Bulubebek virus has been made using visual basic with size 53kb. Bulubebek Virus very easy to removed using some manual technique. Once virus active it will created master files:
- \Windows\Script.exe
- \Windows\LSASS.exe
- \Documents and Settings\%user%\autorun.inf
- \Documents and Settings\%user%\bulubebek.ini
- \bulubebek.ini
- \autorun.inf
When virus active it will blocking some windows functions such as task manager, folder option, command prompt and more… This virus spreading (usually because it was designed) using flashdisk media by creating autorun.inf files.
Hidden folder and duplicate folder
Bulubebek has been designed and working almost same with older brontox varian, it will hidden your real folder and make duplicate .exe files with folder icon to tricky some newbie out there.
Step to cleaning bulubebek virus
1. I recommended to unplug your computers from your network, not really necessary but I think it’s gonna be safe.
2. Disable “System Restore” when in cleaning process.
3. Kill active virus process using 3rd party tools such as process explorer, kill virus process with icon folder.
4. Repair registry has been changed by virus, save this code as any name with .inf extension and install it.
[Version]
Signature=”$Chicago$”
Provider=Nobody
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0×00010001,2
HKCU, Software\Microsoft\Command Processor, AutoRun,0,
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NOFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NORun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAYXX.exe
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\HideFileExt
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPath
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPathAddress
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
In case if this copy-paste code not working correctly in your text editor you can download repair files in Here
5. Find and deleted duplicate folder has been made by virus using search function. find any folders or files with rules:
- Using folder icon.
- Size 53 KB.
- .exe extension
- File type Application.
6. Shown your hidden files back, You can us your 3rd favorite tool or you can do it manually using attrib command by typing:
ATTRIB –s –h –r /s /d
NOTE: Should typing in drive root.
7. To make sure it was totally clean you can scan your computers with your best antivirus program.
Done 
SIMILAR POST :
- Remove MaHaDeWa VBS.Autorun.AM
- Remove virus AMBURADUL (all varian)
- Remove Sandra Dewi Bugil Virus W32/Sadra.A
- Remove K0pL4xZ Virus VBWorm.QTT
Incoming search terms:
- savira virus
- bulu bebek source code
- virus savira
- w32/vbworm beua
- sound device hilang
- mematikan virus yang mendisable card lan device
- virus bulubebek
- cara membersihkan bulu bebek
- virus hiden printer audio
- settingan untuk HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Safeboot
- setprinter sys vbs
- cara mengatasi virus exe
- cara menghapus virus angel2 exe
- how to kill w32/vbworm beua virus
- remove nadia saphira
- how to delete savira exe worm
- membersihkan virus autorun
- virus matiin soundcard
- virus mematikan sound
- ANTIVIRUS BEBEK
- w32/vbworm folder shortcut
- virus yang menghilangkan sound
- w32 vwworm qxe
- how to clean virus blue bebek
- tools membersihkan virus shortcut
- w32/vbworm beua how to remove from systeam
- remove bulu bebek
- removal tools for W32/VBWorm bEAU
- merepair win32 yang hilang
- menghilangkan virus bulubebek
- mengatasi virus worm
- mengatasi virus network audio
- win32 autorun pif
- virus mematikan soundcard
- mengatasi virus angel2 exe
- Mengatasi lsass exe endpoint
- mencegah virus disable sound
- virus mematikan sound dives
- membasmi virus angel2
- remove savira virus
- remove setprinter sys virus
- w32/vbworm beua ?
- svira virus
- svira und autorun inf entfernen
- sound disable virus recovery
- virus sound hilang
- virus svira
- setprinter sys vbs showing how can recover
- virus yang mendisable audio dan network
- script virus to disable sound
- savira worm
- virus yang mendisable sound card
- tools removal virus bulu bebek
- virus apa yang menghilangkan sound
- virus men disable paste
- savira
- Savira exe
- active desktop bagaimana memperbaiki
- cara bersihkan angel2 exe
- cara bersihkan bulu
- cara hapus virus angel2
- cara hendak buang hidden folder
- cara membasmi angel2
- cara membersihkan virus saily
- cara membersihkan virus worm win32 amnl
- cara memperbaiki active desktop recovery
- cara memperbaiki lan setting
- cara memperbaiki registry copy/paste windows 7
- bulubebek source remover
- bulubebek remove
- antivirus untuk menghapus virus angel2
- antivirus untuk virus bulu bebek
- apa itu HKLM/SYSTEM/CurrentControlsSet/SafeBoot/AlternateShell Value
- atasi sys
- atasi virus yang hidden file
- autorun hilangkan
- bagaimana cara buang virus hidden folder
- bgaimana cara membersihkan virus exe
- bulu bebek
- bulubebek removal
- cara memperbaiki registry windows 7
- cara memperbaiki restore my active desktop dari regedit
- delete svira virus of flash memory
- download contoh virus
- file win32 exe hilang
- fix bulubebek
- folder hilang scr membuang
- hacked by bulu bebek
- how to fix disabled network and sound by virus
- cara menghilangkan virus type worm
- how to remove setprinter sys vbs
- how to remove svira
- clean svira
- cara remove active desktop recovery
- cara memperbaiki sounds and device audio yang hilang
- cara memperbaiki windows 7
- cara mendelete nadira shapira
- cara mengapus autorun inf
- cara mengapus paksa file
- cara mengatasi active desktop recovery
- cara mengatasi restore my active desktop
- cara menghilangkan active dekstop recovery
- cara menghilangkan download master
- cara menghilangkan windows script error
- how to remove svira virus
If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!
14 Responses to “Remove W32/VBWorm.QXE (bulubebek)”
Trackbacks
- Remove W32/VBWorm.QXE (bulubebek) | Legal Webmastering
- Remove Nadia Saphira Virus W32/VBTroj.AOQB » Istanto Blogs
- Business Diary Search » Remove W32/VBWorm.QXE (bulubebek) » Istanto Blogs
Did you know?
Tag cloud
Blogs Statistic
Subscribe my feed
April 1st, 2009 at 11:24 PM
my internet explorer hacked by bulu bebek. how to repair it?
April 2nd, 2009 at 3:40 PM
how and where do i install the code..i dont understand that step..please help thank you
April 2nd, 2009 at 5:41 PM
@randy: follow guide from this line “Step to cleaning bulubebek virus”
@dolyn: copy the code, paste it to notepad, save as repair.inf (save as all files don’t txt) right click on it then choose install.
April 2nd, 2009 at 11:22 PM
hai again..i tried running the cmd but it wouldnt pop up..what should i do?
April 3rd, 2009 at 4:42 AM
Hi dolyn you’re in step shown hidden files back right? if CMD would not help try using ANSAV http://www.ansav.com/download/ use plugin “Hidden Revealer” or “RegistryFX”
April 4th, 2009 at 9:06 PM
hai again..another problem occur when i manage to fix the cmd problem..after deleting what should delete (i think) now everytime i start the computer this msg pops up
windows could not find script.exe….and so on..
how do i fix this problem
April 4th, 2009 at 11:25 PM
run -> type “msconfig” -> choose “startup” tab -> uncheck startup item that windows could not find, or you can use hijackthis http://www.filehippo.com/download_hijackthis/
April 22nd, 2009 at 6:48 PM
My Printer and Audio didn’t work..how to recover it after i remove the virus. how do i recover it? tq..
April 22nd, 2009 at 7:04 PM
Just reinstall your printer and sound card driver.
April 25th, 2009 at 1:14 AM
TQ!:)
May 3rd, 2010 at 3:11 AM
greetings there, i just saw your site listed on google, and i must comment that you compose interestingly good on your website. i am truly taken by the mode that you compose, and the message is outstanding. anyways, i would also like to know whether you would like to exchange links with my web portal? i will be certainly more than willing to reciprocate and put your link on in the blogroll. waiting for your answer, thanks and enjoy your day!