miercuri, iulie 08, 2009

Devirusare Virus Alienmars, Bunga Citra Lestari, Asmirandah -


Creaza un restore point in start > Programs > accesories > system tools > restore point ( daca dai vreun rateu s-ar putea sa bulesti sistemul )

In task manager ( ctrl + alt + del ) dai end process la wscript.exe ( la toate...poate sa ruleze de mai multe ori )

Stergi :
Scurtatura asmiranda de pe desktop
Din start menu stergi shortcut Bunga-Citra-Lestari
Din Startup stergi shortcut Agnes-monica
In windows explorer dai ... view tool > folder option si debifezi uncheck hide protected operating system

C:\windows\ctfmon.exe.vbs
C:\Windows\System32\ctfmon.exe
C:\Mona_Krisna_Dewi.jpg.vbs
C:\windows\explore.vbs
C:\Windows\System32\mtask.exe
C:\Spiderman_3.gif.vbs

- autorun.inf si ctfmon.exe.vbs de pe fiecare partitie ... C:\, D:\ ...etc ... si de pe stick sau hard extern daca ai

stergi „folderele”AlienMars in regedit...Start > scri regedit > Enter

- HKEY_CLASSES_ROOT\Directory\shell\AlienMars
- HKEY_CLASSES_ROOT\Drive\shell\AlienMars
- HKEY_CLASSES_ROOT\Folder\shell\AlienMars
- HKEY_LOCAL_MACHINE\Software\classes\Directory\Shell\AlienMars
- HKEY_LOCAL_MACHINE\Software\classes\Drive\Shell\AlienMars
- HKEY_LOCAL_MACHINE\Software\classes\Folder\Shell\AlienMars


Start > scri regedit > Enter si modifici valorile din registri

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Advanced\Folder\Hidden\NOHIDDEN
CheckedValue 2
DefaultValue 2

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue 1
DefaultValue 2

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ Explorer\Advanced\Folder\SuperHidden
CheckedValue 0
DefaultValue 0
UncheckedValue 1

Stergi registrii :

- HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\Run
ctfmon.exe
-HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Msconfig\startupreq\ctfmon.exe
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
delete Search Page, LocalPage, Default_Search_URL, Default_page_URL

INLOCUIESTI in - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page C:\mona.htm cu www.google.com)


restart PC

PS: Unii pasi nu poti sa-i faci ca nu gasesti...treci peste
Mult NOROC si Multa SANATATE ...