Characteristic
=> Icon = Folder
=> Size = 247 kb
=> Extension = *.exe
=> File Type “Application”
Effecting
* Can't access = Task Manager, Command Prompt dan Registry Editor
* HiddenWindows function = Run, Find, Folder Options dan Log Off
* Create link http://wewe.helo_iam_hopeles_.com on Internet Explorer
* Create duplicate file on all drive folder and sub-folder
Cleaning step:
1. Disable network connection
2. Turn Off "System Restore"
3. useing SAFE MODE
4. Kill virus process on C:\WINDOWS\system32\spool\idle.exe
5. Delete Registry, copy this script on Notepad or your Text Editor
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, 0
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, StartMenuLogoff
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Repair
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Repair
6. Save file name as = Repair.inf , Right "repair.inf" and Click Install
7. Show Hidden and SuperHidden file:
- Open Windows Explorer
- Click menu “Tools” | Folder Option
- Click “View”
- and select “Show hidden files and folders”
- Uncheck “Hide protected operating system files (recommended)”
- Click “Apply”
- Click “Ok”
8. Search and delete file:
=> Size = 247 kb
=> Icon = Folder
=> Extension = *.exe
=> File Type “Application”
){kind=link}
0 Comments