Langkah PRAKTIS Membasmi VIRUS CNN - Lakukan proses pembersihan pada mode “safe mode” Matikan service virus yang aktif. Untuk mematikan service virus lakukan langkah berikut : Klik [ start ] - Klik [ Run ] - Ketik [ Services.msc ] - Klik kanan service CbEvtSvc.exe kemudian pilih Properties - Pastikan pada menu “Services status” = Started - Pada kolom [ startup type ] pilih “Disable” - Klik “Ok”. Perbaiki registry windows yang telah diubah oleh virus, Silahkan salin script di bawah ini pada program notepad kemudian simpan dengan nama repair.inf, jalankan file tersebut dengan cara sebagai berikut ini : Klik kanan repair.inf - Klik Install,....
[Version]
Signature=”$Chicago$”
Provider=Vaksincom Oyee
[DefaultInstall] AddReg=UnhookRegKey DelReg=del [UnhookRegKey] HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1?” %*” HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1?” %*” HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1?” %*” HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1?” %*” HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1?” HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1?” %*” HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe” HKCU, Control Panel\Desktop, ConvertedWallpaper,0, “” HKCU, Control Panel\Desktop, OriginalWallpaper,0, “” HKCU, Control Panel\Desktop, SCRNSAVE.EXE,0, “” HKCU, Control Panel\Desktop, Wallpaper,0, “” HKCU, Software\Microsoft\Internet Explorer\Desktop\General, BackupWallpaper,0, “” HKCU, Software\Microsoft\Internet Explorer\Desktop\General, Wallpaper,0, “”
[del] HKLM, Software\Microsoft\Windows\CurrentVersion\Run, lphc7nvj0e52e HKLM, Software\Microsoft\Windows\CurrentVersion\Run, services HKLM, Software\Microsoft\Windows\CurrentVersion\Run, SMrhc3nvj0e52e HKLM, Software\Microsoft\Windows\CurrentVersion\Run, rhc3nvj0e52e.exe HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispBackgroundPage HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispScrSavPage HKLM, SYSTEM\CurrentControlSet\Services\6127a5e3 HKLM, SYSTEM\ControlSet002\Services\6127a5e3 HKLM, SYSTEM\ControlSet001\Services\6127a5e3 HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc HKLM, SYSTEM\ControlSet002\Services\CbEvtSvc HKLM, SYSTEM\CurrentControlSet\Services\CbEvtSvc HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc HKLM, SYSTEM\CControlSet002\Services\CbEvtSvc HKLM, SOFTWARE\Microsoft\software notifier HKLM, software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e HKLM, software\rhc3nvj0e52e HKLM, software\Microsoft\Windows\CurrentVersion, rhc3nvj0e52e HKLM, software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform HKLM, SOFTWARE\Microsoft\Software Notifier HKLM, SYSTEM\ControlSet001\Services\125c1fb5 HKLM, SYSTEM\ControlSet002\Services\125c1fb5 HKLM, SYSTEM\CurrentControlSet\Services\125c1fb5
Hapus file virus berikut ini :
* C:\WINDOWS\system32\CbEvtSvc.exe
* C:\Documents and Settings\Elvina\Local Settings\Temp\lfq0kzgs.exe
* C:\Documents and Settings\Elvina\Local Settings\Temp\.xx1.tmp.vbs
( xx menunjukan karakter acak ).
* C:\Documents and Settings\All Users\Start Menu\Programs\Startup
\smss.exe
* C:\WINDOWS\system32\lphc7nvj0e52e.exe
* C:\WINDOWS\system32\phc7nvj0e52e.bmp
* C:\WINDOWS\system32\phc7nvj0e52e.bmp
* C:\WINDOWS\system32\blphc7nvj0e52e.scr
* C:\WINDOWS\system32\phc7nvj0e52e.bmp
* C:\windows\system32\drivers\xxx.sys (xxx menunjukan karakter acak
dengan ukuran 108 KB, contohnya 6127a5e3.sys atau 125c1fb5.sys)
* C:\Documents and Settings\LocalService\Application Data\584289103.exe
* C:\Program Files\rhc3nvj0e52e
* C:\Windows\system32\pphc7nvj0e52e.exe
* C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e
* C:\Documents and Settings\Elvina\Application Data\rhc3nvj0e52e.exe
* C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
* C:\Documents and Settings\Elvina\Application Data\Microsoft\Internet Explorer
\Quick Launch\Antivirus XP 2008.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
* C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
Hapus file temporary dengan menggunakan tools ATF Cleaner untuk Windows XP, Silahkan download tools berikut di alamat: ATF Cleaner ]>> Pembersihan optimal dan mencegah infeksi ulang silahkan gunakan antivirus yang up-to-date dan dapat mengenali virus ini dengan baik,...
Không có nhận xét nào
Đăng nhận xét