Jakarta - A virus is quite irritating to the nickname 'Luna Maya' has spread in Indonesia. This virus displays a message that seems to poke fun at fans of porn videos in Indonesia, with displays Pop Up saying "basis! Bokep brain .."
The virus also caused considerable impacts annoying. For instance, drive CD / DVD ROM will be kept open even though it was closed manually by the user.
Nicknamed 'Luna Maya' given to this virus because one file has a name spreading LunaMaya.exe. The virus is detected as Suspicious_Gen2.LBTU by Norman Security Suite.
Well, here are six steps to evict this virus as submitted by Adi Saputra, antivirus analysts from Vaksincom:
1. Perform cleaning of viruses on the mode "safe mode".
To enter the mode "safe mode", press the F8 key on the keyboard when the computer starts.
On the Windows Advanced Options menu, you can choose the mode "safe mode" or can also mode "safe mode with networking" and "command prompt". In order to more easily select just fashion "safe mode."
Let windows running until the confirmation window pops up use of "safe mode". (See figure 12)
Click the "Yes", to use the mode "safe mode" on the confirmation window.
2. Turn off the active virus in memory.
Use Task Manager replacement tool in this case use CurProcess. Download tools CurrProcess on the following link: http://www.nirsoft.net/utils/cprocess.zip
CurrProcess Run, and then locate the file viruses "Amoumain.exe". Left-click the virus file, then select the "Kill Selected Processes." If a virus file is missing, then close the window CurrProcess.
3. Fix windows registry is already in the modification of the virus with the following steps:
a. Copy this script to use WordPad. Click [Start] à [All Programs] à [Accessoris] à [WordPad].
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, ShowSuperHidden, 0x00010001, 1
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, SuperHidden, 0x00010001, 1
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, HideFileExt, 0x00010001, 0
HKLM, SOFTWARE \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
[Del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableTaskMgr
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ explorer, NoRun
b. Save the file with the name "repair.inf". Use the Save as type option to Text Document in order to avoid mistakes.
c. Right-click the file "repair.inf" then select "Install".
4. Remove virus file "Luna Maya" with the following characteristics:
Have the file type "Application"
Has a file size of "37 kb"
Having a MS Word file icon
Note:
To facilitate the search should use the Search function of Windows by using the filter files *. exe and *. inf and size 37 kb.
Delete virus files which usually have the same modified date.
Be sure to remove the main virus file like: Amoumain.exe, Luna Maya.exe, Love.exe, and nt.bat
Log-off computers, then log in again.
5. For optimal cleaning and prevent re-infection, re-use antivirus software that scans an updated and properly recognize this virus.
6. For USB flash drives or removable already damaged by a virus or format, should use recovery software to recover lost data.
(WSH / WSH)
Tidak ada komentar:
Posting Komentar