Virus RONTOKBRO or BRONTOK
Brief Introduction:
This worm virus bertipe (can duplicate itself), and spread through
email attachment (email viruses).
Virus name: brorontok, Rontokbro, ..
The virus is spread kira2 the first time in September 2005, made by
Indonesian people because his email signature in Indonesia
and I also see the contents in the virus and binari and found
the names of the functions in an ascii code is the word language
such as keluarDOng (), etc ...
================================================== ========
Steps to clean your computer from viruses Barontok:
================================================== ========
(To win 95, 98, ME)
- Log in to safe mode: Reboot ago setelahh appear display bios
press Ctrl, select Safe mode and press enter
- Continue straight from step 5
(For Windows ME and XP)
Turn off Windows System Restore
Start-> Settings-> Control panel-> System or
Start-> Control Panel-> System
on the System restore tab ... select the option "Turn off System Restore"
(For Win 2000, XP Home / Pro, Server 2003)
1. Reboot and go into safe mode.
** Restart windows, the display appears after the BIOS and press F8, will be ad
options: Safe mode, Normal ,.... select safe mode and press enter
2. Then enter the windows login with administrator or other user of
have auth as administrator,
3. Create a new user account with the account type: Computer Administrator
ago logoff and login with the new account is created.
------------------------------------------
The Autostart virus in registry
------------------------------------------
4. Open regedit: Start menu-> Run-> Regedit.exe and press enter
In the left panel select key:
HKEY_LOCAL_MACHINE> SOFTWARE> Microsoft> Windows> CurrentVersion> Run
ago in the right pane, delete the key:
Bron-Spizaetus = "........"
In the left panel select key:
HKEY_CURRENT_USER> Software> Microsoft> Windows> CurrentVersion> Run
ago in the right pane, delete the key:
Tok-Cirrhatus = "......"
** Note:
If regedit can not be opened (error messages appear) .. This is
one due to virus barontok.
For files that have been made to overcome the problem page:
After the detach, right-click the file page and select "Install .."
ago continue step 4.
------------------------------------------------
The Autostart virus in Scheduled task
------------------------------------------------
5. Open Secheduled Task in the Control Panel:
Start-> Settings-> Control Panel-> Scheduled Task and press enter
Remove the task with the name "At1" or anything related to the virus.
Tip: Right-click the task-> properties, then see if the content and properties
ad contents of suspicious command example: BArontok.com, etc. .. remove
task is.
-------------------------------------------------- -------
Search and Delete files in the drive virus computer
-------------------------------------------------- -------
6. Enable the option Show hidden Files and Extension:
Start-> Settings-> Control panel or
Start-> Control Panel
Folder Options and click on the tab view options switch:
1. Show hidden files & Folders
and turn off the option
2. Hide Extensions for known file types
3. Hide Protected Operating System
7. Use Windows File Search:
Start-> Search and press enter
Search in all the ad windows drive: C, D, ....
Search for in the input files or folders names include:
*. exe
ago in the search options select option Size Range-> At most: 81 Kb
on the Advanced Options and select the option Search system folders,
search hidden files & folders, subfolders search
other options leave blank
Then click search now ..
In the search results in the right panel delete all the files:
1. size 80 kb ACCURATE AND
2. file its berekstensi *. exe / *. pif / *. com / *. bat AND
3. It has a file folder icon / windows directory
** Attention: delete only the files that meet ALL the above conditions
and NOT the one that meets only.
(Files that are frequently found: Barontok.com, ElnorB.exe, find this file)
* Tip: Sort search results based on size for easy
elimination
* Note: This is a heuristic based on experience
and experiments (eg: they found that virus-sized page 80 Kb)
selected for search is faster than the file see the pattern
satu2 manually:-p
7. Repeat steps 7 to-top search with the input file: *. pif, *. com, *. bat
8. Reboot and enter the windows as usual.
Tidak ada komentar:
Posting Komentar