mybro terbaru (release bulan agustus) atau virus
MoonLight (removelnya bisa dibrowsing aja).
Pake SAV corporate, avg juga bisa, dengan update
terbaru.
Jangan lupa untuk mengembalikan regedit and msconfig
di kondisi semula
copy ke notepad trus di safe dengan nama repair.inf
[Version]
Signature="$Chicago$"
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM,
Software\CLASSES\batfile\shell\open\command,,,"""%1""
%*"
HKLM,
Software\CLASSES\comfile\shell\open\command,,,"""%1""
%*"
HKLM,
Software\CLASSES\exefile\shell\open\command,,,"""%1""
%*"
HKLM,
Software\CLASSES\piffile\shell\open\command,,,"""%1""
%*"
HKLM,
Software\CLASSES\regfile\shell\open\command,,,"regedit.exe
"%1""
HKLM,
Software\CLASSES\scrfile\shell\open\command,,,"""%1""
%*"
HKLM, SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot,
AlternateShell,0, "cmd.exe"
HKLM,
SYSTEM\CurrentControlSet\Control\SafeBoot,
AlternateShell,0, "cmd.exe"
[del]
HKCU,
Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU,
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU,
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoControlPanel
HKCU,
Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKCU,
Software\Microsoft\Windows\CurrentVersion\Run,MooNlight
HKCU,
Software\Microsoft\Windows\CurrentVersion\Run,payLoad
HKLM,
SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ObjectDock
HKLM, SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution
Options\Msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution
Options\regedit.exe
HKLM, SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution
Options\taskmgr.exe
Semoga membantu
*salut buat yang bikin virus ini .... (nyusahin, dan
bisa running di safe mode) usaha kerasnya berhasil
membuat banyak orang bermasalah*
Semoga bisa berubah ke jalan yang lebih baik .....
> Dear all\
>
>
> Mohon bantuannya,
> PC saya kena Virus;
>
> Nama: [tidakdiketahui]
> CIri-ciri: membuat nama folder jadi .scr
> ada file: c:\winnt\EmangEloh.exe (tidak
> bisa didelete)
> ada file: c:\winnt\SA-421844.EXE (Tidak
> bisa didelete)
> REGEDT32.exe -> tidak bisa jalan, malah terbuka
> menggunakan notepad.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia
Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED]
:: Hapus bagian yang tidak perlu (footer, dst) saat reply! ::
## Jobs: itcenter.or.id/jobs ## Bursa: itcenter.or.id/bursa ##
$$ Iklan/promosi : www.itcenter.or.id/sponsorship $$
[@@] Jaket ITCENTER tersedia di http://shop.itcenter.or.id
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ITCENTER/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
