Here are 8 practical steps to kick the virus is able to change the folder that is in the USB flash disk into the shortcut:
1. Disable 'System Restore' for a while during the cleaning process.
2. Decide who will clean your computer from the network.
3. Turn off the virus active in memory by using the tools 'Ice Sword'. Once the tools are installed, select the file that has the icon 'Microsoft Visual Basic Project' and click 'Terminate Process'. Please download these tools at http://icesword.en.softonic.com/ 4. Delete the registry that has been created by the virus by: -. Click the [Start] -. Click [Run] -. Type Regedit.exe, and click the [OK] -. In the Registry Editor application, browse the key [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] -. Then delete the key that has the data [C: \ Documents and Settings \% username%].
5. Disable the autoplay / autorun Windows. Copy the script below in notepad and then save it as repair.inf, install the files in the following manner: Right-click repair.inf -> INSTALL
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer NoDriveTypeAutoRun, 0x000000ff, 255
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer NoDriveTypeAutoRun, 0x000000ff, 255
6. Delete Files parent and duplicate files are created by the virus included in the flash disk. To expedite the search process, you can use the 'Search'. Before conducting the search should show all hidden files by changing the Folder Options settings.
7. Show re-folders have been hidden by the virus. To speed up the process, please download the tools Unhide Files and Folders in http://www.flashshare.com/bfu/download.html.
8. Install security patches 'Microsoft Windows Shell shortcut handling remote code execution vulnerability, MS10-046'. Please download the security patch at http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx
0 comments:
Post a Comment