Jengkol.. What a stupid virus name, Jengkol is traditional food in Indonesia,  I don’t know how to categorized this one as food or fruit… usually some people like to eat this thing but I’m not those crazy one. THE SMELL *LOL*

Alright I think no need to explain more about what is jengkol ha..ha..ha..

This virus jengkol affect is it will logging off your computers once you executed .INF files or when you editing .VBS file. This virus will works by hiding all files he found with .DOC extension. You work in big company? when this happen your bos will fire you *LOL*

Alright let’s remove this virus out from your computers with 6 simple steps.

1. Unplug your computer from your local area network to stop it spreading.

2. Deactivated “System Restore” when in cleaning progress.

3. Kill virus process using 3rd party tools, Process Explorer.

4. Repair your registry changed by virus using code below, save it as anything with .VBS extension. In case this code coverting wrong download the source in HERE.

Dim oWSH: Set oWSH = CreateObject(“WScript.Shell”)
on error resume Next
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command\”,”"”%1″” %*”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell”,”cmd.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell”,”Explorer.exe”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command\”,”C:\Windows\System32\notepad.exe %1″
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\DefaultIcon\”,”C:\Windows\System32\WScript.exe,2″
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command\”,”C:\windows\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1″
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLegacyLogonScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLogoffScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideStartupScripts”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunStartupScriptSync”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run\JeNGKoL”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\NeverShowExt”)
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\”,”VBScript Script File”
oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\FriendlyTypeName”,”VBScript Script File”
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NOFind”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NORun”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\debugger”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\DisallowRun\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run\”)
oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\”)
oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”)

5. Delete virus duplicated files using windows search  function, search files with:

• Using JPEG or VBS icon
• Size 14 KB
• File Type JPEG image or VBS Script file.

6. Scan with your best antivirus, antimallware, or antispyware to make sure your system clean.

Well done

SIMILAR POST :

• Stop Virus Stargate
• Remove GoldenGhost Virus W32/Agent.GYMR
• Remove virus AMBURADUL (all varian)
• Remove W32/SmallTroj.VPCG

Incoming search terms:

• jengkol
• cara memperbaiki virus shortcut
• C:\Wscript exe /e:vbs Thambs db
• how to kill watermark exe
• cara menghapus virus html drop agent ab
• software untuk mengatasi end program rundll32
• cara menghilangkan notepad exe
• hapus autorun inf
• cara mengatasi rundll32 exe end program
• menghilangkan rundll32
• menghilangkan vbs
• Sysfake wscript virus
• cara menghapus fakesys wscript
• watermark virus remover
• Teknik hilangkan water mark pada windors xp
• cara hilangkan virus exlorer exe pada start up
• mengatasi Rundll32 exe end program
• menghilangkan vbscript encoded script file dengan notepad
• menghilangkan end program rundll32 exe
• makanan jengkol
• memperbaiki virus vbscript
• menghapus virus watermark
• menghapus virus vbscript encoded
• Menghapus permanent rundll32 exe
• thambs db virus
• mengatasi end program rundll32
• menghilangkan virus vbscript
• owsh regwrite
• thambs db vbs virus processes
• thambs db clean
• What kind of viruse are SysFake Logoff and SysFake Wscript
• system32 db
• sysfake wscript
• store jengkol in us
• shellexecute=wscript exe stop-virus vbs
• shellexecute=wscript exe /e:vbs thumbss db كيف امسح
• repair watermark virus registry
• repair watermark virus
• remove watermark virus
• remove shellexecute=WScript exe //e:VBS thamb db
• removal for system32 db virus
• virus vbs sysfake
• kill virus watermark
• image buah jengkol
• cara menghilangkan rundll32 exe
• cara menghilangkan end program startup
• Cara menghapus wscipt exe
• cara menghapus virus sysfake
• cara menghapus virus ramnit dan html/drop agent dengan cmd
• cara menghapus virus html/drop agent ab dan WR/ramnit
• cara menghapus merepair virus sysfake logoff pada system
• cara mengatasiend program rundll32 exe
• cara mengatasi End Program-rundll32 exe
• cara mengapus rundll32 exe
• Cara menangani virus html drop agent
• cara memperbaiki vbscript encoded script
• cara hilangkan end program
• cara hapus autorun inf melalui notepad remove bat
• cara menghilangkan VBScript Encoded Scripf File
• cara menghilangkan virus desktop vbscript script file
• html drop agent ab removal
• how to kill watermark virus
• how to kill watermark exe removebale download
• how to fix stop-virus vbs
• hilangkan virus watermark
• hilangkan html/drop agent AB
• gambar cara menghapus virus VBscript Encoded Script file
• fakesys removal tool download
• FakeSys Logoff virus
• efek virus watermark exe
• cleaning virus watermark
• cara nak uji anti virus
• cara menghilangkan virus vbs sysfake
• cara menghilangkan virus system32
• buah jengkol

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Friday, November 28th, 2008 at 1:33 PM and is filed under Computer And Internet, Personal, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.