How To Remove Completed Copy of Shortcut + virus Recycler (W32/Ramnit) - How To Remove Virus 2012 New Shortcut shortcut does not interfere with the virus but the computer system so we are especially annoying virus Hidden files always to us that it is as - if this virus had to delete our files. The following is a shortcut way of eliminating the virus ;
*Turn off system restore first computer we do right click on the icon My Computer, Properties, click the System Restore tab and then provide a check in the Turn Off System Restore on All Drives and click OK.
* Turn off the process of Wscript file located in C: \ Windows \ System32, by using tools such as CProcess, HijackThis or can also use the Task Manager of Windows.
* Once off the process of Wscript, we have to delete or rename the file so no use for a while by the virus. For the record, if we rename the file Wscript.exe with automatic, it will dicopykan again in the folder. Therefore, we must find where the file Wscript.exe others, usually in C: \ Windows \ $ NtServicePackUninstall $, C: \ Windows \ ServicePackFiles \ i386. Unlike other VBS viruses, we can change the Open With from the VBS file into Notepad, this virus is a significant berextensi MDB Microsoft Access file. So Wscript database.mdb file will run as if he is VBS file.
* Delete the parent file in C: \ Documents and Settings \ \ My Documents \ database.mdb, so every time the computer starts will not load the file. And do not forget we are also open MSCONFIG, disable the run command.
* Now we are going to delete the autorun.inf files. Microsoft.inf and Thumb.db. The trick, click the START button, type CMD, moved to the drive to be cleaned, such as drive C: \, then we have to do is:
Type C: \ del Microsoft.inf / s, this command will delete all files in all folders microsoft.inf on drive C:. Meanwhile, if you want to move the drive to live just renamed drive letter eg D: \ del Microsoft.inf / s. For the autorun.inf file, type C: \ autorun.inf del / s / ah / f, the command will delete the file autorun.inf (syntax / ah / f) is used as the file is taking attrib RSHA, as well as to file Thumb . db do the same thing too
* To download these files delete files older than 4, we must find a way to search the file extension. Lnk size 1 kb. In the 'More advanced options' make sure the option 'Search System Folders "and" Search hidden files and folders' are both checked.
"Please be careful, not all shortcut files / LNK file size of 1 kb is a virus, we can distinguish it from the icon, size and type. For virus created shortcut icon always use the icon 'folder', a 1 kb and type 'shortcut '. While the correct folder should not have' size 'and the type is' File folder'. "
* Fix registry has been changed by the virus. To speed up the process of repair registry copy the script below on the program 'notepad' and save it with the name 'Repair.inf'. Execute the following ways:
Right click repair.inf
Click Install
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom
DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"
[del]
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Winupdate
HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Run, explorer
I hope this can help you
hello
ReplyDeletecan u make the video