Jengkol.. What a stupid virus name, Jengkol is traditional food in Indonesia,  I don’t know how to categorized this one as food or fruit… usually some people like to eat this thing but I’m not those crazy one. THE SMELL *LOL*

Alright I think no need to explain more about what is jengkol ha..ha..ha..

This virus jengkol affect is it will logging off your computers once you executed .INF files or when you editing .VBS file. This virus will works by hiding all files he found with .DOC extension. You work in big company? when this happen your bos will fire you *LOL*

Alright let’s remove this virus out from your computers with 6 simple steps.

1. Unplug your computer from your local area network to stop it spreading.

2. Deactivated “System Restore” when in cleaning progress.

3. Kill virus process using 3rd party tools, Process Explorer.

4. Repair your registry changed by virus using code below, save it as anything with .VBS extension. In case this code coverting wrong download the source in HERE.

Dim oWSH: Set oWSH = CreateObject(“WScript.Shell”)
on error resume Next
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell”,”Explorer.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command\”,”C:\Windows\System32\notepad.exe %1″
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\DefaultIcon\”,”C:\Windows\System32\WScript.exe,2″
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command\”,”C:\windows\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1″
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLegacyLogonScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLogoffScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideStartupScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunStartupScriptSync”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run\JeNGKoL”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\NeverShowExt”)
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\”,”VBScript Script File”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\FriendlyTypeName”,”VBScript Script File”
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NOFind”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NORun”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\debugger”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\DisallowRun\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”)

5. Delete virus duplicated files using windows search  function, search files with:

• Using JPEG or VBS icon
• Size 14 KB
• File Type JPEG image or VBS Script file.

6. Scan with your best antivirus, antimallware, or antispyware to make sure your system clean.

Well done

SIMILAR POST :

• Stop Virus Stargate
• Remove GoldenGhost Virus W32/Agent.GYMR
• Remove virus AMBURADUL (all varian)
• Remove W32/SmallTroj.VPCG

Incoming search terms:

• jengkol
• C:\Wscript exe /e:vbs Thambs db
• how to kill watermark exe
• cara memperbaiki virus shortcut
• menghilangkan vbs
• cara menghapus virus html drop agent ab
• cara menghilangkan notepad exe
• cara menghapus fakesys wscript
• Teknik hilangkan water mark pada windors xp
• cara mengatasi rundll32 exe end program
• software untuk mengatasi end program rundll32
• cara hilangkan virus exlorer exe pada start up
• watermark virus remover
• Sysfake wscript virus
• menghilangkan virus vbscript
• owsh regwrite
• menghilangkan vbscript encoded script file dengan notepad
• menghilangkan rundll32
• menghilangkan end program rundll32 exe
• menghapus virus watermark
• menghapus virus vbscript encoded
• Menghapus permanent rundll32 exe
• mengatasi Rundll32 exe end program
• mengatasi end program rundll32
• removal for system32 db virus
• remove shellexecute=WScript exe //e:VBS thamb db
• What kind of viruse are SysFake Logoff and SysFake Wscript
• virus vbs sysfake
• thambs db virus
• thambs db vbs virus processes
• thambs db clean
• system32 db
• remove watermark virus
• sysfake wscript
• store jengkol in us
• shellexecute=wscript exe stop-virus vbs
• shellexecute=wscript exe /e:vbs thumbss db كيف امسح
• repair watermark virus registry
• repair watermark virus
• memperbaiki virus vbscript
• makanan jengkol
• cara menghilangkan rundll32 exe
• cara menghilangkan end program startup
• Cara menghapus wscipt exe
• cara menghapus virus sysfake
• cara menghapus virus ramnit dan html/drop agent dengan cmd
• cara menghapus virus html/drop agent ab dan WR/ramnit
• cara menghapus merepair virus sysfake logoff pada system
• cara mengatasiend program rundll32 exe
• cara mengatasi End Program-rundll32 exe
• cara mengapus rundll32 exe
• Cara menangani virus html drop agent
• cara memperbaiki vbscript encoded script
• cara hilangkan end program
• cara menghilangkan VBScript Encoded Scripf File
• cara menghilangkan virus desktop vbscript script file
• cara menghilangkan virus system32
• kill virus watermark
• image buah jengkol
• html drop agent ab removal
• how to kill watermark virus
• how to kill watermark exe removebale download
• hilangkan virus watermark
• hilangkan html/drop agent AB
• gambar cara menghapus virus VBscript Encoded Script file
• FakeSys Logoff virus
• efek virus watermark exe
• cleaning virus watermark
• cara nak uji anti virus
• cara menghilangkan virus vbs sysfake
• cara hapus autorun inf melalui notepad remove bat

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Friday, November 28th, 2008 at 1:33 PM and is filed under Computer And Internet, Personal, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.