Monday, December 29, 2008

virus "bad brother"

paste code berikut ke notepad.. kemudian save dengan nama remover.bat.. simpan ke drive C

code :
del C:\windows\bad1.exe /f
del C:\windows\bad2.exe /f
del C:\windows\bad3.exe /f
del C:\windows\system.exe /f
del C:\windows\bad1.exe /a /f
del C:\windows\bad2.exe /a /f
del C:\windows\bad3.exe /a /f
del C:\windows\system.exe /a /f

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
echo "NoRun"=dword:00000000
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
echo "NoFolderOptions"=dword:00000000
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
echo "NoFolderOptions"=dword:00000000
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
echo "DisableRegistryTools"=dword:00000000
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
echo "DisableTaskMgr"=dword:00000000
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
echo "DisableTaskMgr"=dword:00000000

untuk repair nya paste script di bawah ini ke notepad and save dengan repair.vbs... kemudian klik 2x

code :
dim rg,std,a,b,c,t
a = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\"
b = "HKEY_LOCAL_MACHINE\Software\Microsoft\WIndows NT\Image File Execution Options\"
std = chr(34) & "%1" & chr(34) & " %*"
set rg=createobject("wscript.shell")

t=msgbox("repair g nih????)",36,"code:darkzeus")
if t = 6 then
do
sehat
loop until i = 1
else
sehat
end if

sub sehat()

rg.regwrite a & "System\DisableRegistryTools",0,"REG_DWORD"
rg.regwrite a & "System\DisableTaskMgr",0,"REG_DWORD"
rg.regwrite a & "System\DisableCMD",0,"REG_DWORD"
rg.regwrite a & "Explorer\NoFolderOptions",0,"REG_DWORD"
rg.regwrite b & "msconfig.exe\Debugger",""
rg.regwrite b & "regedit.exe\Debugger",""
rg.regwrite b & "cmd.exe\Debugger",""
rg.regwrite "HKEY_CLASSES_ROOT\.exe\","exefile"
rg.regwrite "HKEY_CLASSES_ROOT\.com\","comfile"
rg.regwrite "HKEY_CLASSES_ROOT\.bat\","batfile"
rg.regwrite "HKEY_CLASSES_ROOT\.lnk\","lnkfile"
rg.regwrite "HKEY_CLASSES_ROOT\.pif\","piffile"
rg.regwrite "HKEY_CLASSES_ROOT\exefile\shell\open\command\",std
rg.regwrite "HKEY_CLASSES_ROOT\batfile\shell\open\command\",std
rg.regwrite "HKEY_CLASSES_ROOT\comfile\shell\open\command\",std
rg.regwrite "HKEY_CLASSES_ROOT\lnkfile\shell\open\command\",std
rg.regwrite "HKEY_CLASSES_ROOT\piffile\shell\open\command\",std
end sub


semoga membantu.. thx to darkzeus @kaskus

I'm four2one.virus

cara basminya
  1. matikan koneksi inet
  2. matikan system restore caranya ada di page 1
  3. Restart PC masuk Save Mode, (tekan f6 atau f8 untuk masuk ke SAVE MODE saat windows boot), Masuk Control Panel Windows, kemudian klick Mouse, Seting Mouse pada pointer speed menjadi midle untuk Basmi Virus i’m four2one
  4. gunakan PC MAV

    http://pcmav.biz/

    ato ansav

    www.ansav.com

    ato smadav

    www.smadav.net
  5. setelah Clean, Restart PC Dan Biarkan Masuk Ke windows Normal
  6. Klik RUN, Masukkan Regedit.
  7. Klik EDIT >FIND , pastikan anda memasukkan Keyword “Please Look at me” , setelah ditemukan lakukan delete registry tersebut.
  8. Klik EDIT+FIND ,masukkan keyword “four2one”, kemudian delete lagi.
  9. klo udah restart pc anda n lakukan langkah2 masalah yg terjadi setelah terkena virus (klo ansav msh eror linknya silahkan pakai smadav..cukup discan lalu pada tab infected registry value pilih select all n fix all)
  10. lakukan basic computer maintenance
semoga membantu,..
thx to kocak_gober @kaskus

Template by:
Free Blog Templates