Mengatasi virus mc~.vbe

tools yg diperlukan :
1. the killer machine
2. hijackthis
3. sysexplore
4. fix.reg /ansav
5.flash disinfector
semua dari halaman 1

  • 1. jalanin hijack this..
    ntar keluar log kayak gini

    hijack_sample:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:07:32 AM, on 9/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual Machine Additions\vmusrvc.exe
    C:\WINDOWS\System32\WScript.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Virtual Machine Additions\vmsrvc.exe
    C:\Program Files\Virtual Machine Additions\vpcmap.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wscript.exe
    C:\WINDOWS\System32\WScript.exe
    C:\Documents and Settings\niezha\Desktop\Anti Virus\Killer Machine 4\Mesin Pembunuh_gunakanlah software oroginal ato free software hhe pesan ini dipersembahkan oleh cowok paling ganteng se-tangerang bersemangat-jadi diri sendiri dan sll optimis.exe
    C:\Documents and Settings\niezha\Desktop\Anti Virus\HijackThis\hijackthis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:Blank
    O4 – HKLM\..\Run: [VMUserServices] C:\Program Files\Virtual Machine Additions\vmusrvc.exe
    O4 – HKLM\..\Run: [vr64] C:\WINDOWS\system32\prnjobt.vbe
    O4 – HKCU\..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\ypager.exe” -quiet
    O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
    O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
    O7 – HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    O7 – HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

    O23 – Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) – TuneUp Software GmbH – C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    kl udah save trus copy yg ane biruin C:\WINDOWS\system32\prnjobt.vbe(click kanan copy)..trus yg ada warna2 nya di fix pk hijackthis

  • 2. jalanin the killer machine
    pilih virus removal>browse from disk>copy paste yg C:\WINDOWS\system32\prnjobt.vbe..click yes i’m sure tungguin aja ampe kelar ..
  • 3 jalanin ansav>plugin>registry Fx>Check all>restart explorer
  • 4. jalanin process explorer / taskmanager>>kadang ngk keliatan di task manager..jd mending process explorer..

    sampe sini semua fungsi dah balik..cm masih ada yg ngeganggu..kl click langsung drive c tuh virus balik lagi beserta file autorun.inf n Mc~.vbe yg dibuat ky folder trus hidden..

    so jgn lgs buka drive c ..kill wscript.exe pk process explorer tadi..udah.. click kanan drive c>explore..cari file autorun.inf sama Mc~.vbe control+click file nya hapus

  • 5. jalanin flash disinfector..tunggu ampe kelar..restart..mudah2an bisa lagi ..note kl ada lebih dari satu drive explore semua nya trus apus file2 tad
Iklan

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: