A computer virus is utilizing the popularity of Facebook to attack the victim. Refer the ways to clean Virus aka W32/Obfuscated.D2 Facebook! Genr and Antispyware Security Tools - antispyware fake - that accompany the article Vaksincom following:
1.Disable system restore during the cleaning process
2.Disconect computer from the network / internet
3.Better do cleaning at mode "safe mode"
4.Install software "Unlocker" (download at FileHippo)
5.Turn off active virus process at memory , use the tools "Security Task Manager", please download these tools in Neuber.com
Turn off the virus with "security task manager"
6.Fix registry, to accelerate the process of repair registry please copy this script in notepad and save it with the name [repair.inf]. Execute the following manner:
a.Right click [repair.inf]
b.Click [install]
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKCU, Software \ Microsoft \ Internet Explorer \ Main, tart Page, 0, 'about: blank "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, userinit, 0, "userinit.exe"
[del]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, reader_s
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, 47543326
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, PromoReg
HKCU, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, reader_s
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, EnableProfileQuota
HKEY_LOCAL_MACHINE \ SOFTWARE \ AGProtect
HKEY_LOCAL_MACHINE \ SOFTWARE \ 47543326
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Network, UID
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion, Rlist
HKU,. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ (43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6)
HKU,. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ (8FFA689D-2C2B-2B2E-D865-74C04CA4EF06)
7. Remove files created by the virus by first showing hidden files. Then delete the following files::
C: \ Documents and Settings \ All Users \ Application Data \ 47543326
C: \ Documents and Settings \ Elvina \ Start Menu \ Programs \ Security Tools.lnk
C: \ Documents and Settings \ Elvina \ Desktop \ Security Tools.lnk
C: \ Documents and Settings \ Elvina \ Application Data \ wiaservg.log
C: \ Documents and Settings \ Elvina \ Local Settings \ Temp \ *. tmp
C: \ WINDOWS \ Temp \ wpv311256600826.exe
C: \ WINDOWS \ Temp \ wpv411256806849.exe
C: \ Documents and Settings \% user% \ reader_s.exe
C: \ Documents and Settings \% user% \ Start Menu \ Programs \ Startup \ isqsys32.exe
C: \ WINDOWS \ system32 \ reader_s.exe
C: \ Windows \ system32 \ wbem \ proquota.exe
C: \ windows \ system32 \ sdra64.exe
C: \ Windows \ system32 \ lowsec
local.ds
user.ds
user.ds.lll
Note:
To remove the folder [C: \ Windows \ system32 \ lowsec] and [C: \ windows \ system32 \ sdra64.exe], use the tools "Unlocker" to separate the process system process windows (explorer.exe and svchost.exe), because the file will inject file [explorer.exe and svchost.exe] how:
* Right click on the file [C: \ windows \ system32 \ sdra64.exe] or the [C: \ Windows \ system32 \ lowsec]
* Then click menu "Unlocker"
* On Unlocker screen, select the option [delete]
* Then click the [OK]
* If the error message, in disregard it (click ok)
8.Delete temporary files and temporary interet files, use the tools ATF-Cleaner.
9.For optimal cleaning and prevent re-infection, do scan with update anti-virus. You can also use tools to clean with Norman Malware Cleaner or Malwarebytes Anti-Malware.
No comments:
Post a Comment