ea_ngel
Hikari Master
Jumlah posting : 657
Reputation : 2
Join date : 2008-04-18
Status
Race: Undead
Class: Magician
 | | Subject: 6 Langkah Membersihkan Virus 'CNN' Tue Aug 19, 2008 11:58 am | |
|  W32/DLoader.ITOA mencoba memanipulasi isi berita CNN dengan cara mengirimkan e-mail yang seolah-olah dikirim dari kantor berita internasional tersebut. Di e-mail disertakan link-link berita palsu dengan subyek berjudul CNN.com Daily Top 10.
Virus ini akan membuat komputer seolah-olah error dengan cara menampilkan layar blue screen palsu. Bagaimana cara membasminya? Simak tips berikut ini:
1. Lakukan proses pembersihan pada mode "safe mode".
2. Matikan service virus yang aktif. Untuk mematikan service virus lakukan langkah berikut
Klik [start]
Klik [Run]
Ketik [Services.msc]
Klik kanan service CbEvtSvc.exe kemudian pilih Properties
Pastikan pada menu "Services status" = Started
Pada kolom [startup type] pilih "Disable"
Klik "Ok"
3. Perbaiki registry windows yang telah diubah oleh virus. Silahkan salin script di bawah ini pada program notepad kemudian simpan dengan nama repair.inf, jalankan file tersebut dengan cara:
Klik kanan repair.inf
Klik Install
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKCU, Control Panel\Desktop, ConvertedWallpaper,0, ""
HKCU, Control Panel\Desktop, OriginalWallpaper,0, ""
HKCU, Control Panel\Desktop, SCRNSAVE.EXE,0, ""
HKCU, Control Panel\Desktop, Wallpaper,0, ""
HKCU, Software\Microsoft\Internet Explorer\Desktop\General, BackupWallpaper,0, ""
HKCU, Software\Microsoft\Internet Explorer\Desktop\General, Wallpaper,0, ""
[del]
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, lphc7nvj0e52e
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, services
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, SMrhc3nvj0e52e
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, rhc3nvj0e52e.exe
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispBackgroundPage
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispScrSavPage
HKLM, SYSTEM\CurrentControlSet\Services\6127a5e3
HKLM, SYSTEM\ControlSet002\Services\6127a5e3
HKLM, SYSTEM\ControlSet001\Services\6127a5e3
HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc
HKLM, SYSTEM\ControlSet002\Services\CbEvtSvc
HKLM, SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc
HKLM, SYSTEM\CControlSet002\Services\CbEvtSvc
HKLM, SOFTWARE\Microsoft\software notifier
HKLM, software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e
HKLM, software\rhc3nvj0e52e
HKLM, software\Microsoft\Windows\CurrentVersion, rhc3nvj0e52e
HKLM, software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKLM, SOFTWARE\Microsoft\Software Notifier
HKLM, SYSTEM\ControlSet001\Services\125c1fb5
HKLM, SYSTEM\ControlSet002\Services\125c1fb5
HKLM, SYSTEM\CurrentControlSet\Services\125c1fb5
4. Hapus file virus berikut ini:
C:\WINDOWS\system32\CbEvtSvc.exe
C:\Documents and Settings\Elvina\Local Settings\Temp\lfq0kzgs.exe
C:\Documents and Settings\Elvina\Local Settings\Temp\.xx1.tmp.vbs (xx menunjukan karakter acak).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe
C:\WINDOWS\system32\lphc7nvj0e52e.exe
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\blphc7nvj0e52e.scr
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\windows\system32\drivers\xxx.sys (xxx menunjukan karakter acak dengan ukuran 108 KB, contohnya 6127a5e3.sys atau 125c1fb5.sys)
C:\Documents and Settings\LocalService\Application Data\584289103.exe
C:\Program Files\rhc3nvj0e52e
C:\Windows\system32\pphc7nvj0e52e.exe
C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e
C:\Documents and Settings\Elvina\Application Data\rhc3nvj0e52e.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\Elvina\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
5. Hapus file temporary dengan menggunakan tools ATF Cleaner untuk Windows XP, silahkan download tools berikut di alamat: http://www.majorgeeks.com/ATF_Cleaner_d4949.html
6. Untuk pembersihan optimal dan mencegah infeksi ulang silahkan gunakan antivirus yang up-to-date dan dapat mengenali virus ini dengan baik. Referensi : Vaksin.com | |
|
M364TR0N
Hikari Addict
Jumlah posting : 106
Reputation : 0
Join date : 2008-05-17
| | Subject: Re: 6 Langkah Membersihkan Virus 'CNN' Tue Aug 19, 2008 8:51 pm | |
| thax kk atas info nya  | |
|
ea_ngel
Hikari Master
Jumlah posting : 657
Reputation : 2
Join date : 2008-04-18
Status
Race: Undead
Class: Magician
| | Subject: Re: 6 Langkah Membersihkan Virus 'CNN' Tue Aug 19, 2008 9:48 pm | |
| | |
|
cyber
Hikari Newbie
Jumlah posting : 4
Reputation : 0
Join date : 2008-06-14
| | Subject: Re: 6 Langkah Membersihkan Virus 'CNN' Thu Sep 04, 2008 10:29 am | |
| maju terus bro.......  | |
|
chevi
Hikari Newbie
Jumlah posting : 5
Reputation : 0
Join date : 2009-08-12
| | Subject: Re: 6 Langkah Membersihkan Virus 'CNN' Wed Aug 12, 2009 8:21 pm | |
| thanks ya info nya ... mantapppp .....  | |
|
Sponsored content
| | Subject: Re: 6 Langkah Membersihkan Virus 'CNN' | |
| |
|
