ARCHAPADA.CO.NR - Cara Menghapus W32Amburadul
Virus amburadul.b menduduki peringkat pertama worm di Indonesia, kerjanya yang stealh dan memdebug hampir semua antivirus membuat virus ini aman berjalan.

Baru sadar kemarin gw kena virus yang berasal dari USB temen. Virus ini punya Ciri-ciri :
  1. Tidak bisa masuk regedit, msconfig, cmd.
  2. Setiap drive terdapat 4 file berikon jpeg dengan nama file yg berbeda-beda, selain itu juga terdapat folder images yg berisi virus tersebut yg lebih banyak lg, namun file tsb tdk di hidden.
  3. Kadang2x keluar gambar setan yg memberikan informasi ttg curhat-an dia, dan setelah hilang gambarnya komputer shutdown sendiri
Efek lainnya:
-beberapa file JPEG berubah menjadi application dg ukuran 54 KB
-System restore hilang
-Disk Defragment tidak dapat dibuka
-Install antivirus (Norman) tdk bisa..pertama aq pakai AVG & aq uninstall pun jg tdk bisa
-Install KillProcess jg tidak bisa
Meskipun pakai Pcm-av update terbaru yg juga telah dicombine dg ClamAV,tetep tidak dapat mengenal tu virus
 
Jd gmn donk? Tenang, ini dia cara ngapusnya!! Jreng..!!
 
- Disconnect komputer yang akan dibersihkan dari jaringan
- Disable “system restore” selama proses pembersihan (Windows ME/XP)
- Matikan proses virus yang aktif di memory resdent. Untuk mematikan proses tersebut gunakan tools “currprocess”. Kemudian matikan proses virus yang mempunyai icon JPG.
- Repair registry yang sudah di ubah oleh . Untuk mempercepat proses perbaikan silahkan salin script dibawah ini pada program notepad kemudian simpan dengan nama repair.inf.
- Jalankan file tersebut dengan cara:
- Klik kanan repair.inf
- Klik Install
[Version]
Signature="$Chicago$"
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, SoftwareCLASSESbatfileshellopencommand,,,"""%1"" %*"
HKLM, SoftwareCLASSEScomfileshellopencommand,,,"""%1"" %*"
HKLM, SoftwareCLASSESexefileshellopencommand,,,"""%1"" %*"
HKLM, SoftwareCLASSESpiffileshellopencommand,,,"""%1"" %*"
HKLM, SoftwareCLASSESregfileshellopencommand,,,"regedit.exe "%1""
HKLM, SoftwareCLASSESscrfileshellopencommand,,,"""%1"" %*"
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionWinlogon, Shell,0, "Explorer.exe"
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHideFileExt,CheckedValue,0x00010001,1
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHideFileExt,DefaultValue,0x00010001,1
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden, UncheckedValue,0x00010001,1
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden, CheckedValue,0x00010001,0
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden, DefaultValue,0x00010001,0
HKCU, SoftwareMicrosoftInternet ExplorerMain, Start Page,0, "about:blank"
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHideFileExt, type,0, "checkbox"
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden, type,0, "checkbox"
HKCU, Control PanelInternational, s1159,0, "AM"
HKCU, Control PanelInternational, s2359,0, "PM"
HKLM, SYSTEMControlSet001ControlSafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEMCurrentControlSetControlSafeBoot, AlternateShell,0, "cmd.exe"
HKCU, SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced, ShowSuperHidden,0x00010001,1
HKCU, SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced, SuperHidden,0x00010001,1
HKCU, SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced, HideFileExt,0x00010001,0
[del]
HKCU, SoftwareMicrosoftInternet ExplorerMain, Window Title,
HKLM, SOFTWAREPoliciesMicrosoftWindows NTSystemRestore, DisableConfig
HKLM, SOFTWAREPoliciesMicrosoftWindows NTSystemRestore, DisableSR
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskspoold.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskspool.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsconfig.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrstrui.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswscript.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmc.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsHokageFile.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRin.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsObito.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscmd.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSMP.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstaskkill.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstasklist.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKakashiHatake.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsBritney Spears-CLN.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsBritney Spears-RTP.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsboot.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsHOKAGE4.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsBritney Spears
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsBritney Spears
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAnsav.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSetup.exe,debugger
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsInstal.exe, debugger
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsInstall.exe,debugger
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsprocexp.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsiexec.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstaskmgr.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAnsavgd.exe
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegistryTools
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, NoFind
HKLM, SOFTWAREPoliciesMicrosoftWindowsInstaller, DisableMSI
HKLM, SOFTWAREPoliciesMicrosoftWindowsInstaller, LimitSystemRestoreCheckpointing
HKCR, exefile, NeverShowExt
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionRun, PaRaY_VM
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionRun, ConfigVir
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionRun, NviDiaGT
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionRun, NarmonVirusAnti
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionRun, AVManager
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem, EnableLUA
- Hapus file induk virus . Sebelum menghapus file tersebut sebaiknya tampilkan file yang tersembunyi caranya :
- Buka Windows Explorer
- Klik menu “Tools”
- Klik “Folder Options”
- Klik Tabulasi View
- Pada kolom “Advanced settings”
- Pilih opsi “Show hidden files and folders”
- Unchek “Hide extensions for known file types”
- Uncheck “Hide protected operating system files (Recommended)
Kemudian hapus file berikut:
• C:Windowssystem32~A~m~B~u~R~a~D~u~L~
• csrcc.exe
• smss.exe
• lsass.exe
• services.exe
• winlogon.exe
• Paraysutki_VM_Community.sys
• msvbvm60.dll
• C:Autorun.inf
• C:FoToKu xx-x-*.exe, dimana x menunjukan tanggal virus tesebut di aktifkan (contohnya: FoToKu 14-3-2008.exe)
• C:Friendster Community.exe
• C:J3MbataN K4HaYan.exe
• C:MyImages.exe
• C:PaLMa.exe
• C:Images
- Hapus juga file induk virus di flash disk /disket
- C:Autorun.inf
- C:FoToKu xx-x-*.exe, dimana x menunjukan tanggal virus
tesebut di aktifkan (contohnya: FoToKu 14-3-2008.exe)
- C:Friendster Community.exe
- C:J3MbataN K4HaYan.exe
- C:MyImages.exe
- C:PaLMa.exe
- C:Images
- Tampilkan file gambar yang telah disembbunyikan di Flash Disk dengan cara:
- Klik “Start” menu
- Klik “Run”
- Ketik “CMD”
- Pada Dos Prompt, pindahkan posisi kursor ke lokasi Flash Disk
kemudian ketik perintah berikut ATTRIB –s –h /s /d
- Untuk pembersihan optimal dan mencegah infeksi ulang scan dengan
antivirus yang up-to-date dan sudah dapat mengenali virus ini dengan
baik.
Semoga membantu

Today, there have been 1 visitors (3 hits) on this page!
=> Do you also want a homepage for free? Then click here! <=