Perkembangan Virus di Indonesia sangat cepat dan mengagumkan dibawah ini 7 cara membasmi virus koplax ez salah saya maksud K0pL4xZ
Cara membasmi K0pL4xZ
1. Putuskan komputer yang akan dibersihkan dari jaringan (LAN)
2. Matikan "System Restore" selama proses pembersihan.
3. Matikan proses virus yang aktif di memory. Gunakan tools KillVB untuk mematikan proses di memory.
Silahkan downlod tools tersebut di alamat berikut:
http://www.compactbyte.com/brontok/killvb.zip
Mematikan proses virus menggunakan KillVB
4. Fix registry yang sudah di ubah oleh virus. Untuk mempercepat proses perbaikan registry salin script dibawah ini pada program “notepad” kemudian simpan dengan nama "Repair.inf". Jalankan file tersebut dengan cara:
- Klik kanan repair.inf
- Klik Install
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SOFTWARE\Classes\exefile,,,application
HKCU, Software\Microsoft\Internet Explorer\Main, start page,0, "about:blank"
HKCU, Software\Microsoft\Internet Explorer\Main, Search Page,0, "about:blank"
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
HKLM,SOFTWARE\Microsoft\WindowsNT\CurrentVersion,RegisteredOrganization,0, "Organization"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, "Owner"
HKLM,SOFTWARE\Classes\txtfile,FriendlyTypeName,0, "@C:\Windows\system32\notepad.exe,-469"
HKLM, SOFTWARE\Classes\Word.Document.8,,,"Microsoft Word Document"
HKLM, SOFTWARE\Classes\Word.Document.8\DefaultIcon,,,"C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe,1"
HKLM, SOFTWARE\Classes\PowerPoint.Show.8,,, "Microsoft PowerPoint Presentation"
HKLM, SOFTWARE\Classes\PowerPoint.Show.8\DefaultIcon,,,"C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe,1"
HKLM, SOFTWARE\Classes\Excel.Sheet.8,,,"Microsoft Excel Worksheet"
HKLM, SOFTWARE\Classes\Excel.Sheet.8\DefaultIcon,,,"C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe,1"
HKLM, SOFTWARE\Classes\Access.Application.11,,,"Microsoft Office Access Application"
HKLM, SOFTWARE\Classes\Access.Application.11\DefaultIcon,,,"C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe,1"
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0x00010001,1
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt, 0x00010001,0
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden, 0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,WarningIfNotDefault,0,"@shell32.dll,-28964"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DIsablecmd
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableRegistryTools
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableTaskMgr
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, System
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, shell
HKCU, Software\Policies\Microsoft\Windows\System, DisableCMD
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, WarningIfNotDefault
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run, cintaku
HKLM, SOFTWARE\Classes\exefile, FriendlyTypeName
atau Download repair.inf
5. Hapus file “C:\Windows\desktop.ini” (file yang berfungsi untuk merubah icon Windows menjadi icon Control Panel). Gunakan dos prompt untuk menghapus file tersebut.
6. Cari dan hapus file induk virus di Hard Disk dan Flash Disk dengan terlebih dahulu menampilkan file yang tersembunyi. Untuk mempcepan pencarian gunakan fungsi “Search Windows”.
Kemudian hapus file induk virus yang mempunyai ciri-ciri:
* Icon "Windows Media Player" clasic / 3GP Video Format
* Ukuran 31 KB
* Ekstensi EXE, PIF, COM dan SCR
* Type file "Application"
Hapus juga file berikut
* C:\Autorun.inf (setiap root drive: c:\ atau D:\)
* C:\Desktop.ini (setiap root drive: c:\ atau D:\)
* c:\A Letter 4 Ghe@.txt (setiap root drive: c:\ atau D:\)
* C:\K0pL4xZ@kUdO_5h0P.txt (setiap root drive: c:\ atau D:\)
* C:\K0pL4xZ@KudoShop (disetiap root drive dan Flash Disk)
* C:\Documents and Settings\All Users\Desktop\A Letter 4 Ghe@.inf
* C:\[spasi] WINDOWS
* C:\[spasi] WIndows\Zx4Lp0K.html
7. Untuk pembersihan optimal dan mencegah infeksi ulang, scan dengan menggunakan Antivirus yang up-to-date seperti Norman Security Suite.
Jika anda ingin mencoba Norman Security Suite, silahkan download di url
http://www.norman.com/Download/Trial_versions/
disadur dari vaksin
Cara membasmi K0pL4xZ
1. Putuskan komputer yang akan dibersihkan dari jaringan (LAN)
2. Matikan "System Restore" selama proses pembersihan.
3. Matikan proses virus yang aktif di memory. Gunakan tools KillVB untuk mematikan proses di memory.
Silahkan downlod tools tersebut di alamat berikut:
http://www.compactbyte.com/brontok/killvb.zip
Mematikan proses virus menggunakan KillVB
4. Fix registry yang sudah di ubah oleh virus. Untuk mempercepat proses perbaikan registry salin script dibawah ini pada program “notepad” kemudian simpan dengan nama "Repair.inf". Jalankan file tersebut dengan cara:
- Klik kanan repair.inf
- Klik Install
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SOFTWARE\Classes\exefile,,,application
HKCU, Software\Microsoft\Internet Explorer\Main, start page,0, "about:blank"
HKCU, Software\Microsoft\Internet Explorer\Main, Search Page,0, "about:blank"
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
HKLM,SOFTWARE\Microsoft\WindowsNT\CurrentVersion,RegisteredOrganization,0, "Organization"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, "Owner"
HKLM,SOFTWARE\Classes\txtfile,FriendlyTypeName,0, "@C:\Windows\system32\notepad.exe,-469"
HKLM, SOFTWARE\Classes\Word.Document.8,,,"Microsoft Word Document"
HKLM, SOFTWARE\Classes\Word.Document.8\DefaultIcon,,,"C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe,1"
HKLM, SOFTWARE\Classes\PowerPoint.Show.8,,, "Microsoft PowerPoint Presentation"
HKLM, SOFTWARE\Classes\PowerPoint.Show.8\DefaultIcon,,,"C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe,1"
HKLM, SOFTWARE\Classes\Excel.Sheet.8,,,"Microsoft Excel Worksheet"
HKLM, SOFTWARE\Classes\Excel.Sheet.8\DefaultIcon,,,"C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe,1"
HKLM, SOFTWARE\Classes\Access.Application.11,,,"Microsoft Office Access Application"
HKLM, SOFTWARE\Classes\Access.Application.11\DefaultIcon,,,"C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe,1"
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0x00010001,1
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt, 0x00010001,0
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden, 0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,WarningIfNotDefault,0,"@shell32.dll,-28964"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DIsablecmd
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableRegistryTools
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableTaskMgr
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, System
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, shell
HKCU, Software\Policies\Microsoft\Windows\System, DisableCMD
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, WarningIfNotDefault
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run, cintaku
HKLM, SOFTWARE\Classes\exefile, FriendlyTypeName
atau Download repair.inf
5. Hapus file “C:\Windows\desktop.ini” (file yang berfungsi untuk merubah icon Windows menjadi icon Control Panel). Gunakan dos prompt untuk menghapus file tersebut.
6. Cari dan hapus file induk virus di Hard Disk dan Flash Disk dengan terlebih dahulu menampilkan file yang tersembunyi. Untuk mempcepan pencarian gunakan fungsi “Search Windows”.
Kemudian hapus file induk virus yang mempunyai ciri-ciri:
* Icon "Windows Media Player" clasic / 3GP Video Format
* Ukuran 31 KB
* Ekstensi EXE, PIF, COM dan SCR
* Type file "Application"
Hapus juga file berikut
* C:\Autorun.inf (setiap root drive: c:\ atau D:\)
* C:\Desktop.ini (setiap root drive: c:\ atau D:\)
* c:\A Letter 4 Ghe@.txt (setiap root drive: c:\ atau D:\)
* C:\K0pL4xZ@kUdO_5h0P.txt (setiap root drive: c:\ atau D:\)
* C:\K0pL4xZ@KudoShop (disetiap root drive dan Flash Disk)
* C:\Documents and Settings\All Users\Desktop\A Letter 4 Ghe@.inf
* C:\[spasi] WINDOWS
* C:\[spasi] WIndows\Zx4Lp0K.html
7. Untuk pembersihan optimal dan mencegah infeksi ulang, scan dengan menggunakan Antivirus yang up-to-date seperti Norman Security Suite.
Jika anda ingin mencoba Norman Security Suite, silahkan download di url
http://www.norman.com/Download/Trial_versions/
disadur dari vaksin
Tidak ada komentar:
Posting Komentar