HKCU

Remove virus AMBURADUL (all varian)

They never been stop spreading their knowledge…. and we also never let them alive forever. This is the article how to remove amburadul virus for all varian no need for antivirus program you can simply clean it using manual technique. The simple way to know if your computer infected by this virus is you will see JPEG files with aplication extension. Now let’s start to remove it! 1. Unplug your infected computer from your network to stop this virus spreading. 2. Disable “System Restore” when in cleaning process. 3. Kill the virus process using power tools “currprocess” kill all process… Read More »Remove virus AMBURADUL (all varian)

Remove Sandra Dewi Bugil Virus W32/Sadra.A

Sandra Dewi Bugil….? This is not p**n! this is an computer virus! ­čśŤ but surely this is a noob virus creator *again*

sandra_dewi

Virus characteristic:

  • Virus size 132kb
  • Virus file type “application”
  • Virus extension .exe
  • Using images icon

Sandra Dewi Bugil Virus has been created using visual basic, If virus success on infected your system he will created some files:

  • \Sandra Dewi Bugil.exe (In all root drive)
  • \Documents and Settings\%user%\Start Menu\Programs\Startup\Sandra Dewi Bugil.exe
  • \WINDOWS\Sandra Dewi Bugil.exe
  • \WINDOWS\system32\ Sandra Dewi Bugil.exe
  • Creating duplicate virus on all folder in removable drive/usb.

This virus will show message when your computer active, the easiest way to know is you’re system infected by this virus.

sandradewibugil-virus-1

This virus will blocking some windows function to make him hard to removed.

  • Disable Folder Options
  • Disable Registry Editor
  • Disable Search/Find
  • Disable Command Prompt
  • Disable Task Manager
  • Disable Control Panel
  • Disable Msconfig/System Configuration Utility
  • Disable Right Click on Desktop
  • Disable “All Programs” on Start Menu
  • Disable Log Off/Turn Off

Read More »Remove Sandra Dewi Bugil Virus W32/Sadra.A

RELATED SEARCH TERMS:

Remove MaHaDeWa VBS.Autorun.AM

Look… Another lame virus maker… this virus not dangerous at all but it surelly can make you a little anger when your computers slow down and some configuration changed. Mahadewa virus has been created using visual basic scripting (not visual basic) it can simple deactivated by easily rename/deleted wscript.exe in your system32 folders.

This lame virus maker really noob hehehe.. he’s created a BIG size virus, LOL! usually virus has small size to help them spreaded fast but this one really crazy he have a BIG size that make me laugh really hard today.

mahadewa-1

Wait! I think I know this virus creator here’s him!

fat-blogger

Hahaha… I just joking don’t take it seriously people…

How to know your computer infected by mahadewa virus:

1. Your internet explorer header changed.

mahadewa-2

2. Your internet explorer start page changed to “https://webkom”

3. Your computer name and organization changed.

Read More »Remove MaHaDeWa VBS.Autorun.AM

RELATED SEARCH TERMS:

8 Tools Kido/Conficker/Downadup Remover

Hi all sorry for not blogging for 3 weeks, I’m just back after busy middle test in my campus. This come to my attention after analyze “keyword” that bring people reaching my blog. Many of them looking for virus removal. After reading on people trends many of them are infected by Kido/Conficker/Downadup so… here’s the short review for 8 tools to remove this virus and 5 steps to make sure your system clean.

1. Kaspersky AVP Removal Tool

kaspersky-avp-removal-tool

Download Here

2. Norman Malware Cleaner

norman-malware-cleaner

Download Here

3. McAfee AVERT Stinger

mcafee-avert-stinger

Download Here

Read More »8 Tools Kido/Conficker/Downadup Remover

RELATED SEARCH TERMS:

Remove K0pL4xZ Virus VBWorm.QTT

“K0pL4xZ” Virus or VBWorm.QTT is computer virus that targeted on Microsoft Office files. This virus has been created using Visual Basic, Basically K0pL4xZ will change the icon and file type Microsoft Office.

To hiding K0pL4xZ will use Windows Media Player Classic icon, but if you always working carefully you will know this file type is .exe, OK let’s remove it.

Step to Remove K0pL4xZ Virus VBWorm.QTT

1. Disconnected your computer from network.

2. Turn off “System Restore” when in cleaning process.

3. Kill active virus process in your computer background using THIS 3rd tool.

4. Repair your registry using code below save it as repair.inf the right click on it choose install, or just download it HERE

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Classes\exefile,,,application
HKCU, Software\Microsoft\Internet Explorer\Main, start page,0, “about:blank”
HKCU, Software\Microsoft\Internet Explorer\Main, Search Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, “Organization”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, “Owner”
HKLM, SOFTWARE\Classes\txtfile, FriendlyTypeName,0, “@C:\Windows\system32\notepad.exe,-469″
HKLM, SOFTWARE\Classes\Word.Document.8,,,”Microsoft Word Document”
HKLM, SOFTWARE\Classes\Word.Document.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500 48383C9}\wordicon.exe,1″
HKLM, SOFTWARE\Classes\PowerPoint.Show.8,,, “Microsoft PowerPoint Presentation”
HKLM, SOFTWARE\Classes\PowerPoint.Show.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-015 0048383C9}\pptico.exe,1″
HKLM, SOFTWARE\Classes\Excel.Sheet.8,,,”Microsoft Excel Worksheet”
HKLM, SOFTWARE\Classes\Excel.Sheet.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500483 83C9}\xlicons.exe,1″
HKLM, SOFTWARE\Classes\Access.Application.11,,,”Microsoft Office Access Application”
HKLM, SOFTWARE\Classes\Access.Application.11\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01 50048383C9}\accicons.exe,1″
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt, 0x00010001,0
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden, 0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,WarningIfNotDefault,0,”@ shell32.dll,-28964″

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DIsablecmd
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableRegistryTools
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableTaskMgr
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, System
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, shell
HKCU, Software\Policies\Microsoft\Windows\System, DisableCMD
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, WarningIfNotDefault
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run, cintaku
HKLM, SOFTWARE\Classes\exefile, FriendlyTypeName

5. Deleted file %systemroot%\Windows\desktop.ini using DOS prompt.
Read More »Remove K0pL4xZ Virus VBWorm.QTT

RELATED SEARCH TERMS: