Cleaning Nadia Saphira Virus

wonk blackgak 07:09
cleaning nadia saphira virus without antivirus

1. Disable network connection
2. Turn Off ‘System Restore’
3. Kill virus process

=> C:\Documents and Settings\All User\Start Menu\Programs\Startup\lan.exe
=> C:\WINDOWS\system32\misconfig.exe
=> C:\WINDOWS\taskmgr.exe


4. Delete Registry Key, copy this code to Notepad or your text editor

[Version]
Signature=”$Chicago$”
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]

HKCR, batfile\shell\open\command,,,”"”%1?” %*”
HKCR, comfile\shell\open\command,,,”"”%1?” %*”
HKCR, exefile\shell\open\command,,,”"”%1?” %*”
HKCR, piffile\shell\open\command,,,”"”%1?” %*”
HKCR, lnkfile\shell\open\command,,,”"”%1?” %*”
HKCR, scrfile\shell\open\command,,,”"”%1?” %*”
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
HKLM, SOFTWARE\Classes\exefile\DefaultIcon,,,”"%1?”
HKLM, SOFTWARE\Classes\exefile,,,”Application”
HKLM, SOFTWARE\Classes\exefile,infotip,0, “prop:FileDescription;Company;FileVersion;Create;Size”
HKLM, SOFTWARE\Classes\exefile,TileInfo,0, “prop:FileDescription;Company;FileVersion”
HKCU, Software\Microsoft\Command Processor, AutoRun,0,
HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00010001,1
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0×00010001,2
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, nofind
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, nofind
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sessmgr.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPYXX.exe


5. Save file name as = repair.inf (save as = All files)

6. Right-Click "repair.inf" and select Install

7. Show Hidden and SuperHidden file:

- Open Windows Explorer
- Click menu “Tools” | Folder Option
- Click “View”
- and select “Show hidden files and folders”
- Uncheck “Hide protected operating system files (recommended)”
- Click “Apply”
- Click “Ok”



8. Search and delete file:

=> Icon = application/folder
=> Extension = *.exe OR *.ini
=> Size = 69 kb & 17 kb
wonk blackgak

Posted by wonk blackgak

{^_^}

Post a Comment

0 Comments

Emoji
(y)
:)
:(
hihi
:-)
:D
=D
:-d
;(
;-(
@-)
:P
:o
:>)
(o)
:p
(p)
:-s
(m)
8-)
:-t
:-b
b-(
:-#
=p~
x-)
(k)