They never been stop spreading their knowledge…. and we also never let them alive forever. This is the article how to remove amburadul virus for all varian no need for antivirus program you can simply clean it using manual technique.

The simple way to know if your computer infected by this virus is you will see JPEG files with aplication extension. Now let’s start to remove it!

1. Unplug your infected computer from your network to stop this virus spreading.
2. Disable “System Restore” when in cleaning process.
3. Kill the virus process using power tools “currprocess” kill all process with icon JPG.
4. Repair your registry that already changed by the virus using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0×00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,CheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,DefaultValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, CheckedValue,0×00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, DefaultValue,0×00010001,0
HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, type,0, “checkbox”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, type,0, “checkbox”
HKCU, Control Panel\International, s1159,0, “AM”
HKCU, Control Panel\International, s2359,0, “PM”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0×00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0×00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0×00010001,0

[del]
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableSR
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspoold.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspool.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HokageFile.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rin.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Obito.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMP.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KakashiHatake.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears-CLN.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears-RTP.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HOKAGE4.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansav.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe,debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Instal.exe, debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe,debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansavgd.exe
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, DisableMSI
HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, LimitSystemRestoreCheckpointing
HKCR, exefile, NeverShowExt
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PaRaY_VM
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ConfigVir
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NviDiaGT
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NarmonVirusAnti
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AVManager
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, EnableLUA

5. Delete the master virus in %systemroot%\system32\~A~m~B~u~R~a~D~u~L~ before you do this you have to make hiden files become visible.
Then deleted this file list:

csrcc.exe
smss.exe
lsass.exe
services.exe
winlogon.exe
Paraysutki_VM_Community.sys
msvbvm60.dll
Drive:\Autorun.inf
Drive:\FoToKu xx-x-*.exe, where x show the date when virus active
Drive:\Friendster Community.exe
Drive:\J3MbataN K4HaYan.exe
Drive:\MyImages.exe
Drive:\PaLMa.exe
Drive:\Images

To make sure your computer clean you can check scan your computer using your favorite antivirus programs.
Done, have a nice day

Similar Posts:

• Remove W32/VBWorm.QXE (bulubebek)
• Stop Virus Stargate
• 6 Step to: Remove Jengkol Virus
• Remove MaHaDeWa VBS.Autorun.AM

• photo-t432e jpeg exe
• the system cannot find the file specified ayodance
• cara membersihkan trojan dari windows 7 starter
• menghapus direktory internet download manager
• photo-t432e jpeg
• problem with shorcut artinya
• application not found pada disk E
• ayodance the system cannot find the file specified
• membasmi virus sality
• menghapus winlogos
• Mengembalikan registry karena virus
• ouc exe no disk
• cara mengatasi virus shortcut
• found debugger on your memory maksudnya gmn?
• rgedit terkena virus
• software pencari varian virus
• update cara memperbaiki flash rusak
• cara membasmi virus shortcut
• apakah ada deep freeze memory card
• photo-t432e
• penyebab the path is too deep
• Cara memperbaiki net exe error win7
• cara membuka memory card yg tidak tampil
• cara mengatasi data yang terkena virus
• cara mengatasi pesan aha dialer exe is not valid a win32 aplikation
• cara mengatasi mmc terprotect virus
• cara memperbaiki flasdik yang terkena virus w32
• cara memperbaiki hardisk
• cara memperbaiki file mmc yang corup
• sallity
• salty101 exe
• virus amburadul
• virus
• cara menghapus idm di laptop
• cmd hilang
• cara menghapus virus lewat cmd
• cara mengtasi software yang tidak valid dengan syistem 32
• kenapa selalu keluar there is no disk in the drive
• flashdisk terkunci
• membuka fd terproteck
• membuka billing yang terkena virus
• mengaktifkan anti virus yang di protect oleh virus
• menghilangkan write protection
• mmc rusak kena virus
• mengatasi mmc write protect
• menghilangkan virus sality 101
• mengatasi masalah mmc will not run with a version of internet explorer erlier than
• almanahe remover
• Cara hapus virus di mmc
• cara matikan microsoft has stopped working
• cara atasi virus shortcut
• cara hapus sality virus
• apa penyebab flashdisk error cannot specified find
• antivirus diblok virus
• cara hapus virus short cut
• cara hapus virus autorun d memory tanpa scan
• Cara hapus rundll 32
• Cara hapus virus shortcut laptop
• cara mematikan rtp
• billing ecafepro terkena virus
• arti winlogos
• basmi sality 101
• cara jitu menghilangkan write protec
• cara hapus virus sistem shutdown
• cara hilangin virus yang tidak bisa di hapus di flasdisk
• cara delet polder yg kg bs di delet
• apa kerosakan pada laptop windows selalu corrupt
• apa itu virus sality 101
• apa artinya the disc is write protect ?
• buka folder not responding windows xp
• buka mmc keblokir kena virus
• bagaimana cara memulihkan data yang terkena virus autorun
• cara membasmi virus ink
• cara atasi windows disabl exe
• atasi rundll 32 file corup
• cara membasmi virus trojan
• cara membasmi virus sality
• cara atasi fd yang minta format
• cara format mmc di cmd
• cara format flashdisk lewat cmd
• cara membasmi virus HKEY-CLASSES_ROOT
• bagaimana cara memgatasi problem windows
• cara membasmi virus almahe b
• cara membasmi virus amburadul
• cara enable task manager akibat conficker
• clean service exe virus muncul
• Clean menghapus file
• cara menghilangkan lsass
• cara mengatasi virus jpg
• cara scan virus lewat cmd
• cara menghapus virus aadrive32 exe
• cara mengembalikan billing expoler error
• cara menghapus virus winlogon
• cara menghapus virus t432e
• delete ansav that write protected
• cara menghapus virus lewat bios
• cara menghapus virus di mmc
• cara menghapus rundill
• cara menghilangkan setup exe valid windows 32
• Cara menghilangkan virus flashdisk tanpa software
• cara menghapus polder yang susah
• cara menghilangkan system shutdown DI:/system32/service exe
• cara menghilangkan pesan stopped working saat buka exe
• cara scan virus jpag
• Cara menghapus file yang failed di IDM
• cara menghilangkan virus jpeg exe
• explorer exe hilang windows 7 program di maximize tak tampak
• cara mengatasi shortcut pada mmc
• cara meng hilangkan virus ms dos
• cara membuka flashdisk yang terprotect virus
• cara memperbaiki fd rusak
• cara memperbaiki laptop windows rusak
• cara memperbaiki win32 yang di protec virus
• cara membuka data di laptop yg terblokir
• cara memperbaiki download manager yang terprotec
• Cara memperbaiki MMC eror
• cara memperbaiki explore exe terkena trojan
• cara memperbaiki File Format Is Not Valid
• cara mengatasi file regedit exe yang invalid
• cara mengatasi antivirus di blokir virus
• Cara mencari file yang error
• cara mengatasi antivirus program has been stopped
• cara membunuh virus trojan
• cara menformat usb di internet
• cara memperbaiki flashdisk yang terkena write protect
• cara memperbaiki flashdisk yang minta di format
• cara membuat virus dan cara menghilanginya
• Cara mengatasi memory could not be read di komputer
• cara membersihkan virus sality 101 di flashdisk
• cara mengatasi photo-t432e jpeg exe
• cara membersihkan virus di laptop windows xp
• cara membersihkan virus flash disk
• cara membuka cmd yang terkena virus
• cara memperbaiki sofware yg rusak
• cara membersihkan virus di bb
• cara membersihkan virus amburadul
• cara membersihkan virus memory card
• Cara membersihkan registry yang terinfeksi virus
• Cara memperbaiki mmc yg rusak
• software pembasmi aadrive32 exe
• tidak bisa aktifkan anti virus
• setiap membuka explore selalu muncul confirmed folder delete
• w32/vbworm beau
• sality 101 registry
• reparing short cut rusak
• Software penghapus empty registry
• solusi hardisk external disable
• virus yg merusak pencarian google
• virus shortcut hilang
• virus sality 101 selalu membuat shortcut dos dengan ekstension pif
• virus pif remover
• virus amburadul express cleaner
• Tips menghapus virus flashdisc dari dos
• task manager ada pesan "the system cannot find the file specified"
• solusi run dll error
• Solusi regedit yang di block administrator
• repair shortcut * lnk
• photo-t432e jpg exe
• privacy protection muncul blok komputer
• mengatasi problem with shorcut
• menghilangkan virus aadrive32 exe
• mengatasi is not valid win32 application
• menghilangkan virus cmd super hiden
• mengatasi mmc yang protect
• mengatasi komputer selalu minta restart
• penyebab memori atau disk tidak terbaca
• menghilangkan virus image
• mengatasi virus winlogon
• mengembalikan photo yang rusak terkena virus
• menghilangkan virus penyebab write protected
• patcher ayodance the system cannot find the file specified
• mengatasi blackberry selalu bufering
• menghapus virus vbs di mmc
• Msconfig tidak bisa di buka
• mengatasi virus amburadul
• menghilang write pRotecteD
• menghilangkan aadrive32 exe
• photo-t432e jpg
• penghancur sality
• mengatasi the system cannot find the file specified ayodance
• mengatasi explorer hilang
• menghapus sality 101 di harddisk external
• menghapus virus winlogon exe
• Perbaikan windows xp yg kena virus
• hapus sality tanpa menghapus program
• membasmi virus sality dan ink
• google di blok virus
• invalid win32 aplication saat membuka file mp3
• kenapa windows stop working
• hapus virus lnk lewat cmd
• hardis kena virus shortcut
• memperbaiki flash disk
• memory card kena virus
• MENCARI FILE YANG HILANG DI FLASDIS
• membuka task manager yang kena blok
• memperbaiki billing server
• memperbaiki drive d error
• Kenapa cmd gak bisa di buka di laptop
• Hkey_local_machine\sofware\ terinfeksi virus
• memperbaiki fd dengan regedit

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!

This entry was posted on Monday, July 21st, 2008 at 6:02 AM and is filed under Computer And Internet, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.