Clean Virus DEADLOCK, manually
>> Thursday, August 20, 2009
Be a positive message with the words that inspire patriotism. But, be happy, sweet words that brought a new local computer virus called Deadlock. See the message below.
Free our country from Terrorism Indonesia, anarchist, and KKN (collusion, corruption & nepotism) in the Kubu Government of the Republic of Indonesia (Civil, military & police) and the catch, and fight Penjarakan? Without exception. Clean us from Portitusi Affairs, Social Gambling and Crime. Merdekakan ourselves from poverty, misery and injustice! Democratic Party together? SBY & Boediono, Indonesia Joint Building Fair, & Makmur Sejahtera
Atas Nama Bangsa Indonesia (Top Names of Indonesia)
Pangerant Deadlock (Prince DEADLOCK)
I'm Everyone, No one but
I'm Everything, but nothing
I'm Everywhere, but nowhere
If your computer suddenly displays an image by displaying the message (see image 1), you are advised to immediately take action. The computer you already attacked the virus is active and off.
The virus will display the message in the desktop has been taken over. Usually this message appears only in the time specified. Along with the emergence of this message and all files on all drives will be deleted, including the program and the Windows file system.
For clean virus deadlock from your computer with manual. so follow intruction below :
1. Disable [System Restore] during the cleaning process. Enter the menu Start>> Control Panel>> System>> System Restore>> Select turn off
2. Turn off the virus active in memory, use Task Manager replacement tools, such as Process Explorer, and then turn off the process that has the name mysql.exe and apache.exe
Please download these tools on the following url: here
3. So that this virus can not be active again should block the file before the execution can not be registered with the Software Restriction Policies. This feature only exists on the computer with the operating system Windows XP Professional / Windows Server 2003/Windows Vista and Windows Server 2008, the following manner:
- Click the [Start]
- Click the [Run]
- In the RUN dialog box, type the command SECPOL.MSC and click the [OK] button
- After the screen appears the Local Security Settings, right-click on Software Restriction Policies menu and click Create New Policies
- At the Software Restriction Policies menu, click Additional Rules
- Right-click on Additional Rules and select New Hash Rule ..., then the display appears akan New Hash Rule
- In the column hash files click the Browse button and navigate to the directory [C:-Windows-system32-apache.exe]
- Then click the button [Open]
- In the column-level select Security [Disallowed]
- In the description column should be filled or emptied only
- Click [Apply]
- Click [Ok]
Note:
If your computer is not installed Windows XP Professional/2003 Server/Vista/2008 skip this step.
4. Delete the registry string is modified by the virus. To speed up the process of repairing copy the script below on the notepad program and save it with the name repair.inf then run the file with the
- Right-click the file repair.inf
- Click [Install]
[Version]
Signature="$Chicago$"
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software-CLASSES-batfile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-comfile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-exefile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-piffile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-regfile-shell-open-command,,,"regedit.exe "%1""
HKLM, Software-CLASSES-scrfile-shell-open-command,,,"""%1"" %*"
HKLM, SOFTWARE-Microsoft-Windows NT-CurrentVersion-Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM-ControlSet001-Control-SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM-ControlSet002-Control-SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot, AlternateShell,0, "cmd.exe"
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-policies-Explorer, NoDriveTypeAutoRun,0x000000ff,255
[del]
HKCU, Software-Microsoft-Windows-CurrentVersion-Run, apache
HKLM, Software-Microsoft-Windows-CurrentVersion-Run, mysql
Free our country from Terrorism Indonesia, anarchist, and KKN (collusion, corruption & nepotism) in the Kubu Government of the Republic of Indonesia (Civil, military & police) and the catch, and fight Penjarakan? Without exception. Clean us from Portitusi Affairs, Social Gambling and Crime. Merdekakan ourselves from poverty, misery and injustice! Democratic Party together? SBY & Boediono, Indonesia Joint Building Fair, & Makmur Sejahtera
Atas Nama Bangsa Indonesia (Top Names of Indonesia)
Pangerant Deadlock (Prince DEADLOCK)
I'm Everyone, No one but
I'm Everything, but nothing
I'm Everywhere, but nowhere
If your computer suddenly displays an image by displaying the message (see image 1), you are advised to immediately take action. The computer you already attacked the virus is active and off.
The virus will display the message in the desktop has been taken over. Usually this message appears only in the time specified. Along with the emergence of this message and all files on all drives will be deleted, including the program and the Windows file system.
For clean virus deadlock from your computer with manual. so follow intruction below :
1. Disable [System Restore] during the cleaning process. Enter the menu Start>> Control Panel>> System>> System Restore>> Select turn off
2. Turn off the virus active in memory, use Task Manager replacement tools, such as Process Explorer, and then turn off the process that has the name mysql.exe and apache.exe
Please download these tools on the following url: here
3. So that this virus can not be active again should block the file before the execution can not be registered with the Software Restriction Policies. This feature only exists on the computer with the operating system Windows XP Professional / Windows Server 2003/Windows Vista and Windows Server 2008, the following manner:
- Click the [Start]
- Click the [Run]
- In the RUN dialog box, type the command SECPOL.MSC and click the [OK] button
- After the screen appears the Local Security Settings, right-click on Software Restriction Policies menu and click Create New Policies
- At the Software Restriction Policies menu, click Additional Rules
- Right-click on Additional Rules and select New Hash Rule ..., then the display appears akan New Hash Rule
- In the column hash files click the Browse button and navigate to the directory [C:-Windows-system32-apache.exe]
- Then click the button [Open]
- In the column-level select Security [Disallowed]
- In the description column should be filled or emptied only
- Click [Apply]
- Click [Ok]
Note:
If your computer is not installed Windows XP Professional/2003 Server/Vista/2008 skip this step.
4. Delete the registry string is modified by the virus. To speed up the process of repairing copy the script below on the notepad program and save it with the name repair.inf then run the file with the
- Right-click the file repair.inf
- Click [Install]
[Version]
Signature="$Chicago$"
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software-CLASSES-batfile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-comfile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-exefile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-piffile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-regfile-shell-open-command,,,"regedit.exe "%1""
HKLM, Software-CLASSES-scrfile-shell-open-command,,,"""%1"" %*"
HKLM, SOFTWARE-Microsoft-Windows NT-CurrentVersion-Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM-ControlSet001-Control-SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM-ControlSet002-Control-SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot, AlternateShell,0, "cmd.exe"
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-policies-Explorer, NoDriveTypeAutoRun,0x000000ff,255
[del]
HKCU, Software-Microsoft-Windows-CurrentVersion-Run, apache
HKLM, Software-Microsoft-Windows-CurrentVersion-Run, mysql
5. Remove the main virus file in the directory
- C:-Windows-system32-apache.exe
- C:-Windows-system32-mysql.exe
6. For optimal cleaning and prevent re-infection, install and use anti-virus scan with a up-to-date.
You can also use Norman Malware Cleaner, please download the tools at the following address here
Note:
If your computer is infected Deadlock can not do this booting Windows with the error message appears NTLDR Is Missing re-install should do, while for the data that have been removed, please use your recovery with the recovery software as GetData Back / Easy Recovery / Recovery My Files, but this will not guarantee all data will be saved.
- C:-Windows-system32-apache.exe
- C:-Windows-system32-mysql.exe
6. For optimal cleaning and prevent re-infection, install and use anti-virus scan with a up-to-date.
You can also use Norman Malware Cleaner, please download the tools at the following address here
Note:
If your computer is infected Deadlock can not do this booting Windows with the error message appears NTLDR Is Missing re-install should do, while for the data that have been removed, please use your recovery with the recovery software as GetData Back / Easy Recovery / Recovery My Files, but this will not guarantee all data will be saved.
0 Comment:
Post a Comment