Jengkol.. What a stupid virus name, Jengkol is traditional food in Indonesia,  I don’t know how to categorized this one as food or fruit… usually some people like to eat this thing but I’m not those crazy one. THE SMELL *LOL*

jengkol

Alright I think no need to explain more about what is jengkol ha..ha..ha..

This virus jengkol affect is it will logging off your computers once you executed .INF files or when you editing .VBS file. This virus will works by hiding all files he found with .DOC extension. You work in big company? when this happen your bos will fire you *LOL*

Alright let’s remove this virus out from your computers with 6 simple steps.

1. Unplug your computer from your local area network to stop it spreading.

2. Deactivated “System Restore” when in cleaning progress.

3. Kill virus process using 3rd party tools, Process Explorer.

4. Repair your registry changed by virus using code below, save it as anything with .VBS extension. In case this code coverting wrong download the source in HERE.

Dim oWSH: Set oWSH = CreateObject(“WScript.Shell”)
on error resume Next
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command\”,”””%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command\”,”””%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\”,”””%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command\”,”””%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell”,”Explorer.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command\”,”C:\Windows\System32\notepad.exe %1″
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\DefaultIcon\”,”C:\Windows\System32\WScript.exe,2″
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command\”,”C:\windows\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1″
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLegacyLogonScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLogoffScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideStartupScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunStartupScriptSync”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run\JeNGKoL”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\NeverShowExt”)
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\”,”VBScript Script File”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\FriendlyTypeName”,”VBScript Script File”
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NOFind”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NORun”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\debugger”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\DisallowRun\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”)

5. Delete virus duplicated files using windows search  function, search files with:

  • Using JPEG or VBS icon
  • Size 14 KB
  • File Type JPEG image or VBS Script file.

6. Scan with your best antivirus, antimallware, or antispyware to make sure your system clean.

Well done :)

Similar Posts:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS

jengkol, buah jengkol, how to kill watermark exe, hapus autorun inf, C:\Wscript exe /e:vbs Thambs db, cara memperbaiki virus shortcut, gambar jengkol, cara menghapus virus html drop agent ab, software untuk mengatasi end program rundll32, cara menghilangkan notepad exe, cara menghapus fakesys wscript, cara mengatasi rundll32 exe end program, menghilangkan vbs, Teknik hilangkan water mark pada windors xp, cara hilangkan virus exlorer exe pada start up, watermark virus remover, menghilangkan rundll32, html drop agent ab removal, Sysfake wscript virus, menghapus setup vbs, Menghapus permanent rundll32 exe, menghilangkan VBScript Encoded Script File ( vbs), repair watermark virus registry, menghapus virus safeboot, menghapus virus vbscript encoded, menghapus virus watermark, menghilangkan ending program rundll 32, menghilangkan end program rundll32 exe, mengatasi virus watermark exe, how to repair jpg affected of vbs, how to stop ShellExecute = WScript exe vbs, image buah jengkol, IMAGE JENGKOL, mengatasi Rundll32 exe end program, kill virus watermark, makanan indonesia pete dan jengkol, makanan jengkol, memperbaiki virus vbscript, mengatasi end program rundll32, mengatasi hapus remove HTML/Drop Agent AB, how to kill watermark virus, menghilangkan vbscript encoded script file dengan notepad, store jengkol in us, sysfake wscript, What kind of viruse are SysFake Logoff and SysFake Wscript, system32 db, system32 DB virus, thambs db, thambs db clean, thambs db vbs virus processes, thambs db virus, vbscript script file di windows seven, virus vbs sysfake, watermark exe virus, software untuk menghapus windows file batch, software memperbaiki vbs, shellexecute=wscript exe stop-virus vbs, menghilangkan virus jscript encoded script file di windows 7, menghilangkan virus log off pada windows 7, menghilangkan virus vbscript, owsh regwrite, removal for system32 db virus, removal tool vbscript encoded script, remove html/drop agent ab, remove shellexecute=WScript exe //e:VBS thamb db, remove watermark virus, repair watermark virus, rundll32 cara menghilangkan, shellexecute=wscript exe /e:vbs thumbss db كيف امسح, watermark exe virus removal, atasi end program - rundll32 exe, cara mengapus rundll32 exe, cara mengatasi end program rundll32 exe, cara mengatasi End Program-rundll32 exe, cara mengatasi ending program rundll exe, cara mengatasi error vbs, cara mengatasi Rundl32l exe, cara mengatasiend program rundll32 exe, cara menghapus hkey_local_machine\\software\\microsoft\\windows\\polices\\explorer\\run, cara menghapus merepair virus sysfake logoff pada system, cara menghapus script error, cara menghapus virus howdsript, cara menghapus virus html/drop agen AB, Cara menangani virus html drop agent, cara memperbaiki vbscript encoded script, cara memperbaiki vbscript, atasi vbscript encoded, cara basmi virus rundll, cara delete virus rundll melalui regedit, cara hapus autorun inf melalui notepad remove bat, cara hapus start up programs, cara hapus watermark, cara hilangin notepad exe, cara hilangkan end program, cara hilangkan virus, Cara membasmi tikus dengan jengkol, cara membasmi virus vbs skyfake hkey di laptop, cara memperbaiki hkey_local_machine, cara menghapus virus html/drop agent ab, cara menghapus virus html/drop agent ab dan WR/ramnit, cara menghapus virus ramnit dan html/drop agent dengan cmd, Cmd Exe erro cara mengatasi, Code hilangkan virus n76, efek virus watermark exe, FakeSys Logoff virus, fakesys removal tool download, gambar cara menghapus virus VBscript Encoded Script file, green jengkol, Hapus watermark dg cmd exe, hilangkan html/drop agent AB, hilangkan virus watermark, hilangkan watermark windows 8, how to fix stop-virus vbs, cleaning virus watermark, cara repair html drop agen, cara perbaiki end program explorer-exe, cara menghapus virus sysfake, Cara menghapus wscipt exe, cara menghilangkan end program startup, cara menghilangkan permanen rundll32 exe, cara menghilangkan rundll pada windows7, cara menghilangkan rundll32 exe, cara menghilangkan VBScript Encoded Scripf File, cara menghilangkan virus desktop vbscript script file, cara menghilangkan virus system32, cara menghilangkan virus vbs sysfake, cara menghilangkan virus watermark, cara nak uji anti virus, how to kill watermark exe removebale download

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!