Virus Rieysha is local virus anticipated come from Yogyakarta. Detected by as W32 / autorun.fcn, this virus [is] made with the Ianguage of pemrograman Borland Delphi 6.0 and use the icon TXT ( text document
Rieysha will peep out the message each time computer flamed or at the (time) of user open the file berekstensi . TXT, . BAT, . DOC or . THIS, what is one of its message content: " Darling When You Return To Indonesia? What [is] You Return By Hatimu [is] Which First?"
To clean it, correct reading the stages;steps in the following is :
Killing System Restore [of] during sweeping process .
Kill the virus process which active medium is memory. To kill this process [is] you can use the tools of substitution of task manager [of] like " Curr Process", later;then kill the process having icon " txt
Improve;Repair the registry Windows by making script [of] following [at] program notepad, later;then keep by the name of repair.inif. Running the file by: right click [of] repair.inf, last click the Install
Better make the file repair.inf in other;dissimilar computer is which virus infection [do] not [so that/ to be] virus [do] not return active or [at] program wordpad.
[Version]Signature="$Chicago$"Provider=Vaksincom Oyee[DefaultInstall]AddReg=UnhookRegKeyDelReg=del[UnhookRegKey]HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, "Organization"HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner ,0, "Owner"HKCU, Control Panel\International, s1159,0, "AM"HKCU, Control Panel\International, s2359,0, "PM"HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, "about:blank"HKLM, SOFTWARE\Classes\.sys,,,"sysfile"HKLM, SOFTWARE\Classes\.doc,,,"word.document.8"HKLM, SOFTWARE\Classes\.bat,,,"batfile"HKLM, SOFTWARE\Classes\.ini,,,"inifile"HKLM, SOFTWARE\Classes\.dll,,,"dllfile"HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\explorer, NoDriveTypeAutoRun,0x00010001,255[del]HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\run, RunDllHKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, WindllHKCU, Software\Microsoft\Windows\CurrentVersion\Policies, NoCloseHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\explorer, NoCloseHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\explorer, NoDrivesHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\explorer, NoFindHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\explorer, NoFolderOptionsHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\explorer, NoRunHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\explorer, NoViewOnDriveHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableCMDHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryToolsHKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgrHKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidenHKCU, SOFTWARE\Classes\exefile, Default
At the (time) of menyimpan of file repair.inf of at program wordpad, [at] column " save of ace type" select;choose the " Text Document
Vanish the virus file beforehand present the file which tersebunyi [of] [so that/ to be] process of file seeking more optimal. If folder option or drive master ( c:\) not yet come up the, logoff computer beforehand.C:\Program Files
RunDll.exe
KenanganJogja.exe
C\WINDOWS\rieysha.exeC:\Jadwal_Manggung.exeC:\PesanBuatKekasih.batC:\rieysha.exeC:\Windows
pesan.txt
rieysha.exe
C:\Windows\system32
Rahasiaku_Pacarku.exe
DaftarHacker_Blacklist.exe
Cerita_Panas_Mendebarkan.exe
Pesanku.doc
SuratCinta.exe
Autorun.inf
RieyshaAnakJogja.exe
Sampah.txt
notepad.exe
C\WINDOWS\system32\Restore\pesan1.txtC\WINDOWS\system
psene_seng_gawe.rtf
rieysha.exe
Jogja_virus_maker.exe
D\DiaryRieysha.exeD:\Puisi.txtE\CatatanTugas.exeH:\CeritaDewasa.exeG:\CatatanML.exeK\CeritaML.exe Look for the file rieysha_anak_jogja.txt, later;then rename become the MSVBVM60.DLL, afterwards copy the the file to directory " C:\Windows\System32
Alter the file name " C:\Windows\Bacaan_Anak_Tk.Txt" or " C:\Windows\ bacaanHot.txt" ( select;choose one of) becoming C:\Windows\Notepad.Exe. Later;Then alter also file name " C:\Windows\Readme.Txt" becoming " C:\Windows\Cmd.Exe
For the sweeping of optimal, use the antivirus able to detect and eradicate this virus better
Thursday, January 22, 2009
Step Eliminate the Virus Rieysha
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment