6 Step to: Remove Jengkol Virus

Jengkol.. What a stupid virus name, Jengkol is traditional food in Indonesia, I don’t know how to categorized this one as food or fruit… usually some people like to eat this thing but I’m not those crazy one. THE SMELL *LOL*

jengkol

Alright I think no need to explain more about what is jengkol ha..ha..ha..

This virus jengkol affect is it will logging off your computers once you executed .INF files or when you editing .VBS file. This virus will works by hiding all files he found with .DOC extension. You work in big company? when this happen your bos will fire you *LOL*

Alright let’s remove this virus out from your computers with 6 simple steps.

1. Unplug your computer from your local area network to stop it spreading.

2. Deactivated “System Restore” when in cleaning progress.

3. Kill virus process using 3rd party tools, Process Explorer.

4. Repair your registry changed by virus using code below, save it as anything with .VBS extension. In case this code coverting wrong download the source in HERE.

Dim oWSH: Set oWSH = CreateObject(“WScript.Shell”)
on error resume Next
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell”,”Explorer.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command\”,”C:\Windows\System32\notepad.exe %1″
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\DefaultIcon\”,”C:\Windows\System32\WScript.exe,2″
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command\”,”C:\windows\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1″
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLegacyLogonScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLogoffScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideStartupScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunStartupScriptSync”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run\JeNGKoL”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\NeverShowExt”)
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\”,”VBScript Script File”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\FriendlyTypeName”,”VBScript Script File”
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NOFind”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NORun”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\debugger”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\DisallowRun\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”)

5. Delete virus duplicated files using windows search function, search files with:

Using JPEG or VBS icon
Size 14 KB
File Type JPEG image or VBS Script file.

6. Scan with your best antivirus, antimallware, or antispyware to make sure your system clean.

Well done

Share |

toy suppliers

SIMILAR POST :

SEARCH ENGINE KEYWORD RESULTS :

Gameeeeeee vbs sample
jengkol net sitemap
hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsinstall exe
gambar jengkol
how to remove regedit32 exe
regdelete VBSCRIPT
gameeeeee regedit32
rundll32 exe virus removal
disable regedit virus via vbscript
virus pada gayam
buah gayam
download code gameeeeeee vbs
virus rundll32 exe removal
vbscript currentversionpoliciesexplorer
virus image file execution options
regedit32 exevirus
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFind
HKey_local_machineSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun
regdelete nofolderoptions
systemRunLogonScriptSync
currentversionimage file execution optionssetup exe
REG DELETE HKCUSoftware
modify registry exefileshellopencommand vbscript
rundll32 exe HKEY_CURRENT_USER
cmd exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell
antimallware removal
regedit32 virus
how to delete vbscript virus
regedit HKEY_LOCAL_MACHINE NoRun
HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem DisableRegedit
CreateObject(wscript shell) RegDelete (HKLMSoftwareMicrosoftWindowsCurrentVersionRun
oWSH RegWrite
regdelete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
shell regedit virus
alternateshell cmd exe
HKEY_LOCAL_MACHINESOFTWAREClassesUnknownshellopencommand
SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDrives script
curPageURL pagerank php
restore HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
virus regedit32
jengkol virus
how to remove hkey_local_machinesoftwaremicrosoft windows nt currentversion image file virus
regedit32 exe virus removal
jengkol
how to eat jengkol
regedit32 virus how to remove
remove regedit32
vbscript registry changed
current version run regedit32
currentversion/run regedit32
How to remove regedit32 exe virus
nofolderoptions virus
how to get rid of regedit32 virus
hkey_local_machinesoftwaremicrosoftwindowscurrent versionrun regedit32
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun missing
regedit32 exe removal steps
regedit 32 virus
antimallware
regdelete vbs
hklm software windows currentversion run regedit32
jengkol remove
RegDelete vbs
regdelete c
how to remove shell command in HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun
vbscript script file gadis indonesia
wscript exe RegDelete vbs
:Jengkol
regedit32 virus fix
regwrite vbscript
how to remove cmd exe virus
cahing adsense check in china
virus removes image files
Image File Execution Options vbscript
current version run regedit 32 regedit exe
searchenginekeyword net verwijderen
searchenginekeyword net
vbscript virus removes images
regedit virus jengkol
searchenginekeyword net virus
searchenginekeyword
http://searchenginekeyword net/ virus
removing searchenginekeyword net
what is searchenginekeyword net
http://searchenginekeyword net
http://searchenginekeyword net/
Jengkol virus
searchenginekeyword net remove
remove searchenginekeyword net
rundll32 exe vbs
alternateshell missing
step to remove rundll32 virus
regedit32 current version run
hkey_current_user software microsoft windows currentversion policies explorer nofind windows 2008
searchenginekeyword net רקצםהק
remove http://searchenginekeyword net
res://rstrui exe/watermark jpg
searchenginekeyword net/
petai jengkol
regedit32 فيروس
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun regedit exe msconfig exe
SEARCHENGINEKEYWORD
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorernodrives script
remove searchenginekeyword
how can i remove chaina virus script
delete searchenginekeyword net
HKLM vbscript HKEY_current
how to remove searchenginekeyword net
haha-ha com/image php?= virus how to remove it
searchenginekeyword virus
SearchEngineKeyword
probleme http://searchenginekeyword net
SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemEnableLua
contents of gayam fruit
regedit32 virue
http://haha-ha com/image php?
which virus affects cmd exe regedit exe and msconfig exe
remove SearchEngineKeyword net
missing regedit32 exe
eat jengkol
virus safeboot alternate shell cmd exe
Remov Fruity Search virus
how to remove sg1 exe
how to remove registry virus
antivirus jengkol
how to clean virus hkey
eliminate searchEngineKeyword net
cmd regedit not working virus HKEY
sg1 exe
curpageurl php not working in IE

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Friday, November 28th, 2008 at 1:33 PM and is filed under Computer And Internet, Personal, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

» 6 Step to: Remove Jengkol Virus » Istanto Blogs » Free Software Says:
November 29th, 2008 at 7:00 AM

[...] news by unknown « Cram v.1.1 Reviewed! | BlackBerry Cool Tony Dye: Best Practices Handbook for [...]

Budi Says:
November 30th, 2008 at 3:14 AM

That picture pete .. not jengkol .. hehehe

thank you for her source remover jengkol hehe … good

istanto Says:
November 30th, 2008 at 4:12 AM

ha .. ha .. ha .. This image instead jengkol? I understand that the green jengkol same way that smells really brown: P

David Says:
December 1st, 2008 at 8:06 PM

wah … Local virus plus the longer strange.
Tutorial may be very useful for rental-rentals near campus. most of his life pelangganya in typing. Doc
Currently, I’m probably not affected by this virus, but later if met, I knew where to find a solution.

talk about Lamtoro gung, Petai, Jengkol, Gayam. it’s somewhat similar. petai and jengkol when I was a bit hard to distinguish (more lazy gogling). but if such mas Is said, jengkol brown color, it is usually called from the western part of Java. if the eastern part of Java used to call it chocolate jengkol Gayam dg fruit. CMIIW. Instead, discuss the culinary … but on this blog it was not a sign of culinary ya? all need time yes …. heehehe : D TFS