Remove Virus Downadup.C , Conficker , Kido


Seperti yang kubahas di Microsoft vs Virus Downadup, Conficker, Kido tentang saling serang antara virus worm downadup, conficker, kido dengan Microsoft dengan beberapa perusahaan antivirus dan security. Dan Varian Virus Downadup.C , Conficker , Kido tentang munculnya varian baru virus downadup, conficker, kido yang ditemukan oleh beberapa perusahaan antivirus terkemuka.

Maka disini akan kami bahas, cara me remove varian dari virus ini yang dapat kita lakukan, walaupun untuk menuju remove yang benar-benar bersih masih dalam penyelidikan perusahaan antivirus terbesar terutama symantec

REMOVAL  BY SYMANTEC

1. Disable System Restore (Windows Me/XP).

When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents.

2. Update the virus definitions.

Running LiveUpdate, which is the easiest way to obtain virus definitions.

3. Find and stop the service.

  1. Click Start > Run.
  2. Type services.msc, and then click OK.
  3. Locate and select the service that was detected.
  4. Click Action > Properties.
  5. Click Stop.
  6. Change Startup Type to Manual.
  7. Click OK and close the Services window.
  8. Restart the computer.

4. Run a full system scan.

Start your antivirus program and make sure that it is configured to scan all the files. Run a full system scan. If any files are detected, follow the instructions displayed by your antivirus program. After the files are deleted, restart the computer in Normal mode and proceed with the next section. Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following :
Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

5. Delete any values added to the registry.

  1. Click Start > Run.
  2. Type regedit
  3. Click OK.
  4. Navigate to and delete the following registry subkeys :
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\[CLSID 1]
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\[CLSID 1]
  5. Navigate to and delete the following registry entries:
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\”[RANDOM CHARACTERS]” = “rundll32.exe “[RANDOM DLL FILE NAME]“, [RANDOM PARAMETER STRING]“
    • HKLM\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]\”ImagePath” = “%System%\svchost.exe -k netsvcs”
    • HKLM\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]\Parameters\”ServiceDll” = “[PATH TO THE THREAT]“
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\[CLSID 2]\”[WORD 1][WORD 2]” = “[BINARY DATA]“
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\[CLSID 2]\”[WORD 1][WORD 2]” = “[BINARY DATA]“
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\[CLSID 2]\”[WORD 1][WORD 2]” = “[BINARY DATA]“
    • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\[CLSID 2]\”[WORD 1][WORD 2]” = “[BINARY DATA]“
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\[CLSID 2]\”[WORD 1][WORD 2]” = “[BINARY DATA]“
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\[CLSID 2]\”[WORD 1][WORD 2]” = “[BINARY DATA]“
  6. Restore the following registry entries to their previous values, if required:
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”Windows Defender”
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC}
    • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
  7. Exit the Registry Editor.

    Note: If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it is possible that it created them for every user on the compromised computer. To ensure that all registry subkeys or entries are removed or restored, log on using each user account and check for any HKEY_CURRENT_USER items listed above.


Post Update :
Date : Monday, July 28, 2014 - Senin, 28 Juli 2014
Posted in: Antivirus, Virus



Related posts "Remove Virus Downadup.C , Conficker , Kido":


5 Comments on "Remove Virus Downadup.C , Conficker , Kido"

Trackback | Comments RSS Feed

  1. Sweet says:

    Perkembangan varian baru dari virus membuat pusing kepala apalagi kalo kita sulit update anti virus yang terbaru bisa-bisa varian baru tersebut cepat menyebar menyerang PC. Kalo bisa sekali-kali ditampilkan update terbaru dari antivirus yang biasanya banyak digunakan seperti AVG atau Symantec. So, yang ditampilkan tidak hanya informasi terkini perkembangan virus saja tapi juga jalan praktis untuk mencegah dan membrantas varian baru tersebut. Apalagi kalo ada layanan jasa gratis untuk memperbaiki PC yang terinfeksi virus, itu tambah sip………. he…he…he…

    [Reply]

  2. Alif FT says:

    kemaren ada client yang kena conficker, tapi langsung kedetek sama ancav+avast :)

    [Reply]

  3. Carroll B. Merriman says:

    Have bookmarked this for later read. Cheers

    [Reply]

  4. eddy prasetyo says:

    MSE – Microsoft anti virus bro.. top banget deh !

    [Reply]

Post a Comment


4 + = 8