Identify the name of the virus. I usually use systeminternals the manager know the name of the virus. if they can not even access the software then tell me what the virus is doing with your PC then i will help you determine your name. Killing the running process of the virus on your PC ... For example, if the virus is running under iph.exe process then kill the task. Remove the virus back up your hard drive to WipEout potential future threats. Redesign of the previous damage done by the virus as mission-manager with disabilities, autoruns virus, and so on.
First open the notebook, then type the following, as I have done everything possible to kill the virus process running in the background.
@ECHO OFF
TASKKILL /F /IM "RUNDLL32.EXE"
TASKKILL /F /IM "DRWTSN32.EXE"
TASKKILL /F /IM "RAVMON.EXE"
TASKKILL /F /IM "NEW FOLDER.EXE"
TASKKILL /F /IM "NEWFOLDER.EXE"
TASKKILL /F /IM "WINFILE.EXE"
TASKKILL /F /IM "SCVSHOSTS.EXE"
TASKKILL /F /IM "SCVVHSOT.EXE"
TASKKILL /F /IM "SSCVIHOST.EXE"
TASKKILL /F /IM "SVCHSOT.EXE"
TASKKILL /F /IM "SCVHOSTS.EXE"
TASKKILL /F /IM "SXS.EXE"
TASKKILL /F /IM "BLASTCLNNN.EXE"
TASKKILL /F /IM "SCCVIHOST.EXE"
TASKKILL /F /IM "FUN.EXE"
TASKKILL /F /IM "RMHOST.EXE"
TASKKILL /F /IM WSCRIPT.EXE
TASKKILL /F /IM IMAPD.EXE
TASKKILL /F /IM DXDLG.EXE
Remove possible virus backups from the hard disk. Here is the piece of code that I used.
DEL "%WINDIR%\RAVMON.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\NEW FOLDER.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\NEWFOLDER.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\WINFILE.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SCVSHOSTS.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SCVVHSOT.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SSCVIHOST.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SSCVIHOST.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SCVHOSTS.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SVCHSOT.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SXS.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\RUN.WSH" /F /Q /S /A H R S A
DEL "%WINDIR%\KERNEL32.SYS" /F /Q /S /A H R S A
DEL "%WINDIR%\XMSS.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\BLASTCLNNN.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SCCVIHOST.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\KINZA.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\FUN.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\ISETUP.VBS" /F /Q /S /A H R S A
DEL "%WINDIR%\RMHOST.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SYS.VBS" /F /Q /S /A H R S A
DEL "%WINDIR%\BOOT.VBS" /F /Q /S /A H R S A
DEL "%WINDIR%\SOVITTAMRAKAR.EXE" /F /Q /S /A H R S A
Now we're going to repair the row that the virus had damaged.
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_Binary /v NoDriveAutoRun /f /d ffffff03
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoDriveTypeAutoRun /f /d 36
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisbleRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0
Tidak ada komentar:
Posting Komentar