Home » » Vbs Virus / Cryf.A, great Can Damage the CD / ROM DV

Vbs Virus / Cryf.A, great Can Damage the CD / ROM DV

Written By Unknown on Sunday, 26 July 2009 | 03:14



New virus has been detected from the observation Norman Security Suite, which detects the virus vbs / Cryf.A. According Vaksin.com, this virus has a lot of sophistication, such as sending the code, and the CD / DVD ROM drive and continue to open if closed will open again. Some cirri of the virus according to Vaksin.com:





* In the IE browser will display her horrific.
* HomepageIE akan changed with the message contains the "My World, Welcome, Shemale."
* There is a folder "Album sex" on each hard disk drive and the icon file in the form of Windows Media Player
* Change the file type shortcut [. Ink] to be a "Movie Clip"
* Has the file name [drvconfg.drv] or device driver that is encrypted with a file size of 218KB, so can not be read
* Hide file regedit.exe, tskmgr.exe. cmd.exe and MSConfig.exe, and form [. exe.lnk] with the same icon with the original file.
* Blocking the function of Windows, as well as tools such as antivirus PCMAV or local ANSAV
* Change the file type from "VBScript Script File" to "Application"
* On the Normal mode, mode "safe mode" and "safe mode with command prompt"
* Provides a link [ANTIVIRUS.exe] to download the removal tools to clean the computer that is infected, and will go to the website [http://www.dinamikasolusi.co.nr], which contains' campaign book using Visual Basic ', which link were created in a file that is stored in the directory [C: \ Windows \ help.htm]

How to clean virus vbs / Cryf.A:
1. Turn off the process that have a product name "Microsoft (r) Windows Script Host" with the way the process of select products that have a name "Microsoft (r) Windows Script Host", right click on the processes already in the block, select [Kill Processes Selected]
2. Block viruses use "Software Restriction Policies" (for Windows XP/2003/Vista/2008) with the type in the dialog box [Run] -> SECPOL.MSC-> Enter. Then the screen [Local Security Policy], select [Software Restriction policies], right click and select Create new policies], right-click [Additional Rule] -> [New Hash Rule].
3. The columns in the [File Hash], click [Browse] and select the file that will be blocked.
Fix Registry to run the file [FixRegistry.exe], download the 4shared.com/file/117095567/3ea8e8ce/_4__FixRegistry. Html
4. Delete files with the parent virus using a tool such as "Explorer XP (explorerxp.com / explorerxpsetup.exe)
Delete the following files:
•% drive%: \ Recycled \ S-1-5-21-343818398-18970151121-842a92511246-500 \ Thumbs.db

* Svchost.vbs
* Desktop.ini
* Drvco nfg.drv
* SHELL32.dll

•% drive%: \ Album Bokep \ Naughty America
• C: \ windows

* Appsys.exe
* Winupdt.scx
* Appopen.scx
* Windowsopen.mht
* Windows.html
* R egedit.exe.lnk
* Help.htm

• & n bsp; C: \ Windows \ system \ svchost.exe
• C: \ WINDOWS \ system32

* Taskmgr.exe.lnk
* CMD.exe.lnk
* S vchost.dls
* Corelsetup.scx
* Appsys.dls
* Kernel32.dls
* Winupdtsys.exe
* Ssmarque.scr

& Bull; C: \ Program Files \ FarStone \ qbtask.exe
• C: \ Program Files \ ACDsee \ Launcher.exe
• C: \ Program Files \ Common Files \ NeroChkup.exe
• C: \ Program Files \ ExeLauncher
•% ProgramFiles% \ drivers \ VGA \ VGAdrv.lnk
• C: \ Documents and Settings \% username% \ Desktop \ Local Disk (C). Dls
• Flash Disk%: \> Dataku Important Do not Dihapus.lnk



5. Show file [TaskMgr.exe/Regedt32.exe/Regedit.exe/CMD.exe/Logoff.ex e] is hidden by the virus, I typed in the dialog box [Run] -> type CMD-> Enter. Then, type attrib-s-h-r-regedit.exe> Enter. With the same command can be used to display the file Taskmgr.exe, cmd.exe and Logoff.exe
6. For optimal cleaning and prevent infection, please re-install and scan with the antivirus is up-to-date. If you have clean, clear and delete rule block file [WSCript.exe] which was created in step no. (2), with the type SECPOL.MSC in the box [Run] from the [Start], then press Enter. On the screen [Local Security Policy], click 2x [Software Restriction policies] -> Additional Rule] -> delete the rule that has been made.




Share this article :

0 komentar:

Post a Comment

 
Support : Indonesia Military Blog | World Military Blog |
Copyright © 2014. Indonesia Blogger - All Rights Reserved
Template Created by Mas Template
Proudly powered by Blogger