Tuesday, February 8, 2011

8 Steps Viruses Ejecting Exploiters Windows Gap

W32/VBWorm.BEUA The presence of virus,better known as a shortcut virus that exploits the security hole is quite disturbing.For,although labeled local virus,he not only take advantage of user negligence.But has 'first class' to break through Windows security holes.

Consider the 8 practical steps to kick the virus is able to change the folder that is in the USB flash disk into the shortcut,according to Jauhar Adang Taufik,an analyst with Vaksincom:

  • Disable 'System Restore'for a while during the cleaning process.
  • Decide who will clean your computer from the network.
  • Turn off the virus active in memory by using the tools 'Ice Sword'.Once the tools are installed,select the file that has the icon 'Microsoft Visual Basic Project' and click 'Terminate Process'.Please download these tools at http://icesword.en.softonic.com
  • Delete the registry that has been created by the virus by:-.Click the [Start] -.Click [Run] -.Type Regedit.exe,and click the [OK] -.In the Registry Editor application,browse the key [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] -.Then delete the key that has the data [C:\Documents and Settings\%username%].
  • Disable the autoplay/autorun Windows.Copy the script below in notepad and then save it as repair.inf,install the files in the following manner:Right-click repair.inf->

    INSTALL

    [Version] Signature="$ Chicago $"

    Provider=Vaksincom

    [DefaultInstall]

    AddReg=UnhookRegKey

    DelReg=del

    [UnhookRegKey]

    HKLM,Software\CLASSES\batfile\shell\open\command,,,"""% 1 ""% * "

    HKLM,Software\CLASSES\comfile\shell\open\command,,,"""% 1 ""% * "

    HKLM,Software\CLASSES\exefile\shell\open\command,,,"""% 1 ""% * "

    HKLM,Software\CLASSES\piffile\shell\open\command,,,"""% 1 ""% * "

    HKLM,Software\CLASSES\regfile\shell\open\command,,,"regedit.exe"% 1 ""

    HKLM,Software\CLASSES\scrfile\shell\open\command,,,"""% 1 ""% * "

    HKCU,Software\Microsoft\Windows \CurrentVersion\Policies\Explorer NoDriveTypeAutoRun,0x000000ff,255

    HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun,0x000000ff,255

  • Delete Files parent and duplicate files are created by the virus included in the flash disk.To expedite the search process,you can use the 'Search'.Before conducting the search should show all hidden files by changing the Folder Options settings.

    Do not let an error occurs when deleting a master file and duplicate files that have been created by the virus.Then delete the master files that have virus characteristics:

    -.Icon 'Microsoft Visual Basic Project'.
    -.File Size 128 KB (for other variants will have varying sizes).
    -.Ekstesi file '.EXE' or '.SCR'.
    -.File type 'Application' or 'Screen Saver'.

    Then delete the duplicate shortcut files that have the characteristics:

    >.Folder Icon or icons >.Extension.LNK >.File Type 'Shortcut'>. 1 KB file size Delete the file.

    DLL (example: ert.dll) and Autorun.inf file on flash disk or a shared folder.Meanwhile,to avoid the virus is active again,delete the master file that has an EXE or SCR extensions first and then remove Shortcut file (.LNK).

  • Show re-folders have been hidden by the virus.To speed up the process,please download the tools Unhide Files and Folders in http://www.flashshare.com/bfu/download.html.

    Once installed,select the directory [C:\Documents and Settings] and folders that exist on the flash disk by moving into fields that are already available.In the [Attributes] clear all the options,then click the [Change Attributes].

  • Install security patches 'Microsoft Windows Shell shortcut handling remote code execution vulnerability,MS10-046'.Please download the security patch at http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx

    As usual,for an optimal cleaning
    and Preve.

No comments:

Post a Comment