Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Hardisk Problem

    Încărcat de

    seno
    12 vizualizări2 pagini
    hardisk problem

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    TXT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    hardisk problem

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    12 vizualizări2 pagini

    Hardisk Problem

    Încărcat de

    seno
    hardisk problem

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 2

    Cara membersihkan W32/FakeAV.

    AESL
    Lakukan pembersihan pada mode safe mode
    Disable System Restore untuk sementara selama proses pembersihan dilakukan
    Matikan proses virus dengan nama [6DSS92c31Apgjk.exe]. Untuk mematikan proses in
    i sebaiknya gunakan tools selain Task Manager, seperti ProceeXP (http://technet.
    microsoft.com/en-us/sysinternals/bb896653)
    Repair registry Windows yang sudah dibuat oleh virus. Untuk mempercepat proses p
    enghapusan salit script dibawah ini pada program notepad kemudian simpan dengan
    nama REPAIR.INF. Install dengan cara: Klik kanan REPAIR.INF | Klik INSTALL
    [Version]
    Signature="$Chicago$"
    Provider=Vaksincom Oyee 2012
    [DefaultInstall]
    AddReg=UnhookRegKey
    DelReg=del
    [UnhookRegKey]
    HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
    HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
    HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ShowSuperHidde
    n,0x00010001,1
    HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,SuperHidden,0x
    00010001,1
    HKLM, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHi
    dden, UncheckedValue,0x00010001,1
    HKLM, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFil
    eExt, UncheckedValue,0x00010001,0
    [del]
    HKCU, Software\Microsoft\Windows\CurrentVersion\Run, BFwoCYFrNlwR.exe
    HKU, S-1-5-21-842925246-1383384898-1343024091-1003\software\microsoft\windows\cu
    rrentversion\run, BFwoCYFrNlwR.exe
    HKLM, SOFTWARE\Microsoft\ESENT\Process\BFwoCYFrNlwR
    HKLM, SOFTWARE\Microsoft\ESENT\Process\6DSS92c31Apgjk
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop, NoChangi
    ngWallPaper
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Associations, LowRiskFi
    leTypes
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Attachments, SaveZoneIn
    formation
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDesktop
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptio
    ns
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistry
    Tools
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoFolderOptio
    ns
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system, DisableRegistry
    Tools
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system, DisableTaskMgr

    Hapus file yang dibuat oleh virus


    C:\Documents and Settings\All Users\Application Data
    o 6DSS92c31Apgjk.exe
    o BFwoCYFrNlwR.exe
    o 6DSS92c31Apgjk
    C:\Document and settings\%user%\desktop\Data Recovery.lnk (%user%, menunjukan us
    er yang digunakan saat login Windows)
    Catatan:
    Sebelum melakukan penghapusan, tampikan file yang tersembunyi dengan merubah Fol
    der Options berikut:
    o Pilih opsi Show hidden files and folders
    o Hilangkan tanda centang pada opsi Hide extension for known file types
    o Hilangkan tanda centang pada opsi Hide protected operating system files (Reco
    mmended) (lihat gambar 16)
    Tampilkan file yang disembunyikan dengan cara:
    Klik tombol [Start]
    Klik [RUN]
    Pada dialog box RUN ketik CMD kemudian tekan tombol [enter]
    Pindahkan posisi kursor pada drive yang akan di periksa (contohnya: jika drive y
    ang akan diperiksa adalah drive [C:\] maka ketik perintah C: kemudian klik tombo
    l [Enter]
    Kemudian ketik perintah ATTRIB -S -H -R /S /D kemudian tekan tombol [Enter]
    Tunggu sampai proses selesai dilakukan
    Lakukan langkah yang sama pada drive lain (lihat gambar 17)
    Untuk Mengembalikan program instalasi yang di hapus oleh W32/FakeAV.AESL copy f
    ile yang berada di direktori [C:\Documents and Settings\%user%\Local Settings\Te
    mp\smtmp] ke direktori [C:\Documents and Settings\All Users\Start Menu]
    Scan ulang dengan menggunakan antivirus yang up-to-date untuk memastikan kompute
    r benar-benar bersih dari virus

    S-ar putea să vă placă și