Home > Komputer, Tips & Trik > Cleaning Tips “Sandra Dewi Bugil ” Viruses

Cleaning Tips “Sandra Dewi Bugil ” Viruses

SandraDewi_bugil

Just like other viruses in general, the virus Sandra Dewi use a removable flash disk drive alias as the distribution itself.

File that will create a virus that is in Sandra Dewi Bugil.exe

Pembersihannya following steps:

* We disconnect the computer that will be cleared from the network.

* Turn off ‘System Restore’ for the virus cleaning process (for Windows XP / Vista)

* Turn off the virus active in memory. Use tools for task managers, such as Process Explorer (can be downloaded at the following address) http://www.sysinternals.com/utils/index.html

* Perform kill process, in some file that the virus is active are:
o C: \ Documents and Settings \% username% \ Start Menu \ Programs \ Startup \ Sandra Dewi Bugil.exe
o C: \ WINDOWS \ Sandra Dewi Bugil.exe (see figure 10)

* Clear registry string that has been created by the virus. To facilitate the registry can use the script below.

[Version]
Signature=”$Chicago$”
Provider=Vaksincom Oyee

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCR, batfile\shell\open\command,,,”””%1″” %*”
HKCR, comfile\shell\open\command,,,”””%1″” %*”
HKCR, exefile\shell\open\command,,,”””%1″” %*”
HKCR, piffile\shell\open\command,,,”””%1″” %*”
HKCR, lnkfile\shell\open\command,,,”””%1″” %*”

HKCR, scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, “Organization”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, “Owner”
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00010001,1
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0×00010001,2
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableMsConfig
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Policies\Microsoft\Windows\system, DisableCMD
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoClose
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoControlPanel
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoStartMenuMorePrograms
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoViewContextMenu
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoViewOnDrive
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, StartMenuLogoff

Use the notepad, then save with the name ‘repair.inf’ (use the Save As Type option to be All Files so that the error does not occur). Repair.inf run with a click on the File menu in Windows Explorer and select install. Repair.inf should create a file on the computer clean, so that the virus is not active.

* Delete the file that the virus has characteristics as follows:
Icon + images (JPEG Image)
Exe Extension +
+ Size 132 kb

Note:
o We recommend that show hidden files in order to simplify the search process in the virus file.
o To facilitate the search process should use the “Search Windows” with the filter *. exe files that have a size of 133 KB.
o Delete the file that the virus usually have the same modified date. (see figure 11)

* For optimal cleaning and prevent re-infection, you should use the anti-ter-virus update and recognize this well. You can also use tools Norman Malware Cleaner which you can download the http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe

list the names of viruses and crc32

From gadiswanita

  1. August 19, 2009 at 17:28

    punctilious post. simply one decimal where I bicker with it. I am emailing you in detail.

  2. Aan
    August 22, 2009 at 04:32

    Thankyou. Mey i can remove viruses from pc by myself

  3. September 4, 2009 at 10:59

    Sorry for my bad english. Intresting title. It attracted me to read the complete post. Thanks

  4. September 7, 2009 at 20:27

    Very helpful post but there are some burden where I will not agree. But all-inclusive its altogether good.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: