OjanBlank local virus quite disturbing and potentially dangerous. This virus infiltrate from an external device connected via a USB port, like USB FlashDisk or portable hard drives.
When infecting a computer, this virus will do various things. These include monitoring whether the victim computer connected to the internet, turn off Windows Firewall, and send the data from the victim's computer to the virus creator.
Here are the steps as outlined analysts from Vaksincom, Adi Saputra, to ITGazine, Thursday (18/3/2010):
Disconnect the network connection / internet.
Turn off System Restore
Right-click My Computer, select Properties.Select the System Restore tab, put check option Turn off System restore
Click Apply, click OK.
Turn off the virus (with Command Prompt).
Click Menu [Start] à [All Programs] à [Accessories] à [Command Prompt] In the Command Prompt, type the command "Tasklist (this is to see the process of active virus is" WinGUI.exe or junx.exe) After mengetahu active viral process, turn off the virus by running / Taskkill type the following command:
Taskill o / f / im WinGUI.exe, or
Taskill o / f / im junx.exe
4. Windows Registry Repair
Fix Windows Registry which is the modification of the virus with the following steps:
a. Copy the script below using notepad:
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM \ CurrentControlSet \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ DefaultIcon ,,,""% 1 "%"
[del]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Microsoft Word Agents
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Microsoft Office Agents
b. Save the file with the name repair.inf.
Use the Save As Type option to All Files to avoid mistakes.
c. Repair.inf file right click and select install
d. Restart the computer.
5. Remove stem and file duplicate files created by the virus OjanBLANK, where the file has characteristics as follows:
File Size 224 KB
Berekstensi exe
Having a MS Word icon
Type application files.
Remove Trojan file and companion files virus, which is as follows:
C: \ WINDOWS \ system32 \ MSWINSCK.OCX
C: \ WINDOWS \ system32 \ ijl11.dll
C: \ WINDOWS \ system32 \ ms.exe
C: \ WINDOWS \ system32 \ b.doc
7. For optimal cleaning and prevent re-infection, antiviral agents should use an updated and recognize this virus very well.
Posts
0 komentar:
Post a Comment