منتدى الفيروسات
هل تريد التفاعل مع هذه المساهمة؟ كل ما عليك هو إنشاء حساب جديد ببضع خطوات أو تسجيل الدخول للمتابعة.

و أخيرا,حصريا كيفية القضاء على فيروس autorun.inf مع الشرح

اذهب الى الأسفل

و أخيرا,حصريا كيفية القضاء على فيروس autorun.inf مع الشرح Empty و أخيرا,حصريا كيفية القضاء على فيروس autorun.inf مع الشرح

مُساهمة  قاسم الوكاع الإثنين مارس 30, 2009 3:11 pm

أحدث فيروس autorun.inf أرهق الكثيرين
و اليوم أقدم لكم الحل دون الحاجة إلى format
الشرح بالإنجليزية و لقد قمت بتعريبه في ملف power point و يمكنكم تحميله


Restarting in Safe Mode

This malware has characteristics that require the computer to be restarted in safe mode (press F8 when the computer is running) .


Removing Autostart Entry from the Registry


This solution deletes a registry entry added by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs. Refer to this Microsoft article for more information about modifying your computer's registry.

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
kava = "%System%\kavo.exe"
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)
Restoring Other Registry Entries

Still in Registry Editor, in the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVerson>Explorer>Advanced
In the right panel, locate the entry:
Hidden = "2"
Right-click on the value name and choose Modify. Change the value data of this entry to:
0
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVerson>Explorer>Advanced
In the right panel, locate the entry:
ShowSuperHidden = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVerson>Explorer>Advanced
In the right panel, locate the entry:
SuperHidden = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>
CurrentVersion>Explorer>Advanced>Folder>Hidden>SHO WALL
In the right panel, locate the entry:
CheckedValue = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVersion>Policies>Explorer
In the right panel, locate the entry:
NoDriveTypeAutoRun = "91"
Right-click on the value name and choose Modify. Change the value data of this entry to:
95

Removing Other Malware Entries from the Registry


Still in Registry Editor, in the left panel, double-click the following:
HKEY_CLASSES_ROOT>AutoRun>2>Shell>AutoRun>command
In the right panel, locate and delete the entry:
(Default) = "C:\ntdelect.com"
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>AutoRun>2>Shell>explore>Command
In the right panel, locate and delete the entry:
(Default) = "C:\ntdelect.com"
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>AutoRun>2>Shell>open>Command
In the right panel, locate and delete the entry:
(Default) = "C:\ntdelect.com"
Close Registry Editor.

Deleting Malware-created AUTORUN.INF/s


Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the Named input box, type:
AUTORUN.INF
In the Look In drop-down list, select a drive, then press Enter.
Select the file, then open using Notepad.
Check if the following lines are present in the file:
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
If the lines are present, delete the file.
Repeat steps 3 to 6 for AUTORUN.INF files in the remaining removable drives.
Close Search Results.

Running Trend Micro Antivirus


If you are currently running in safe mode, please restart your computer normally before performing the following solution.

Scan your computer with Trend Micro antivirus and delete files detected as WORM_ONLINEG.JRC

قاسم الوكاع

عدد المساهمات : 79
نقاط : 23021
تاريخ التسجيل : 28/03/2009

الرجوع الى أعلى الصفحة اذهب الى الأسفل

الرجوع الى أعلى الصفحة

- مواضيع مماثلة

 
صلاحيات هذا المنتدى:
لاتستطيع الرد على المواضيع في هذا المنتدى