Here are eight practical steps for ejecting a virus capable of transforming an existing folder on the USB flash disk into the shortcut:
1. Disable 'System Restore' for a while during the cleaning process.
2. Decide who will clean your computer from the network.
3. Turn off the virus active in memory by using the tools 'Ice Sword'. Once the tools are installed, select the file that has the icon "Microsoft Visual Basic Project 'then click' Terminate Process'. Please download these tools at http://icesword.en.softonic.com/
4. Delete the registry is created by the virus by:-. Click the [Start]-. Click [Run]-. Type Regedit.exe, and click the [OK]-. On application the Registry Editor, browse the key [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run]-. Then delete the key that has the data [C: \ Documents and Settings \% user%].
5. Disable autoplay / autorun Windows. Copy the script below in notepad and save it as repair.inf, install the following manner: Right-click repair.inf -> INSTALL
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer NoDriveTypeAutoRun, 0x000000ff, 255
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer NoDriveTypeAutoRun, 0x000000ff, 255
6. Delete Files parent and duplicate files are created by the virus included in the flash disk. To expedite the search process, you can use the 'Search'. Before conducting the search should show all hidden files by changing the Folder Options settings.
Do not get an error occurs when deleting a master file and duplicate files that have been created by the virus. Then delete the master files that have virus characteristics:
-. Icon 'Microsoft Visual Basic Project'.-. File Size 128 KB (for other variants will have varying sizes).-. Ekstesi file '. EXE' or '. SCR'.-. File type 'Application' or 'Screen Saver'.
Then delete the files that have duplicate shortcuts characteristics:
>. Folder icon or the icon>. Extension. LNK>. File Type 'Shortcut'>. 1 KB file size
Delete the file. DLL (example: ert.dll) and the Autorun.inf file on flash disk or a shared folder. Meanwhile, to avoid the virus is active again, delete the master file that has the extension EXE or SCR first and then remove Shortcut file (. LNK).
7. Unhide the folders have been hidden by the virus. To speed up the process, please download the tools Unhide Files and Folders in http://www.flashshare.com/bfu/download.html.
Once installed, select the directory [C: \ Documents and Settings] and folders that exist on the flash disk by sliding into a column that is already available. In the [Attributes] empty of all the options, then click the [Change Attributes].
8. Install security patches 'Microsoft Windows Shell shortcut handling remote code execution vulnerability, MS10-046'. Please download the security patch at http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx
As always, for optimal cleaning and menecegah re-infection, you should install and scan with antivirus is up-to-date and was able to detect this virus very well.
Original source: Vaccine [dot] com & detikinet [dot] com
keyword:
shortcuts, computer, download, the, latest, software, wordpress, windows, pif virus, computer viruses, tutorials, buttons, a, very, remove virus, the process of, on, other, category, because, internet, flash, flash disk, facebook, editor, classes, blogspot, many, autorun, applications, antivirus, anti virus
1. Disable 'System Restore' for a while during the cleaning process.
2. Decide who will clean your computer from the network.
3. Turn off the virus active in memory by using the tools 'Ice Sword'. Once the tools are installed, select the file that has the icon "Microsoft Visual Basic Project 'then click' Terminate Process'. Please download these tools at http://icesword.en.softonic.com/
4. Delete the registry is created by the virus by:-. Click the [Start]-. Click [Run]-. Type Regedit.exe, and click the [OK]-. On application the Registry Editor, browse the key [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run]-. Then delete the key that has the data [C: \ Documents and Settings \% user%].
5. Disable autoplay / autorun Windows. Copy the script below in notepad and save it as repair.inf, install the following manner: Right-click repair.inf -> INSTALL
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer NoDriveTypeAutoRun, 0x000000ff, 255
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer NoDriveTypeAutoRun, 0x000000ff, 255
6. Delete Files parent and duplicate files are created by the virus included in the flash disk. To expedite the search process, you can use the 'Search'. Before conducting the search should show all hidden files by changing the Folder Options settings.
Do not get an error occurs when deleting a master file and duplicate files that have been created by the virus. Then delete the master files that have virus characteristics:
-. Icon 'Microsoft Visual Basic Project'.-. File Size 128 KB (for other variants will have varying sizes).-. Ekstesi file '. EXE' or '. SCR'.-. File type 'Application' or 'Screen Saver'.
Then delete the files that have duplicate shortcuts characteristics:
>. Folder icon or the icon>. Extension. LNK>. File Type 'Shortcut'>. 1 KB file size
Delete the file. DLL (example: ert.dll) and the Autorun.inf file on flash disk or a shared folder. Meanwhile, to avoid the virus is active again, delete the master file that has the extension EXE or SCR first and then remove Shortcut file (. LNK).
7. Unhide the folders have been hidden by the virus. To speed up the process, please download the tools Unhide Files and Folders in http://www.flashshare.com/bfu/download.html.
Once installed, select the directory [C: \ Documents and Settings] and folders that exist on the flash disk by sliding into a column that is already available. In the [Attributes] empty of all the options, then click the [Change Attributes].
8. Install security patches 'Microsoft Windows Shell shortcut handling remote code execution vulnerability, MS10-046'. Please download the security patch at http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx
As always, for optimal cleaning and menecegah re-infection, you should install and scan with antivirus is up-to-date and was able to detect this virus very well.
Original source: Vaccine [dot] com & detikinet [dot] com
keyword:
shortcuts, computer, download, the, latest, software, wordpress, windows, pif virus, computer viruses, tutorials, buttons, a, very, remove virus, the process of, on, other, category, because, internet, flash, flash disk, facebook, editor, classes, blogspot, many, autorun, applications, antivirus, anti virus