Remove Gadis Desa W32/Wayrip.A

This virus categorized as low class because actually this virus not really hard to removed and not really annoyed. Carefully when you received this messages/pop up:

1  nikmatnya_gadis_desa
2  saat pertama berkenalan dengannya aku merasa senang
3  dia hanya seorang gadis desa
4  dengan cahaya pada bola matanya
5  yang mampu membawaku terbang
6  dengan keluguannya
7  yang selalu membuatku membimbingnya
8  dia adalam matahariku
9  yang mencairkan kebekuan hatiku
10 dari :rieysha

To know if your computer infected by this virus is you will see many multimedia files with size around 148KB This virus will generate lot of this files type so it will take enough your disk-space.

Norman antivirus can detect this virus as W32/Wayrip.A

wayrip_norman.JPG

Virus Master

After success to active this virus will creating his master file and also copied it into another drive like d: e: etc.

3gp.exe
dari_rieysha_anak_jogja.exe
dokumenPenting.exe
film.exe
gambar.exe
musik.exe
puisi.txt

Virus will change registry value in HKLM to make it active each time computer reboot:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nikmatnya_gadis_desa = C:\nikmatnya_gadis_desa.exe

To protect himself from people( like me 😛 ) this Virus will try to blocking some windows function like:

– Folder Option
– Run
– Find
– Menu Shutdown
– Drive C:\
– Registry Editor
– Task Manager
– CMD

Virus will change your browser start page redirected to https://h1.ripway.com/anharku (Account already deleted by ripway company) This is the virus creator homepage he try to get lot of people come to his website maybe just for click him adsense ads *LOL*

Virus will change your time AM PM value into riesyha

wayrip-2.JPG

Virus will change your windows information

wayrip-3.JPG

Virus will hiding your drive C:

wayrip-4.JPG

The best part of this virus he will try to kill all security/antivirus programs with caption:

Virus
Trend
procexp.exe
Remove
Panda
mmc.exe
Kill
Kaspersky
cmd.exe
Rontok
Aladdin
Windows
Rontox
Sysinter
Setup
Machine
brontokwasher.exe
ansav
Norton
hijackthis.exe
anti
Symantec
killbox.exe
kill
Norman
Movzx
scan
Bitdef
Ertanto
remov
Avast
Washer
security
Mcaf
Killbox
config
Grisoft
Registry
patrol
Cillin
Utility
hijack
Process
Master
pcmav

I said this is the best part of this virus because it might make some people confused 😀 this virus also still active on windows mode “safe mode with command prompt” and the last lame autorun.inf file for spreading himself using flash disk media.

wayrip-5.JPG

Enough now time to remove this virus!

1. Turn off “system restore” service when in cleaning process.

2. Kill virus process using 3rd party tools killVB, Download it on here or download from my server here

wayrip-6.JPG

3. Delete registry changed by Virus using FixRegistry download from here or download from my server here

wayrip-7.JPG

4. Delete all master virus with specification:

  • Size 148KB
  • Icon Multimedia
  • File extension .exe
  • File type Application

Before you do this set folder option to show hidden files.

5.  Delete also this file list on root drive (c:\, d:\, etc)

  • pesene_seng_gawe.htm (size 22 KB)
  • xx pesene_seng_gawe.htm (size 1 KB), xx = Random
  • Autorun.inf
  • C:\Puisi.txt
  • C:\Windows\Taskman.com

6. Last scan with your best antivirus program to make sure your system clean.

Done, Have a nice day 😀

Similar Posts:

RELATED SEARCH TERMS:

Tags:

1 thought on “Remove Gadis Desa W32/Wayrip.A”

  1. find network security key

    Good job. I can’t think it took me so long to find the blog. I really love the formatting.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.