Pages

Minggu, 02 Desember 2012

6 Langkah PRAKTIS Membasmi VIRUS CNN




Langkah PRAKTIS Membasmi VIRUS CNN - Lakukan proses pembersihan pada mode “safe mode” Matikan service virus yang aktif. Untuk mematikan service virus lakukan langkah berikut : Klik [ start ] - Klik [ Run ] - Ketik [ Services.msc ] - Klik kanan service CbEvtSvc.exe kemudian pilih Properties - Pastikan pada menu “Services status” = Started - Pada kolom [ startup type ] pilih “Disable” - Klik “Ok”. Perbaiki registry windows yang telah diubah oleh virus, Silahkan salin script di bawah ini pada program notepad kemudian simpan dengan nama repair.inf, jalankan file tersebut dengan cara sebagai berikut ini : Klik kanan repair.inf - Klik Install,....


[Version]

Signature=”$Chicago$” 

Provider=Vaksincom Oyee


[DefaultInstall]  AddReg=UnhookRegKey  DelReg=del  [UnhookRegKey]  HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1?” %*”  HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1?” %*”  HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1?” %*”  HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1?” %*”  HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1?”  HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1?” %*”  HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”  HKCU, Control Panel\Desktop, ConvertedWallpaper,0, “”  HKCU, Control Panel\Desktop, OriginalWallpaper,0, “”  HKCU, Control Panel\Desktop, SCRNSAVE.EXE,0, “”  HKCU, Control Panel\Desktop, Wallpaper,0, “”  HKCU, Software\Microsoft\Internet Explorer\Desktop\General, BackupWallpaper,0, “”  HKCU, Software\Microsoft\Internet Explorer\Desktop\General, Wallpaper,0, “” 


[del]  HKLM, Software\Microsoft\Windows\CurrentVersion\Run, lphc7nvj0e52e  HKLM, Software\Microsoft\Windows\CurrentVersion\Run, services  HKLM, Software\Microsoft\Windows\CurrentVersion\Run, SMrhc3nvj0e52e  HKLM, Software\Microsoft\Windows\CurrentVersion\Run, rhc3nvj0e52e.exe  HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispBackgroundPage  HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispScrSavPage  HKLM, SYSTEM\CurrentControlSet\Services\6127a5e3  HKLM, SYSTEM\ControlSet002\Services\6127a5e3  HKLM, SYSTEM\ControlSet001\Services\6127a5e3  HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc  HKLM, SYSTEM\ControlSet002\Services\CbEvtSvc  HKLM, SYSTEM\CurrentControlSet\Services\CbEvtSvc  HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc  HKLM, SYSTEM\CControlSet002\Services\CbEvtSvc  HKLM, SOFTWARE\Microsoft\software notifier  HKLM, software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e  HKLM, software\rhc3nvj0e52e  HKLM, software\Microsoft\Windows\CurrentVersion, rhc3nvj0e52e  HKLM, software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform  HKLM, SOFTWARE\Microsoft\Software Notifier  HKLM, SYSTEM\ControlSet001\Services\125c1fb5  HKLM, SYSTEM\ControlSet002\Services\125c1fb5  HKLM, SYSTEM\CurrentControlSet\Services\125c1fb5








Hapus file virus berikut ini :



    * C:\WINDOWS\system32\CbEvtSvc.exe    


    * C:\Documents and Settings\Elvina\Local Settings\Temp\lfq0kzgs.exe

    * C:\Documents and Settings\Elvina\Local Settings\Temp\.xx1.tmp.vbs 


       ( xx menunjukan karakter acak ).

    * C:\Documents and Settings\All Users\Start Menu\Programs\Startup


       \smss.exe

    * C:\WINDOWS\system32\lphc7nvj0e52e.exe

    * C:\WINDOWS\system32\phc7nvj0e52e.bmp

    * C:\WINDOWS\system32\phc7nvj0e52e.bmp

    * C:\WINDOWS\system32\blphc7nvj0e52e.scr

    * C:\WINDOWS\system32\phc7nvj0e52e.bmp

    * C:\windows\system32\drivers\xxx.sys (xxx menunjukan karakter acak

       dengan ukuran 108 KB, contohnya 6127a5e3.sys atau 125c1fb5.sys)

    * C:\Documents and Settings\LocalService\Application Data\584289103.exe

    * C:\Program Files\rhc3nvj0e52e

    * C:\Windows\system32\pphc7nvj0e52e.exe

    * C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e

    * C:\Documents and Settings\Elvina\Application Data\rhc3nvj0e52e.exe

    * C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008

    * C:\Documents and Settings\Elvina\Application Data\Microsoft\Internet Explorer

       \Quick Launch\Antivirus XP 2008.lnk

    * C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk

    * C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk






Hapus file temporary dengan menggunakan tools ATF Cleaner untuk Windows XP, Silahkan download tools berikut di alamat: ATF Cleaner ]>> Pembersihan optimal dan mencegah infeksi ulang silahkan gunakan antivirus yang up-to-date dan dapat mengenali virus ini dengan baik,...