.webp)
Virus ini akan menyembunyikan file berekstensi .DOC, dengan cara membuat file duplikat sesuai dengan nama file yang disembunyikan untuk mengelabui user. Bagaimana cara membersihkan virus ini? Ikuti langkah berikut ini:
1. Putuskan komputer yang akan dibersihkan dari jaringan (LAN).
2. Nonaktifkan "System Restore" selama proses pembersihan (Windows XP).
3. Matikan proses virus. Untuk mematikan proses virus ini dapat menggunakan tools pengganti task manager seperti "Process explorer". Silahkan downlod tools tersebut di alamat berikut: http://download.sysinternals.com/Files/ProcessExplorer.zip.
SCROLL TO CONTINUE WITH CONTENT
Dim oWSH: Set oWSH = CreateObject("WScript.Shell")
on error resume Next
oWSH.Regwrite "HKEY_LOCAL_MACHINESoftwareCLASSESbatfileshellopencommand","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINESoftwareCLASSEScomfileshellopencommand","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINESoftwareCLASSESexefileshellopencommand","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINESoftwareCLASSESpiffileshellopencommand","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootAlternateShell","cmd.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINESYSTEMControlSet002ControlSafeBootAlternateShell","cmd.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootAlternateShell","cmd.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell","Explorer.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINESOFTWAREClassesVBSFileShellEditCommand","C:WindowsSystem32notepad.exe %1"
oWSH.Regwrite "HKEY_LOCAL_MACHINESOFTWAREClassesVBSFileDefaultIcon","C:WindowsSystem32WScript.exe,2"
oWSH.Regwrite "HKEY_LOCAL_MACHINESOFTWAREClassesinffileshellInstallcommand","C:windowsSystem32rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1"
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFind")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFolderOptions")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFileAssociate")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDrives")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistriTools")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableCMD")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegedit")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemRunLogonScriptSync")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemHideLegacyLogonScripts")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemHideLogoffScripts")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemHideStartupScripts")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemRunStartupScriptSync")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionrunJeNGKoL")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREClassesVBSFileNeverShowExt")
oWSH.Regwrite "HKEY_LOCAL_MACHINESOFTWAREClassesVBSFile","VBScript Script File"
oWSH.Regwrite "HKEY_LOCAL_MACHINESOFTWAREClassesVBSFileFriendlyTypeName","VBScript Script File"
oWSH.RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistriTools")
oWSH.RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr")
oWSH.RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegedit")
oWSH.RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemRunLogonScriptSync")
oWSH.RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableLUA")
oWSH.RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFolderOptions")
oWSH.RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNOFind")
oWSH.RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNORun")
oWSH.RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDrives")
oWSH.RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDriveAutoRun")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesWinOldApp")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsMsconfig.exe")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsregedit.exe")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscmd.exe")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstaskmgr.exe")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscmd.exe")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsregedit32.exe")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrstrui.exe")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsattrib.exe")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscommand.com")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsinstall.exedebugger")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssetup.exedebugger")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorerDisallowRun")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorerRun")
oWSH.RegDelete("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWindowsUpdate")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesActiveDesktop")
oWSH.RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun")
5. Hapus file duplikat yang dibuat oleh virus dengan ciri-ciri:
- Menggunakan icon JPEG atau VBS
- Ukuran 14 KB
- Type file JPEG Image atau VbScript Script File
Untuk mempermudah proses pencarian virus, silahkan gunakan fungsi Search windows. Jika fungsi Search masih belum muncul sebaiinya logoff komputer terlebih dahulu.
6. Untuk pembersihan optimal dan mencegah infeksi ulang, lindungi komputer Anda dengan anti virus yang sudah dapat mendeteksi dan membasmi virus ini. (dwn/dwn)
