Saturday, December 10, 2011

Clean shortcut virus in your PC

Again, the virus makes all the work to be hampered, though not all of the data removes viruses but the name is very annoying. Although virus does not destroy the document even though it still remains by inhibiting the work (process) conducted a computer.One virus that recently quite a hassle that is often called a shortcut virus, this virus does not damage our files, but only hides the original file and then create a new shortcut to the file so that when clicked shortcut we made a virus then the file / folder is not opened because it was not the original shortcut.
Once I tried to find a solution how to remove viruses shortcut with the help of google Sanya hosts found some blogs and the web that provide articles how to remove / clean shortcut virus , among other pretty good in my opinion as follows:
1. Turn off system restore our computer beforehand how to right click on the icon in My Computer, Properties, click the System Restore tab and then give a check mark in Turn Off System Restore on All Drives and click OK


2. Turn off the process of Wscript file located in C: \ Windows \ System32, by using tools such as CProcess, HijackThis or can also use the Task Manager of Windows

3. Once off the process of Wscript, we need to delete or to rename the file so not used for awhile by the virus
For the record, if we are to rename the files with automatic Wscript.exe, it will be copied again in the folder. Therefore, we must find where the file Wscript.exe others, usually in C: \ Windows \ $ NtServicePackUninstall $, C: \ Windows \ ServicePackFiles \ i386.
Unlike other VBS viruses, we can change the Open With from the vbs file into Notepad, the virus that means is berextensi MDB Microsoft Access file. So Wscript database.mdb will run the file as if he is a VBS file
4. Delete the parent file in C: \ Documents and Settings \ \ My Documents \ database.mdb, so that every time the computer starts will not load the file. And do not forget we are also open MSCONFIG, disable the run command.
5. Now we will delete the files autorun.inf. Microsoft.inf and Thumb.db. The trick, click the START button, type CMD, moved to the drive to be cleaned, for example, drive C: \, then we have to do is:
Type C: \ del Microsoft.inf / s, this command will delete microsoft.inf all files in all folders on drive C:. Meanwhile if you want to move the drive to stay just renamed drive example: D: \ del Microsoft.inf / s.
For the autorun.inf file, type C: \ autorun.inf del / s / ah / f, the command will delete the file autorun.inf (syntax / ah / f) is used as the file is taking attrib RSHA, as well as to file Thumb . db also do the same thing
6. To delete the files in addition to 4 files earlier, we must find a way search files with the extension. Lnk size 1 kb. In the 'More advanced options' make sure the option 'Search system folders' and 'Search hidden files and folders' are both checked.
"Please be careful, not all shortcut files / LNK file size of 1 kb is a virus, we can distinguish it from the icon, size and type. For the shortcut icon created viruses are always using the icon 'folder', size 1 kb and type 'shortcut '. While the correct folder should not have' size 'and the type is' File Folder'. "
7. Fix the registry has been altered by the virus. To expedite the process of repair registry copy the script below on the program 'notepad' and save it with the name 'repair.inf'. Execute the following ways:
Right-click repair.infClick Install[Version]Signature = "$ Chicago $"Provider = Vaksincom Oyee
[DefaultInstall]AddReg = UnhookRegKeyDelReg = del
[UnhookRegKey]HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"HKLM, SYSTEM \ ControlSet001 \ Control \ safeboot, AlternateShell, 0, "cmd.exe"HKLM, SYSTEM \ ControlSet002 \ Control \ safeboot, AlternateShell, 0, "cmd.exe"
[Del]HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, WinupdateHKCU, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, explorer
Tips on how to clean virus shortcut I get from the following: http://sugengsetyawan.blogspot.com/2009/02/cara-menghilangkan-virus-shortcut-di.html


0 comments:

Post a Comment

Twitter Delicious Facebook Digg Favorites More