Cleaning VBWorm.NEE Virus (Virus Tukul)

wonk blackgak 07:28
Cleaning VBWorm.NEE Virus or VirusTukul

1. Disable - Disable Network Connetion

2. Turn Off "System Restore"

3. Kill Proccess virus with ico "Media Player"

a. Spool32.exe
b. Winword.exe

4. Copy this Script to Notepad

Dim oWSH: Set oWSH = CreateObject("WScript.Shell")
on error resume Next
oWSH.Regwrite

"HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell \open\command\
","""%1""%*"
oWSH.Regwrite

"HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell \open\command\","""%1""

%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell \open\command\","""%1""
%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell \open\command\","""%1""
%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\scrfile\shell \open\command\","""%1""
/S"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\regfile\shell \open\command\","regedit.exe
%1"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\S afeBoot\AlternateShell",
"cmd.exe"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\S afeBoot\AlternateShell",
"cmd.exe"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\S afeBoot\AlternateShell",
"cmd.exe"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\SafeBoot\AlternateShell","cmd.exe"oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell","Explorer.exe"
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\Run\Microsoft
Word")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\
Run\PrinterCpl")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Polici es\Microsoft\Windows
NT\SystemRestore\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Polici es\Microsoft\Windows\Installer\DisableMSI")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Polici es\Microsoft\Windows\Installer\LimitSystemRestoreC heckpointing")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoWinL eys")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoCont rolPanel")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoFold erOptions")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoTray ContextMenu")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoView ContextMenu")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoCLos e")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\Nofind ")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoRun" )
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\Disab leMSI")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoClo se")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoFol derOptions")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoVie wContextMenu")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoWin Leys")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoDes ktop")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NOLog off")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoWin Keys")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Micros oft\Windows\CurrentVersion\policies\Explorer\Run\" )
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\System\Disable TaskMgr")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\WinOldApp\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\DisableT askMgr")
oWSH.RegDelete("HKEY_CURRENT_USER\SOFTWARE\Microso ft\Windows\CurrentVersion\policies\Explorer\Run\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\DisableC MD")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoWinK eys")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoDesk top")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoLogo ff")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\DisableR egistryTools")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\NoDispAp prearancePage")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\NoDispCp l")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\NoDispBa ckgroundPage")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\NoDispSe ttingsPage")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\Policies\
System\NoScrSavPage")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\WinOldApp\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Classe s\exefile\NeverShowExt")
oWSH.RegDelete("HKEY_CLASSES_ROOT\exefile\NeverSho wExt")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoFol derOptions")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\policie s\Microsoft\system\DisableCMD")


5. And safe file name as Repair.vbs

6. Run repair.vbs

7. After that LogOff your Computer

8. Show Hidden and SuperHidden file:

- Open Windows Explorer
- Click menu “Tools” | Folder Option
- Click “View”
- and select “Show hidden files and folders”
- Uncheck “Hide protected operating system files (recommended)”
- Click “Apply”
- Click “Ok”

9. Delete Main Virus:

· Size = 56 KB
· Extension = .DOC .EXE
· File Type = Application
· Ico = Media Player

10. Location:

C:\Windows\SPOOL32.exe
C:\WINDOWS\system32\winword.exe
C:\Documents and Settings\%user login%
· [System Process]BabII.doc .exe
· [System Process]Fileku.doc .exe
· [System Process]Jangan di buka .doc.exe
· [System Process]Tolong.doc .exe
· [System Process]data.doc .exe
· [System Process]Desposisi.doc .exe
· [System Process]Empat Mata.doc .exe
· [System Process]benci.doc .exe
· fileku.doc.exe
· SystemData.doc .exe
· SystemTolong.doc
· sYSTEMbENCI.doc.exe
· C:\Windows\config\system32.exe
· C:\WIndows\system32\ArekSuroboyo.html
wonk blackgak

Posted by wonk blackgak

{^_^}

Post a Comment

1 Comments

Emoji
(y)
:)
:(
hihi
:-)
:D
=D
:-d
;(
;-(
@-)
:P
:o
:>)
(o)
:p
(p)
:-s
(m)
8-)
:-t
:-b
b-(
:-#
=p~
x-)
(k)