Jengkol.. What a stupid virus name, Jengkol is traditional food in Indonesia,  I don’t know how to categorized this one as food or fruit… usually some people like to eat this thing but I’m not those crazy one. THE SMELL *LOL*

Alright I think no need to explain more about what is jengkol ha..ha..ha..

This virus jengkol affect is it will logging off your computers once you executed .INF files or when you editing .VBS file. This virus will works by hiding all files he found with .DOC extension. You work in big company? when this happen your bos will fire you *LOL*

Alright let’s remove this virus out from your computers with 6 simple steps.

1. Unplug your computer from your local area network to stop it spreading.

2. Deactivated “System Restore” when in cleaning progress.

3. Kill virus process using 3rd party tools, Process Explorer.

4. Repair your registry changed by virus using code below, save it as anything with .VBS extension. In case this code coverting wrong download the source in HERE.

Dim oWSH: Set oWSH = CreateObject(“WScript.Shell”)
on error resume Next
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell”,”Explorer.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command\”,”C:\Windows\System32\notepad.exe %1″
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\DefaultIcon\”,”C:\Windows\System32\WScript.exe,2″
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command\”,”C:\windows\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1″
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLegacyLogonScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLogoffScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideStartupScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunStartupScriptSync”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run\JeNGKoL”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\NeverShowExt”)
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\”,”VBScript Script File”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\FriendlyTypeName”,”VBScript Script File”
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NOFind”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NORun”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\debugger”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\DisallowRun\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”)

5. Delete virus duplicated files using windows search  function, search files with:

• Using JPEG or VBS icon
• Size 14 KB
• File Type JPEG image or VBS Script file.

6. Scan with your best antivirus, antimallware, or antispyware to make sure your system clean.

Well done

Similar Posts:

• Stop Virus Stargate
• Remove GoldenGhost Virus W32/Agent.GYMR
• Remove virus AMBURADUL (all varian)
• Remove W32/SmallTroj.VPCG

• jengkol
• buah jengkol
• cara memperbaiki virus shortcut
• C:\Wscript exe /e:vbs Thambs db
• how to kill watermark exe
• hapus autorun inf
• Sysfake wscript virus
• cara menghilangkan notepad exe
• software untuk mengatasi end program rundll32
• cara mengatasi rundll32 exe end program
• cara menghapus fakesys wscript
• cara menghapus virus html drop agent ab
• menghilangkan rundll32
• menghilangkan vbs
• gambar jengkol
• html drop agent ab removal
• watermark virus remover
• cara hilangkan virus exlorer exe pada start up
• Teknik hilangkan water mark pada windors xp
• menghilangkan vbscript encoded script file dengan notepad
• menghapus virus watermark
• menghilangkan end program rundll32 exe
• how to stop ShellExecute = WScript exe vbs
• menghilangkan ending program rundll 32
• how to repair jpg affected of vbs
• menghilangkan virus jscript encoded script file di windows 7
• menghilangkan VBScript Encoded Script File ( vbs)
• menghapus virus vbscript encoded
• makanan indonesia pete dan jengkol
• makanan jengkol
• memperbaiki virus vbscript
• mengatasi hapus remove HTML/Drop Agent AB
• kill virus watermark
• mengatasi Rundll32 exe end program
• mengatasi virus watermark exe
• Menghapus permanent rundll32 exe
• image buah jengkol
• menghapus virus safeboot
• mengatasi end program rundll32
• menghilangkan virus log off pada windows 7
• store jengkol in us
• sysfake wscript
• What kind of viruse are SysFake Logoff and SysFake Wscript
• system32 db
• system32 DB virus
• thambs db
• thambs db clean
• thambs db vbs virus processes
• thambs db virus
• vbscript script file di windows seven
• virus vbs sysfake
• watermark exe virus
• software untuk menghapus windows file batch
• software memperbaiki vbs
• menghilangkan virus vbscript
• owsh regwrite
• removal for system32 db virus
• removal tool vbscript encoded script
• remove html/drop agent ab
• remove shellexecute=WScript exe //e:VBS thamb db
• remove watermark virus
• repair watermark virus
• repair watermark virus registry
• rundll32 cara menghilangkan
• shellexecute=wscript exe /e:vbs thumbss db كيف امسح
• shellexecute=wscript exe stop-virus vbs
• watermark exe virus removal
• how to kill watermark virus
• atasi end program - rundll32 exe
• cara mengapus rundll32 exe
• cara mengatasi end program rundll32 exe
• cara mengatasi End Program-rundll32 exe
• cara mengatasi ending program rundll exe
• cara mengatasi error vbs
• cara mengatasi Rundl32l exe
• cara mengatasiend program rundll32 exe
• cara menghapus hkey_local_machine\\software\\microsoft\\windows\\polices\\explorer\\run
• cara menghapus merepair virus sysfake logoff pada system
• cara menghapus script error
• cara menghapus virus html/drop agen AB
• cara menghapus virus html/drop agent ab
• Cara menangani virus html drop agent
• cara memperbaiki vbscript encoded script
• atasi vbscript encoded
• cara basmi virus rundll
• cara delete virus rundll melalui regedit
• cara hapus autorun inf melalui notepad remove bat
• cara hapus start up programs
• cara hapus watermark
• cara hilangin notepad exe
• cara hilangkan end program
• cara hilangkan virus
• Cara membasmi tikus dengan jengkol
• cara membasmi virus vbs skyfake hkey di laptop
• cara memperbaiki vbscript
• cara menghapus virus html/drop agent ab dan WR/ramnit
• cara menghapus virus ramnit dan html/drop agent dengan cmd
• Cmd Exe erro cara mengatasi
• Code hilangkan virus n76
• efek virus watermark exe
• FakeSys Logoff virus
• fakesys removal tool download
• gambar cara menghapus virus VBscript Encoded Script file
• green jengkol
• Hapus watermark dg cmd exe
• hilangkan html/drop agent AB
• hilangkan virus watermark
• hilangkan watermark windows 8
• how to fix stop-virus vbs
• cleaning virus watermark
• cara repair html drop agen
• cara menghapus virus sysfake
• Cara menghapus wscipt exe
• cara menghilangkan end program startup
• cara menghilangkan permanen rundll32 exe
• cara menghilangkan rundll pada windows7
• cara menghilangkan rundll32 exe
• cara menghilangkan VBScript Encoded Scripf File
• cara menghilangkan virus desktop vbscript script file
• cara menghilangkan virus system32
• cara menghilangkan virus vbs sysfake
• cara nak uji anti virus
• cara perbaiki end program explorer-exe
• how to kill watermark exe removebale download

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Friday, November 28th, 2008 at 1:33 PM and is filed under Computer And Internet, Personal, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.