Remove and turn off the active virus. Norman Malware Cleaner Use to turn off and remove the virus. You can download the following link:
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
We recommend that you download on a clean computer, or save the file with another executable file extensions such as com or cmd.
Before you run Norman Malware Cleaner files, you should first change the file extension to be com or cmd, or you kompress into zip file. Run the file that is located in a zip or already turned into com or cmd.
Norman Malware Cleaner can remove the virus, clean virus infected files, and restore the infected drivers.
After the cleaning process is complete, restart your computer immediately suggested.
Remove string registry that was created by the virus. To make it easier to use the following registry script.
[Version]
Signature="$Chicago$"
Provider=Vaksincom Gendong Virut Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0x00010001, 1
HKLM, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile, EnableFirewall, 0x00010001, 1
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, reader_s
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, servises
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Windows, load
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Windows, run
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, reader_s
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, servises
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 22951
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Regedit32
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS
HKLM, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandarProfile\AuthorizedApplications\List, \\??\C:\WINDOWS\system32\winlogon.exe
HKLM, SOFTWARE\Policies\Microsoft\WindowsFirewall
Use the notepad, then save with the name "repair.inf" (use the Save As Type option to All Files to avoid mistakes).
As anticipated, if still not able to connect in a network or an error was network drives, network drivers should replace the file "ndis.sys" (size 179 kb) and "TCPIP.SYS" (size 351 kb) from uninfected computers. Usually the file is located in C: \ WINDOWS \ system32 \ drivers and C: \ WINDOWS \ system32 \ dllcache
Return the hosts file is infected. Replace the file "hosts" (size 1 kb) from uninfected computer. Usually located at C: \ WINDOWS \ system32 \ drivers \ etc. You can also use the tools of change hosts file is "HostsXpert". You can download the following link:
http://www.funkytoad.com/download/HostsXpert.zip
In hostsxpert you can restore back to its original hosts file.
For optimal cleaning and prevent re-infection, antiviral agents should use an updated and can detect and eradicate this virus very well.
Done.
0 comments:
Post a Comment