Bulubebek virus has been made using visual basic with size 53kb. Bulubebek Virus very easy to removed using some manual technique. Once virus active it will created master files:
- \Windows\Script.exe
- \Windows\LSASS.exe
- \Documents and Settings\%user%\autorun.inf
- \Documents and Settings\%user%\bulubebek.ini
- \bulubebek.ini
- \autorun.inf
When virus active it will blocking some windows functions such as task manager, folder option, command prompt and more… This virus spreading (usually because it was designed) using flashdisk media by creating autorun.inf files.
Hidden folder and duplicate folder
Bulubebek has been designed and working almost same with older brontox varian, it will hidden your real folder and make duplicate .exe files with folder icon to tricky some newbie out there.
Step to cleaning bulubebek virus
1. I recommended to unplug your computers from your network, not really necessary but I think it’s gonna be safe.
2. Disable “System Restore” when in cleaning process.
3. Kill active virus process using 3rd party tools such as process explorer, kill virus process with icon folder.
4. Repair registry has been changed by virus, save this code as any name with .inf extension and install it.
[Version]
Signature=”$Chicago$”
Provider=Nobody
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0x00010001,2
HKCU, Software\Microsoft\Command Processor, AutoRun,0,
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NOFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NORun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAYXX.exe
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\HideFileExt
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPath
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPathAddress
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
In case if this copy-paste code not working correctly in your text editor you can download repair files in Here
5. Find and deleted duplicate folder has been made by virus using search function. find any folders or files with rules:
- Using folder icon.
- Size 53 KB.
- .exe extension
- File type Application.
6. Shown your hidden files back, You can us your 3rd favorite tool or you can do it manually using attrib command by typing:
ATTRIB –s –h –r /s /d
NOTE: Should typing in drive root.
7. To make sure it was totally clean you can scan your computers with your best antivirus program.
Done 😀
Similar Posts:
- Remove MaHaDeWa VBS.Autorun.AM
- Remove virus AMBURADUL (all varian)
- Remove K0pL4xZ Virus VBWorm.QTT
- Remove Sandra Dewi Bugil Virus W32/Sadra.A
RELATED SEARCH TERMS:
- savira virus
- savira virus
- w32/vbworm beua
- w32/vbworm beua
- virus yang menghilangkan sound
- setprinter sys vbs
- setprinter sys vbs
- virus yang menghilangkan sound
- virus bulubebek
- virus bulubebek
- ANTIVIRUS BEBEK
- how to kill w32/vbworm beua virus
- cara membersihkan bulu bebek
- remove savira virus
- sound device hilang
- how to delete savira exe worm
- sound device hilang
- membersihkan virus autorun
- how to kill w32/vbworm beua virus
- cara membersihkan bulu bebek
- remove savira virus
- ANTIVIRUS BEBEK
- how to delete savira exe worm
- membersihkan virus autorun
- delete svira virus of flash memory
- cara memperbaiki restore my active desktop dari regedit
- virus men disable paste
- how to remove setprinter sys vbs
- fix bulubebek
- win32 autorun pif
- virus sound hilang
- savira worm
- mengatasi virus worm
- cara mengatasi restore my active desktop
- cara bersihkan bulu
- remove setprinter sys virus
- remove bulu bebek
- how to remove svira
- cara mendelete nadira shapira
- bulu bebek
- cara memperbaiki lan setting
- remove bulu bebek
- cara mengatasi restore my active desktop
- savira worm
- remove setprinter sys virus
- virus sound hilang
- how to remove svira
- cara mendelete nadira shapira
- bulu bebek
- cara memperbaiki lan setting
- fix bulubebek
- cara mengapus paksa file
- cara bersihkan bulu
- how to remove setprinter sys vbs
- win32 autorun pif
- mengatasi virus worm
- virus men disable paste
- cara memperbaiki restore my active desktop dari regedit
- cara mengapus paksa file
- delete svira virus of flash memory
my internet explorer hacked by bulu bebek. how to repair it?
how and where do i install the code..i dont understand that step..please help thank you
@randy: follow guide from this line “Step to cleaning bulubebek virus”
@dolyn: copy the code, paste it to notepad, save as repair.inf (save as all files don’t txt) right click on it then choose install.
hai again..i tried running the cmd but it wouldnt pop up..what should i do?
Hi dolyn you’re in step shown hidden files back right? if CMD would not help try using ANSAV http://www.ansav.com/download/ use plugin “Hidden Revealer” or “RegistryFX”
hai again..another problem occur when i manage to fix the cmd problem..after deleting what should delete (i think) now everytime i start the computer this msg pops up
windows could not find script.exe….and so on..
how do i fix this problem
run -> type “msconfig” -> choose “startup” tab -> uncheck startup item that windows could not find, or you can use hijackthis http://www.filehippo.com/download_hijackthis/
My Printer and Audio didn’t work..how to recover it after i remove the virus. how do i recover it? tq..
Just reinstall your printer and sound card driver.
TQ!:)
greetings there, i just saw your site listed on google, and i must comment that you compose interestingly good on your website. i am truly taken by the mode that you compose, and the message is outstanding. anyways, i would also like to know whether you would like to exchange links with my web portal? i will be certainly more than willing to reciprocate and put your link on in the blogroll. waiting for your answer, thanks and enjoy your day!
Nowadays, you need to have an ultra modern web content management system
to manage your website on your own. it’s easy to keep it down on the lower end of the spectrum if all you want to do is run a single site. Benefits of premium WordPress themes for coupon sites:.
Spot on with this write-up, I truly believe this amazing site needs much more attention. I’ll probably be returning to read more, thanks for the info!
Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! By the way, how could we communicate?