click repair.inf -> INSTALL
[Version]
Signature = "$ Chicago quot;
Provider = Vaksincom
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer NoDriveTypeAutoRun, 0 × 000000ff, 255
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer NoDriveTypeAutoRun, 0 × 000000ff, 255
* Delete Files parent and duplicate files are created by the virus included in the flash disk. To expedite the search process, you can use the 'Search'. Before conducting the search should show all hidden files by changing the Folder Options settings.
Do not get an error occurs when deleting a master file and duplicate files that have been created by the virus. Then delete the master files that have virus characteristics:
-. Icon 'Microsoft Visual Basic Project'.
-. File Size 128 KB (for other variants will have varying sizes).
-. Ekstesi file '. EXE' or '. SCR'.
-. File type 'Application' or 'Screen Saver'.
Then delete the files that have duplicate shortcuts characteristics:
>. Folder icon or the icon
>. Extension. LNK
>. File Type 'Shortcut'
>. 1 KB file size
Delete the file. DLL (example: ert.dll) and the Autorun.inf file on flash disk or a shared folder. Meanwhile, to avoid the virus is active again, delete the master file that has the extension EXE or SCR first and then remove Shortcut file (. LNK).
* Unhide the folders have been hidden by the virus. To speed up the process, please download the tools Unhide Files and Folders in http://www.flashshare.com/bfu/download.h ....
Once installed, select the directory [C: \ Documents and Settings] and folders that exist on the flash disk by sliding into a column that is already available. In the [Attributes] empty of all the options, then click the [Change Attributes].
* Install security patches 'Microsoft Windows Shell shortcut handling remote code execution vulnerability, MS10-046'. Please download the security patch in http://www.microsoft.com/technet/securit ...
How To Remove Virus Shortcut in flash
Random8 One of the most worms circulating in the community today. The worm created by using Visual Basic programming language without in-pack and has a standard Visual Basic application icon. Although the variants found to date do not indicate a destructive payload, but the emergence of new variants and the rapid deployment should be aware.
Polymorphic Random8 have the ability to shuffle his body, various antiviral recognized by different names, such as Poly.Agent, VB-PTV, Vobfus, Worm.VB.NZJ, and others. PCMAV recognize it as Random8 (until recently recognized Random8 reach 12 variants), taking one of the characteristics of worms when duplicate themselves, ie generate a random string that is always on a particular section, where the string consists of 8 characters in the alphabet.
Random8 use as a removable disk diffusion method, beware if you have a removable disk features include:
* All in-hidden folder.
* Lots of shortcut files with folder names that are hidden and add a shortcut with the name of the Documents, Music, New Folder, Passwords, Pictures, and Video.
* There are 4 (four) files with the attributes Hidden, System and Read Only namely: Autorun.inf, two *. exe files with random names and a file with type Dinamic Link Library (. Etc.). Certain variants also create a file named x.exe.
* All the shortcuts are made leads to the worm files with extension *. scr.
* Some of the variants alter the removable disk icon into the Folder icon.
0 comments:
Post a Comment