Bulubebek virus has been made using visual basic with size 53kb. Bulubebek Virus very easy to removed using some manual technique. Once virus active it will created master files:
- \Windows\Script.exe
- \Windows\LSASS.exe
- \Documents and Settings\%user%\autorun.inf
- \Documents and Settings\%user%\bulubebek.ini
- \bulubebek.ini
- \autorun.inf
When virus active it will blocking some windows functions such as task manager, folder option, command prompt and more… This virus spreading (usually because it was designed) using flashdisk media by creating autorun.inf files.
Hidden folder and duplicate folder
Bulubebek has been designed and working almost same with older brontox varian, it will hidden your real folder and make duplicate .exe files with folder icon to tricky some newbie out there.
Step to cleaning bulubebek virus
1. I recommended to unplug your computers from your network, not really necessary but I think it’s gonna be safe.
2. Disable “System Restore” when in cleaning process.
3. Kill active virus process using 3rd party tools such as process explorer, kill virus process with icon folder.
4. Repair registry has been changed by virus, save this code as any name with .inf extension and install it.
[Version]
Signature=”$Chicago$”
Provider=Nobody
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0×00010001,2
HKCU, Software\Microsoft\Command Processor, AutoRun,0,
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NOFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NORun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAYXX.exe
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\HideFileExt
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPath
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPathAddress
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
In case if this copy-paste code not working correctly in your text editor you can download repair files in Here
5. Find and deleted duplicate folder has been made by virus using search function. find any folders or files with rules:
- Using folder icon.
- Size 53 KB.
- .exe extension
- File type Application.
6. Shown your hidden files back, You can us your 3rd favorite tool or you can do it manually using attrib command by typing:
ATTRIB –s –h –r /s /d
NOTE: Should typing in drive root.
7. To make sure it was totally clean you can scan your computers with your best antivirus program.
Done 
SIMILAR POST :
- Remove MaHaDeWa VBS.Autorun.AM
- Remove virus AMBURADUL (all varian)
- Remove Sandra Dewi Bugil Virus W32/Sadra.A
- Remove K0pL4xZ Virus VBWorm.QTT
Incoming search terms:
- savira virus
- bulu bebek source code
- virus savira
- virus bulubebek
- w32/vbworm beua
- virus yang menghilangkan sound
- virus hiden printer audio
- cara membersihkan bulu bebek
- cara menghapus virus angel2 exe
- sound device hilang
- settingan untuk HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Safeboot
- mematikan virus yang mendisable card lan device
- setprinter sys vbs
- how to kill w32/vbworm beua virus
- cara mengatasi virus exe
- remove nadia saphira
- virus matiin soundcard
- virus mematikan sound
- Hilangkan Windows Script Host
- how to clean virus blue bebek
- w32 vwworm qxe
- membersihkan virus autorun
- w32/vbworm folder shortcut
- how to delete savira exe worm
- ANTIVIRUS BEBEK
- nak buang virus scr
- remove bulu bebek
- removal tools for W32/VBWorm bEAU
- mencegah virus disable sound
- Mengatasi lsass exe endpoint
- win32 autorun pif
- mengatasi virus network audio
- mengatasi virus worm
- mengatasi virus angel2 exe
- menghilangkan virus bulubebek
- menghilangkan virus visualbasic
- merepair win32 yang hilang
- Nadira sapira bugil
- remove savira virus
- remove setprinter sys virus
- savira
- virus mematikan sound dives
- virus mematikan soundcard
- virus men disable paste
- virus sound hilang
- virus svira
- virus yang mendisable audio dan network
- virus yang mendisable sound card
- w32/vbworm beua ?
- virus apa yang menghilangkan sound
- tools membersihkan virus shortcut
- tools removal virus bulu bebek
- Savira exe
- savira worm
- script virus to disable sound
- setprinter sys vbs showing how can recover
- sound disable virus recovery
- svira und autorun inf entfernen
- svira virus
- w32/vbworm beua how to remove from systeam
- membasmi virus angel2
- active desktop bagaimana memperbaiki
- cara bersihkan bulu
- cara hapus virus angel2
- cara hapus virus blue bebek
- cara hendak buang hidden folder
- cara membasmi angel2
- cara membersihkan virus saily
- cara membersihkan virus worm win32 amnl
- cara memperbaiki active desktop recovery
- cara memperbaiki lan setting
- cara memperbaiki registry copy/paste windows 7
- cara bersihkan angel2 exe
- bulubebek source remover
- bulubebek remove
- antivirus untuk menghapus virus angel2
- antivirus untuk virus bulu bebek
- apa itu HKLM/SYSTEM/CurrentControlsSet/SafeBoot/AlternateShell Value
- atasi sys
- atasi virus yang hidden file
- autorun hilangkan
- bagaimana cara buang virus hidden folder
- bgaimana cara membersihkan virus exe
- bulu bebek
- bulubebek removal
- cara memperbaiki registry windows 7
- cara memperbaiki restore my active desktop dari regedit
- delete svira virus of flash memory
- download contoh virus
- file win32 exe hilang
- fix bulubebek
- folder hilang scr membuang
- hacked by bulu bebek
- how to fix disabled network and sound by virus
- cara menghilangkan windows script error
- how to remove setprinter sys vbs
- how to remove svira
- clean svira
- cara remove active desktop recovery
- cara menghilangkan virus type worm
- cara memperbaiki sounds and device audio yang hilang
- cara memperbaiki windows 7
- cara mendelete nadira shapira
- cara mengapus autorun inf
- cara mengapus paksa file
- cara mengatasi active desktop recovery
- cara mengatasi restore my active desktop
- cara menghilangkan active dekstop recovery
- cara menghilangkan download master
- cara menghilangkan ramnit lewat cmd
- how to remove svira virus
If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!
14 Responses to “Remove W32/VBWorm.QXE (bulubebek)”
Trackbacks
- Remove W32/VBWorm.QXE (bulubebek) | Legal Webmastering
- Remove Nadia Saphira Virus W32/VBTroj.AOQB » Istanto Blogs
- Business Diary Search » Remove W32/VBWorm.QXE (bulubebek) » Istanto Blogs
Did you know?
Tag cloud
Blogs Statistic
Subscribe my feed
April 1st, 2009 at 11:24 PM
my internet explorer hacked by bulu bebek. how to repair it?
April 2nd, 2009 at 3:40 PM
how and where do i install the code..i dont understand that step..please help thank you
April 2nd, 2009 at 5:41 PM
@randy: follow guide from this line “Step to cleaning bulubebek virus”
@dolyn: copy the code, paste it to notepad, save as repair.inf (save as all files don’t txt) right click on it then choose install.
April 2nd, 2009 at 11:22 PM
hai again..i tried running the cmd but it wouldnt pop up..what should i do?
April 3rd, 2009 at 4:42 AM
Hi dolyn you’re in step shown hidden files back right? if CMD would not help try using ANSAV http://www.ansav.com/download/ use plugin “Hidden Revealer” or “RegistryFX”
April 4th, 2009 at 9:06 PM
hai again..another problem occur when i manage to fix the cmd problem..after deleting what should delete (i think) now everytime i start the computer this msg pops up
windows could not find script.exe….and so on..
how do i fix this problem
April 4th, 2009 at 11:25 PM
run -> type “msconfig” -> choose “startup” tab -> uncheck startup item that windows could not find, or you can use hijackthis http://www.filehippo.com/download_hijackthis/
April 22nd, 2009 at 6:48 PM
My Printer and Audio didn’t work..how to recover it after i remove the virus. how do i recover it? tq..
April 22nd, 2009 at 7:04 PM
Just reinstall your printer and sound card driver.
April 25th, 2009 at 1:14 AM
TQ!:)
May 3rd, 2010 at 3:11 AM
greetings there, i just saw your site listed on google, and i must comment that you compose interestingly good on your website. i am truly taken by the mode that you compose, and the message is outstanding. anyways, i would also like to know whether you would like to exchange links with my web portal? i will be certainly more than willing to reciprocate and put your link on in the blogroll. waiting for your answer, thanks and enjoy your day!