SEARCH

Tuesday, August 31, 2010

3 How to Clean the Virus 'eaters Notebook'

Stuxnet Virus, or also known as Winsta, devouring all the vacant land on the hard drive until it is full. According to Alfons Tanujaya, antivirus analysts from Vaksincom, to ITGazine, Friday (07/30/2010), Indonesia is a country with the second largest number of victims Stuxnet in the world after Iran.

The virus initially spread from various porn sites, pirated programs and content 'gray' other was quite disturbing. Here are the steps eradicate the virus, such as antivirus Vaksincom spoken by the analyst Adi Saputra:


1. Using Dr. Web CureIt

Adi suggested the victim Winsta aka Stuxnet it to download the virus removal software.Removal Tools called Dr.Web CureIt it can be downloaded from the site FreeDrWeb.com


2. Registry Fix

Later, Adi suggested improvements to the modified Windows regitri by the virus. How, first of all, copy the script below into Wordpad files.

[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del

[UnhookRegKey]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, ShowSuperHidden, 0x00010001, 1
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, SuperHidden, 0x00010001, 1
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, HideFileExt, 0x00010001, 0
HKLM, SOFTWARE \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"

[Del]
HKLM, SYSTEM \ CurrentControlSet \ Services \ MRxCls
HKLM, SYSTEM \ CurrentControlSet \ Services \ MRxNet
HKLM, SYSTEM \ ControlSet001 \ Services \ MRxCls
HKLM, SYSTEM \ ControlSet002 \ Services \ MRxNet
HKLM, SYSTEM \ CurrentControlSet \ Services \ Enum \ Root \ LEGACY_MRXClS
HKLM, SYSTEM \ CurrentControlSet \ Services \ Enum \ Root \ LEGACY_MRXNET
HKLM, SYSTEM \ ControlSet001 \ Services \ Enum \ Root \ LEGACY_MRXClS
HKLM, SYSTEM \ ControlSet002 \ Services \ Enum \ Root \ LEGACY_MRXNET

Then, save the file with the name 'repair.inf'. Use the option to Save as type Text Document to avoid mistakes. Then, right-click the file 'repair.inf', select 'Install' and restart the computer.

"Clean up temporary files, this is for to prevent the rest of the trojan that tries to be active again. Use tools such as the ATF Cleaner or use the Windows feature of the Disk Clean-Up," wrote Adi.


3. Emergency Solutions

In addition, here is the script that can be used in emergencies to prevent Winsta not re-infect. Save the following script with the name Winsta.bat (file type: Text)

@ Echo off
del / f c: \ windows \ system32 \ winsta.exe
brake rd c: \ windows \ system32 \ winsta.exe
md c: \ windows \ system32 \ winsta.exe
del / f c: \ windows \ system32 \ drivers \ mrxnet.sys
brake rd c: \ windows \ system32 \ drivers \ mrxnet.sys
md c: \ windows \ system32 \ drivers \ mrxnet.sys
del / f c: \ windows \ system32 \ drivers \ mrxcls.sys
brake rd c: \ windows \ system32 \ drivers \ mrxcls.sys
md c: \ windows \ system32 \ drivers \ mrxcls.sys
attrib + r + h + s c: \ windows \ system32 \ winsta.exe
attrib + r + h + sc: \ windows \ system32 \ drivers \ mrxnet.sys
attrib + r + h + sc: \ windows \ system32 \ drivers \ mrxnet.sys

When finished, double click the file Winsta.bat generated. For optimal cleaning and prevent re-infection, re-scan using updated antivirus and recognize this virus very well.

Best Article

Visitor Information