Stuxnet Virus, or also known as Winsta, devouring all the vacant land on the hard disk until full. According to Alfons Tanujaya, antivirus analysts from Vaksincom, to detikINET, Friday (07/30/2010), Indonesia is the country with the second largest Stuxnet victims in the world after Iran.
The virus initially spread from various adult sites, pirated programs and content 'gray' other was quite disturbing. Here are the steps to eradicate the virus, as manifested by antivirus analysts Vaksincom Adi Saputra:
1. Using Dr. Web CureIt
Adi suggested that the victim Winsta Stuxnet alias to download a virus removal software. Removal Tools called Dr.Web CureIt can be downloaded from the site FreeDrWeb.com
2. Registry Fix
Then, Adi registry suggest improvements in Windows that has been modified by a virus. How, first of all, copy the script below into WordPad file.
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0
HKLM, SOFTWARE\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
[del]
HKLM, SYSTEM\CurrentControlSet\Services\MRxCls
HKLM, SYSTEM\CurrentControlSet\Services\MRxNet
HKLM, SYSTEM\ControlSet001\Services\MRxCls
HKLM, SYSTEM\ControlSet002\Services\MRxNet
HKLM, SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_MRXClS
HKLM, SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_MRXNET
HKLM, SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_MRXClS
HKLM, SYSTEM\ControlSet002\Services\Enum\Root\LEGACY_MRXNET
Then, save the file with the name 'repair.inf'. Use the Save as type option to Text Document in order to avoid mistakes. Then, right click the file 'repair.inf', select 'Install' and restart the computer.
"Clean up temporary files, this in order to prevent the rest of the trojan is trying to become active again. Use tools such as ATF Cleaner or use the features of Windows that is the Disk Clean-Up," wrote Adi.
3. Emergency Solutions
In addition, the following is a script that can be used in emergencies to prevent re-infecting Winsta not. Save the following script with the name Winsta.bat (file type: Text)
@echo off
del /f c:\windows\system32\winsta.exe
rem rd c:\windows\system32\winsta.exe
md c:\windows\system32\winsta.exe
del /f c:\windows\system32\drivers\mrxnet.sys
rem rd c:\windows\system32\drivers\mrxnet.sys
md c:\windows\system32\drivers\mrxnet.sys
del /f c:\windows\system32\drivers\mrxcls.sys
rem rd c:\windows\system32\drivers\mrxcls.sys
md c:\windows\system32\drivers\mrxcls.sys
attrib +r +h +s c:\windows\system32\winsta.exe
attrib +r +h +s c:\windows\system32\drivers\mrxnet.sys
attrib +r +h +s c:\windows\system32\drivers\mrxnet.sys
Once completed, double-click the resulting file Winsta.bat. For optimal cleaning and prevent re-infection, re-use antivirus software that scans an updated and properly recognize this virus.
Thursday, August 5, 2010
Tips Cleaning Stuxnet Virus : Hardisk Eaters
7:25 AM
mixagrip
0 comments:
Post a Comment