Monday, December 29, 2008

virus "bad brother"

paste code berikut ke notepad.. kemudian save dengan nama remover.bat.. simpan ke drive C

code :
del C:\windows\bad1.exe /f
del C:\windows\bad2.exe /f
del C:\windows\bad3.exe /f
del C:\windows\system.exe /f
del C:\windows\bad1.exe /a /f
del C:\windows\bad2.exe /a /f
del C:\windows\bad3.exe /a /f
del C:\windows\system.exe /a /f

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
echo "NoRun"=dword:00000000
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
echo "NoFolderOptions"=dword:00000000
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
echo "NoFolderOptions"=dword:00000000
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
echo "DisableRegistryTools"=dword:00000000
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
echo "DisableTaskMgr"=dword:00000000
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
echo "DisableTaskMgr"=dword:00000000

untuk repair nya paste script di bawah ini ke notepad and save dengan repair.vbs... kemudian klik 2x

code :
dim rg,std,a,b,c,t
a = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\"
b = "HKEY_LOCAL_MACHINE\Software\Microsoft\WIndows NT\Image File Execution Options\"
std = chr(34) & "%1" & chr(34) & " %*"
set rg=createobject("wscript.shell")

t=msgbox("repair g nih????)",36,"code:darkzeus")
if t = 6 then
do
sehat
loop until i = 1
else
sehat
end if

sub sehat()

rg.regwrite a & "System\DisableRegistryTools",0,"REG_DWORD"
rg.regwrite a & "System\DisableTaskMgr",0,"REG_DWORD"
rg.regwrite a & "System\DisableCMD",0,"REG_DWORD"
rg.regwrite a & "Explorer\NoFolderOptions",0,"REG_DWORD"
rg.regwrite b & "msconfig.exe\Debugger",""
rg.regwrite b & "regedit.exe\Debugger",""
rg.regwrite b & "cmd.exe\Debugger",""
rg.regwrite "HKEY_CLASSES_ROOT\.exe\","exefile"
rg.regwrite "HKEY_CLASSES_ROOT\.com\","comfile"
rg.regwrite "HKEY_CLASSES_ROOT\.bat\","batfile"
rg.regwrite "HKEY_CLASSES_ROOT\.lnk\","lnkfile"
rg.regwrite "HKEY_CLASSES_ROOT\.pif\","piffile"
rg.regwrite "HKEY_CLASSES_ROOT\exefile\shell\open\command\",std
rg.regwrite "HKEY_CLASSES_ROOT\batfile\shell\open\command\",std
rg.regwrite "HKEY_CLASSES_ROOT\comfile\shell\open\command\",std
rg.regwrite "HKEY_CLASSES_ROOT\lnkfile\shell\open\command\",std
rg.regwrite "HKEY_CLASSES_ROOT\piffile\shell\open\command\",std
end sub


semoga membantu.. thx to darkzeus @kaskus
Diposting oleh Jund di 1:01 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Template by:
Free Blog Templates