Scan virus file is located in the directory C: \ RECYCLER with antiviral agents are able to detect this virus very well. Dhanti.info using Norman Security Suite.
After the scan is finished with a virus file delete the file status (defered) means the file will be deleted when windows restart.
Clean button and then click Close at the time Norman Security Suite also will ask the computer to restart.
To normalize the registry that has been re-created by a virus open Notepad then copy the script below:
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCR, batfile\shell\open\command,,,"""%1"" %*"
HKCR, comfile\shell\open\command,,,"""%1"" %*"
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, piffile\shell\open\command,,,"""%1"" %*"
HKCR, lnkfile\shell\open\command,,,"""%1"" %*"
HKCR, scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
HKLM, SOFTWARE\Classes\exefile\DefaultIcon,,,""%1""
HKLM, SOFTWARE\Classes\exefile,,,"Application"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
[del]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run, Task Manager
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Manager Task
HKCR, exefile, NeverShowExt
HKCR, CLSID\{10020D75-0000-0000-C000-000000000000}
HKLM, SOFTWARE\Classes\CLSID\{10020D75-0000-0000-C000-000000000000}
Save with the name "repair.inf" select Save As Type to All Files.
Run repair.inf with right click and select install.
Remove files created by the virus with the following characteristics:
Type file “application”
Extension “exe”
File size 168kb
To facilitate the search process of the virus files use "Search Windows" with the filter *. exe file that has 168 KB size and date modified 7/8/2008.
Next delete "FullHouse Drive" on the Desktop, My Computer and Contol Panel.
Done.
Thanks.
0 comments:
Post a Comment