Follow these steps to resolve it.
1. Disconnect the computer that will be cleared from the network.
2. Disable "System Restore" during the process of cleaning the virus.
3. Turn off the virus active in memory. Use task manager replacement tools, such as IceSword, HijackThis, Process Explorer or other tools that are not on the block by the virus.
4. Do terminate the process on a file virus is active, choose the suspicious process and then click on "terminate" button
5. Delete the registry string that was created by the virus. In this case, we still use the tools because the worm has IceSword disable repair function through registry script. The following steps are performed: Explore IceSword compress files that have been downloaded or can be extracted first, then run (click 2x) IceSword.exe file.
On the tab [Registry], delete the following string: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
In the right pane, delete the value "Windows". On the tab [Registry],
change the following string: HKEY_LOCAL_MACHINE SOFTWAREClassesbatfileshellOpencommand In the right pane, change value "(Default)" to ""% 1 "% *" HKEY_LOCAL_MACHINE SOFTWAREClassescmdfileshellOpencommand
In the right pane, change value "(Default)" to ""% 1 "% *" HKEY_LOCAL_MACHINE SOFTWAREClasseshtmlfileshellOpencommand
In the right pane, change value "(Default)" to "" C: Program FilesInternet Exploreriexplore.exe "-nohome" HKEY_LOCAL_MACHINE SOFTWAREClassesinffileshellOpencommand In the right pane,
change value "(Default)" to "% SystemRoot% System32rundll32.exe" HKEY_LOCAL_MACHINE SOFTWAREClassesregfileshellOpencommand In the right pane, change value "(Default)" to be "regedit.exe"% 1 "" HKEY_LOCAL_MACHINE SOFTWAREClassestxtfileshellOpencommand
In the right pane, change value "(Default)" to "% SystemRoot% System32NOTEPAD.EXE% 1"
To see the changes, you should log off / restart.
6. Delete virus files that have the characteristics of a virus
Note: We recommend that you show hidden files in order to simplify the process of finding the virus file. To simplify the search process should use the "Search Windows" with the filter files (eg *. exe) that have a maximum size that fit the characteristics of the virus. Delete virus files usually have the same date modified.
7. For optimal cleaning and prevent re-infection, you should use the Security Suite or AVG antivirus was updated and recognize this virus very well.
1. Disconnect the computer that will be cleared from the network.
2. Disable "System Restore" during the process of cleaning the virus.
3. Turn off the virus active in memory. Use task manager replacement tools, such as IceSword, HijackThis, Process Explorer or other tools that are not on the block by the virus.
4. Do terminate the process on a file virus is active, choose the suspicious process and then click on "terminate" button
5. Delete the registry string that was created by the virus. In this case, we still use the tools because the worm has IceSword disable repair function through registry script. The following steps are performed: Explore IceSword compress files that have been downloaded or can be extracted first, then run (click 2x) IceSword.exe file.
On the tab [Registry], delete the following string: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
In the right pane, delete the value "Windows". On the tab [Registry],
change the following string: HKEY_LOCAL_MACHINE SOFTWAREClassesbatfileshellOpencommand In the right pane, change value "(Default)" to ""% 1 "% *" HKEY_LOCAL_MACHINE SOFTWAREClassescmdfileshellOpencommand
In the right pane, change value "(Default)" to ""% 1 "% *" HKEY_LOCAL_MACHINE SOFTWAREClasseshtmlfileshellOpencommand
In the right pane, change value "(Default)" to "" C: Program FilesInternet Exploreriexplore.exe "-nohome" HKEY_LOCAL_MACHINE SOFTWAREClassesinffileshellOpencommand In the right pane,
change value "(Default)" to "% SystemRoot% System32rundll32.exe" HKEY_LOCAL_MACHINE SOFTWAREClassesregfileshellOpencommand In the right pane, change value "(Default)" to be "regedit.exe"% 1 "" HKEY_LOCAL_MACHINE SOFTWAREClassestxtfileshellOpencommand
In the right pane, change value "(Default)" to "% SystemRoot% System32NOTEPAD.EXE% 1"
To see the changes, you should log off / restart.
6. Delete virus files that have the characteristics of a virus
Note: We recommend that you show hidden files in order to simplify the process of finding the virus file. To simplify the search process should use the "Search Windows" with the filter files (eg *. exe) that have a maximum size that fit the characteristics of the virus. Delete virus files usually have the same date modified.
7. For optimal cleaning and prevent re-infection, you should use the Security Suite or AVG antivirus was updated and recognize this virus very well.
Tidak ada komentar:
Posting Komentar