8:04 PM 2/24/2008
Cleaning manual virus (”Pendekar Blank”)
By Heddy a.k.a cambah @ deskofdesign.co.cc
1. You must have ProceXP and run it, You can download @ http://www.sysinternals.com/
2. Click @ Right and choice suspend @ blank.doc ,empty.jpg ,hole.zip,unoccupied.reg,
zero.txt
3. Next go to Controlpanel ==> Folder options, choice TAB View and @ advanced settings:
Choice Show Hidden files and folder
Unmark Hide extensions for known file types
Unmark Hide protected operating system files (Recommended)
4. Search and delete file contain of the virus :
c:\aut0exec.bat
c:\windows\system32\dllcache\Regedit32.com
c:\windows\system32\dllcache\Shell32.com
c:\windows\system32\dllcache\rund1132.exe
c:\windows\system32\dllchache.exe
c:\windows\system32\M5VBVM60.exe
c:\(Read Me)Pendekar Blank.txt
c:\windows\system32\dllchache\blank.doc
c:\windows\system32\dllchache\empty.jpg
c:\windows\system32\dllchache\hole.zip
c:\windows\system32\dllchache\msvbvm60.dll
c:\windows\system32\dllchache\unoccupied.reg
c:\windows\system32\dllchache\zero.txt
c:\windows\system32.exe
5. Clean and Repair registry
Delete HKEY_CURRENT_USER,Software\Microsoft\Windows\CurrentVersion
\Run,Secure32
Delete HKEY_CURRENT_USER,Software\Microsoft\Windows\CurrentVersion
\Run,Secure64
Delete HKEY_LOCALMACHINE,Software\Microsoft\Windows\CurrentVersion
\Run, Blank Antiviri
Change&Modif HKCR,comfile\shell\open\command,,,”"”%1″” %*”
Change&Modif HKLM,SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
Change&Modif HKLM,SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
Change&Modif HKLM ,Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit,0, “C:\Windows\system32\userinit.exe,”
Change&Modif HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced, ShowSuperHidden,0×00010001,1
Change&Modif HKLM,Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit.,0, “userinit.exe”
6. Restart yout computer
7. Enjoy
Thanks
Leave a reply