Mig33 Bogor
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Mig33 Bogor

motor matic injeksi irit harga murah
 
IndeksIndeks  Portal*Portal*  PencarianPencarian  Latest imagesLatest images  PendaftaranPendaftaran  LoginLogin  

 

 6 Langkah Membersihkan Virus 'JeNGKol'

Go down 
2 posters
PengirimMessage
wp...
Mega Member
Mega Member
wp...


Male
Number of posts : 743
Age : 41
Lokasi : Jakarta pusat
Room : Cempaka mas
Mig33 ID : wp...
Warning :
6 Langkah Membersihkan Virus 'JeNGKol' Left_bar_bleue0 / 1000 / 1006 Langkah Membersihkan Virus 'JeNGKol' Right_bar_bleue

Points : 25
Registration date : 08.10.08

6 Langkah Membersihkan Virus 'JeNGKol' Empty
PostSubyek: 6 Langkah Membersihkan Virus 'JeNGKol'   6 Langkah Membersihkan Virus 'JeNGKol' EmptyMon 08 Dec 2008, 13:08

6 Langkah Membersihkan Virus 'JeNGKol' Kompst10

Salah satu ciri komputer terinfeksi virus JeNGKol adalah komputer akan logoff jika user menjalankan file .INF dan saat user mengedit file VBS.

Virus ini akan menyembunyikan file berekstensi .DOC, dengan cara membuat file duplikat sesuai dengan nama file yang disembunyikan untuk mengelabui user. Bagaimana cara membersihkan virus ini? Ikuti langkah berikut ini:

1. Putuskan komputer yang akan dibersihkan dari jaringan (LAN).
2. Nonaktifkan "System Restore" selama proses pembersihan (Windows XP).
3. Matikan proses virus. Untuk mematikan proses virus ini dapat menggunakan tools pengganti task manager seperti "Process explorer". Silahkan downlod tools tersebut di: http://download.sysinternals.com/Files/ProcessExplorer.zip.

4. Hapus registri yang dibuat oleh virus. Untuk mempermudah proses penghapusan silahkan salin script di bawah ini pada program notepad kemudian simpan dengan nama repair.vbs, kemudiai Jalankan file tersebut (klik 2x).

Dim oWSH: Set oWSH = CreateObject("WScript.Shell")
on error resume Next
oWSH.Regwrite "HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command\","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command\","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command\","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell","cmd.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell","cmd.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell","cmd.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","Explorer.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command\","C:\Windows\System32\notepad.exe %1"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\DefaultIcon\","C:\Windows\System32\WScript.exe,2"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command\","C:\windows\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1"
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLegacyLogonScripts")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLogoffScripts")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideStartupScripts")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunStartupScriptSync")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run\JeNGKoL")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\NeverShowExt")
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\","VBScript Script File"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\FriendlyTypeName","VBScript Script File"
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NOFind")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NORun")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\debugger")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\DisallowRun\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\")

5. Hapus file duplikat yang dibuat oleh virus dengan ciri-ciri:

Menggunakan icon JPEG atau VBS
Ukuran 14 KB
Type file JPEG Image atau VbScript Script File

Untuk mempermudah proses pencarian virus, silahkan gunakan fungsi Search windows.

6. Untuk pembersihan optimal dan mencegah infeksi ulang, lindungi komputer Anda dengan anti virus yang sudah dapat mendeteksi dan membasmi virus ini.
Kembali Ke Atas Go down
aing-datang
Admin Control
Admin Control
aing-datang


Male
Number of posts : 1452
Age : 36
Lokasi : Yogyakarta tp Hum di Bogor
Room : cileungsi, bogor, jogja n all room
Mig33 ID : jendraltz_k4rgonnet
Warning :
6 Langkah Membersihkan Virus 'JeNGKol' Left_bar_bleue0 / 1000 / 1006 Langkah Membersihkan Virus 'JeNGKol' Right_bar_bleue

Points : 138
Registration date : 09.08.08

6 Langkah Membersihkan Virus 'JeNGKol' Empty
PostSubyek: Re: 6 Langkah Membersihkan Virus 'JeNGKol'   6 Langkah Membersihkan Virus 'JeNGKol' EmptyFri 12 Dec 2008, 11:47

kayakna belum kena ma neh virus n mudah2an gak kena dah amit2... 6 Langkah Membersihkan Virus 'JeNGKol' 438431
Kembali Ke Atas Go down
http://www.mig33bogor.forumid.net
 
6 Langkah Membersihkan Virus 'JeNGKol'
Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» 5 Langkah Membersihkan Virus Doraemon
» 7 Langkah Membersihkan Virus Donal Bebek
» [color=red]6 Langkah Membersihkan Virus 'CNN' [/color]
» 7 Langkah Menghilangkan Virus Rieysha
» 7 Langkah Membasmi Virus 'K0pL4xZ'

Permissions in this forum:Anda tidak dapat menjawab topik
Mig33 Bogor :: COMPUTER :: Tric and Codes-
Navigasi: