H-Net* Berhati - hati dengan attachmen Navidad

[vpp10]

Assalamualaikum,   Rakan Hizbi.net sila berhati - hari dengan e-mail dari saudara Tharmizi dan Dasmin   Jika mengalami masalah sila rujuk artikel dibawah:   W32.Navidad Fix Tool This tool repairs damage done by the W32.Navidad worm. Please click here for manual removal instructions. To use the tool, first download the fixnavid.com file to the Windows Desktop. (Netscape users: right-click on the link and choose "Save Link As..."). This file can be saved to an alternate folder; and if an alternate folder is used you will need to launch this program from that folder rather than the desktop folder. If the file has been saved to the Windows Desktop folder an icon for this program will appear on your desktop. Please note that this program has a ".com" extension and not a ".exe" extension. It is important that this extension be preserved. After the file finishes downloading launch the program by double-clicking on the fixnavid icon that appears on the desktop. If you saved this program to an alternate folder you will need to open the appropriate folder via the "My Computer" window and launch the program from that alternate folder. What the tool does After running the W32.Navidad Fix Tool, you will be able to launch programs just as your were able before W32.Navidad infected your computer. The following registry keys are removed: The value Win32BaseServiceMOD is removed from the following key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run HKEY_USERS\DEFAULT\Software\Navidad on Windows 95 and Windows 98 systems. HKEY_CURRENT_USER\Software\Navidad on Windows NT and Windows 2000 systems. The value of HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ exefile\shell\open\command is restored to "%1" %*" on Windows 95 and WIndows 98 systems. The value of HKEY_CLASSES_ROOT\exefile\shell\ open\command is restored to "%1" %*" on windows NT and Windows 2000 systems. The file winsvrc.vxd is removed from the Windows system directory. To verify the digital signature of fixnavid.com To verify the digital signature of fixnavid.com using chktrust.exe: Download chktrust into the same folder where fixnavid.com is located: chktrust.exe Launch the MS-DOS prompt via the Start/Programs/MS DOS prompt menu. Change to the folder where fixnavid.com and chktrust.exe are stored. If the files were saved to the desktop folder on a system running Windows 95 or Windows 98 the customary command to enter in the MS DOS prompt is: cd \windows\desktop Type the following command to check the digital signature of fixnavid.com: chktrust -i fixnavid.com If the digital signature is valid you will see a dialog asking the following question: "Do you want to install and run "navidadfix" signed on 11/11/00 2:10PM and distributed by Symantec Corporation." The date and time that are displayed in this dialog will be adjusted to your timezone if your computer is not set to the Pacific time zone. For example, if you live in the Eastern time zone the date and time you will see will be 11/11/00 5:10PM. *If you have the Daylight Savings feature activated on your computer's clock, the time displayed will be exactly one hour earlier. You might also see the text message "Result:0" displayed following the command line. If you do, then the test is positive and the file is confirmed as being from Symantec. If this dialog or text message do not appear or the date and time are not properly adjusted for your timezone do not use your copy of fixnavid.com. It is not from Symantec. If this dialog appears and the text is correct for your timezone this copy of fixnavid.com is from Symantec. Click the "Yes" button to dismiss the chktrust dialog. Type exit and then press the enter key. This will terminate the MS DOS session. Updated: November 11, 2000