They never been stop spreading their knowledge…. and we also never let them alive forever. This is the article how to remove amburadul virus for all varian no need for antivirus program you can simply clean it using manual technique.

The simple way to know if your computer infected by this virus is you will see JPEG files with aplication extension. Now let’s start to remove it!

1. Unplug your infected computer from your network to stop this virus spreading.
2. DisableSystem Restore” when in cleaning process.
3. Kill the virus process using power tools “currprocess” kill all process with icon JPG.
4. Repair your registry that already changed by the virus using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,CheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,DefaultValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, CheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, DefaultValue,0x00010001,0
HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, type,0, “checkbox”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, type,0, “checkbox”
HKCU, Control Panel\International, s1159,0, “AM”
HKCU, Control Panel\International, s2359,0, “PM”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0

[del]
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableSR
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspoold.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspool.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HokageFile.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rin.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Obito.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMP.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KakashiHatake.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears-CLN.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears-RTP.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HOKAGE4.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansav.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe,debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Instal.exe, debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe,debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansavgd.exe
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, DisableMSI
HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, LimitSystemRestoreCheckpointing
HKCR, exefile, NeverShowExt
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PaRaY_VM
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ConfigVir
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NviDiaGT
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NarmonVirusAnti
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AVManager
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, EnableLUA

5. Delete the master virus in %systemroot%\system32\~A~m~B~u~R~a~D~u~L~ before you do this you have to make hiden files become visible.
Then deleted this file list:

csrcc.exe
smss.exe
lsass.exe
services.exe
winlogon.exe
Paraysutki_VM_Community.sys
msvbvm60.dll
Drive:\Autorun.inf
Drive:\FoToKu xx-x-*.exe, where x show the date when virus active
Drive:\Friendster Community.exe
Drive:\J3MbataN K4HaYan.exe
Drive:\MyImages.exe
Drive:\PaLMa.exe
Drive:\Images

To make sure your computer clean you can check scan your computer using your favorite antivirus programs.
Done, have a nice day 😀

Similar Posts:

Related Search Terms:

  • photo-t432e jpeg exe
  • photo-t432e jpeg exe
  • the system cannot find the file specified ayodance
  • the system cannot find the file specified ayodance
  • cara membersihkan trojan dari windows 7 starter
  • cara membersihkan trojan dari windows 7 starter
  • photo-t432e jpeg
  • menghapus direktory internet download manager
  • photo-t432e jpeg
  • menghapus direktory internet download manager
  • problem with shorcut artinya
  • problem with shorcut artinya
  • ouc exe no disk
  • ouc exe no disk
  • menghapus winlogos
  • ayodance the system cannot find the file specified
  • menghapus winlogos
  • ayodance the system cannot find the file specified
  • found debugger on your memory maksudnya gmn?
  • rgedit terkena virus
  • software pencari varian virus
  • found debugger on your memory maksudnya gmn?
  • photo-t432e
  • software pencari varian virus
  • rgedit terkena virus
  • photo-t432e
  • cara menghapus virus lewat cmd
  • cara mengtasi software yang tidak valid dengan syistem 32
  • mengaktifkan anti virus yang di protect oleh virus
  • cara menghapus virus lewat cmd
  • cara mengtasi software yang tidak valid dengan syistem 32
  • virus
  • mengaktifkan anti virus yang di protect oleh virus
  • salty101 exe
  • virus
  • salty101 exe
  • MENCARI FILE YANG HILANG DI FLASDIS
  • task manager ada pesan "the system cannot find the file specified"
  • cara format flashdisk lewat cmd
  • cara menghapus virus lewat bios
  • cara menghapus virus winlogon
  • cara membuat virus dan cara menghilanginya
  • Solusi regedit yang di block administrator
  • cara enable task manager akibat conficker
  • cara mengatasi antivirus di blokir virus
  • menghapus virus winlogon exe
  • Cara memperbaiki MMC eror
  • cara membersihkan virus amburadul
  • cara membersihkan virus di bb
  • memperbaiki rundll32 yang not responding
  • MENCARI FILE YANG HILANG DI FLASDIS
  • software pembasmi aadrive32 exe
  • mengatasi blackberry selalu bufering
  • cara menghapus virus lewat bios
  • fix shortcut setelah kena virus lnk
  • software pembasmi aadrive32 exe
  • menghilangkan aadrive32 exe
  • cara menghilangkan system shutdown DI:/system32/service exe
  • cara format flashdisk lewat cmd
  • memperbaiki rundll32 pada saat shutdown
  • photo-t432e jpg
  • clean service exe virus muncul
  • arti winlogos
  • cara menghilangkan system shutdown DI:/system32/service exe
  • meatasi rundll
  • cara membersihkan virus sality 101 di flashdisk
  • cara delet polder yg kg bs di delet
  • hapus virus lnk lewat cmd
  • menghilangkan aadrive32 exe
  • cara mengatasi antivirus di blokir virus
  • cara membersihkan virus di bb
  • hapus virus lnk lewat cmd
  • Solusi regedit yang di block administrator
  • Clean menghapus file
  • cara enable task manager akibat conficker
  • Cara hapus virus shortcut laptop
  • melihat file jpg dg cmd pada memori card
  • cara membasmi virus trojan
  • Tips menghapus virus flashdisc dari dos
  • cara mematikan rtp
  • buka mmc keblokir kena virus
  • cara scan virus jpag
  • memperbaiki rundll32 yang not responding
  • meatasi rundll
  • cara atasi windows disabl exe
  • cara membasmi virus sality
  • cara menghapus virus t432e
  • cara mengatasi photo-t432e jpeg exe
  • photo-t432e jpg exe
  • virus yg merusak pencarian google
  • mengatasi virus amburadul
  • cara jitu menghilangkan write protec
  • cara memperbaiki sofware yg rusak
  • cara membuat virus dan cara menghilanginya
  • cara menghilangkan lsass
  • penghancur sality
  • Clean menghapus file
  • melihat file jpg dg cmd pada memori card
  • cara menghilangkan lsass
  • penghancur sality
    Digg Del.icio.us StumbleUpon Reddit Twitter RSS

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!