الرئيسية
البوابة
أحدث الصور
التسجيل
دخولو أخيرا,حصريا كيفية القضاء على فيروس autorun.inf مع الشرح
صفحة 1 من اصل 1
و أخيرا,حصريا كيفية القضاء على فيروس autorun.inf مع الشرح
قاسم الوكاع الإثنين مارس 30, 2009 3:11 pm
أحدث فيروس autorun.inf أرهق الكثيرين
و اليوم أقدم لكم الحل دون الحاجة إلى format
الشرح بالإنجليزية و لقد قمت بتعريبه في ملف power point و يمكنكم تحميله
Restarting in Safe Mode
This malware has characteristics that require the computer to be restarted in safe mode (press F8 when the computer is running) .
Removing Autostart Entry from the Registry
This solution deletes a registry entry added by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs. Refer to this Microsoft article for more information about modifying your computer's registry.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
kava = "%System%\kavo.exe"
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)
Restoring Other Registry Entries
Still in Registry Editor, in the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVerson>Explorer>Advanced
In the right panel, locate the entry:
Hidden = "2"
Right-click on the value name and choose Modify. Change the value data of this entry to:
0
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVerson>Explorer>Advanced
In the right panel, locate the entry:
ShowSuperHidden = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVerson>Explorer>Advanced
In the right panel, locate the entry:
SuperHidden = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>
CurrentVersion>Explorer>Advanced>Folder>Hidden>SHO WALL
In the right panel, locate the entry:
CheckedValue = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVersion>Policies>Explorer
In the right panel, locate the entry:
NoDriveTypeAutoRun = "91"
Right-click on the value name and choose Modify. Change the value data of this entry to:
95
Removing Other Malware Entries from the Registry
Still in Registry Editor, in the left panel, double-click the following:
HKEY_CLASSES_ROOT>AutoRun>2>Shell>AutoRun>command
In the right panel, locate and delete the entry:
(Default) = "C:\ntdelect.com"
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>AutoRun>2>Shell>explore>Command
In the right panel, locate and delete the entry:
(Default) = "C:\ntdelect.com"
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>AutoRun>2>Shell>open>Command
In the right panel, locate and delete the entry:
(Default) = "C:\ntdelect.com"
Close Registry Editor.
Deleting Malware-created AUTORUN.INF/s
Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the Named input box, type:
AUTORUN.INF
In the Look In drop-down list, select a drive, then press Enter.
Select the file, then open using Notepad.
Check if the following lines are present in the file:
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
If the lines are present, delete the file.
Repeat steps 3 to 6 for AUTORUN.INF files in the remaining removable drives.
Close Search Results.
Running Trend Micro Antivirus
If you are currently running in safe mode, please restart your computer normally before performing the following solution.
Scan your computer with Trend Micro antivirus and delete files detected as WORM_ONLINEG.JRC
و اليوم أقدم لكم الحل دون الحاجة إلى format
الشرح بالإنجليزية و لقد قمت بتعريبه في ملف power point و يمكنكم تحميله
Restarting in Safe Mode
This malware has characteristics that require the computer to be restarted in safe mode (press F8 when the computer is running) .
Removing Autostart Entry from the Registry
This solution deletes a registry entry added by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs. Refer to this Microsoft article for more information about modifying your computer's registry.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
kava = "%System%\kavo.exe"
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)
Restoring Other Registry Entries
Still in Registry Editor, in the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVerson>Explorer>Advanced
In the right panel, locate the entry:
Hidden = "2"
Right-click on the value name and choose Modify. Change the value data of this entry to:
0
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVerson>Explorer>Advanced
In the right panel, locate the entry:
ShowSuperHidden = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVerson>Explorer>Advanced
In the right panel, locate the entry:
SuperHidden = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>
CurrentVersion>Explorer>Advanced>Folder>Hidden>SHO WALL
In the right panel, locate the entry:
CheckedValue = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVersion>Policies>Explorer
In the right panel, locate the entry:
NoDriveTypeAutoRun = "91"
Right-click on the value name and choose Modify. Change the value data of this entry to:
95
Removing Other Malware Entries from the Registry
Still in Registry Editor, in the left panel, double-click the following:
HKEY_CLASSES_ROOT>AutoRun>2>Shell>AutoRun>command
In the right panel, locate and delete the entry:
(Default) = "C:\ntdelect.com"
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>AutoRun>2>Shell>explore>Command
In the right panel, locate and delete the entry:
(Default) = "C:\ntdelect.com"
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>AutoRun>2>Shell>open>Command
In the right panel, locate and delete the entry:
(Default) = "C:\ntdelect.com"
Close Registry Editor.
Deleting Malware-created AUTORUN.INF/s
Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the Named input box, type:
AUTORUN.INF
In the Look In drop-down list, select a drive, then press Enter.
Select the file, then open using Notepad.
Check if the following lines are present in the file:
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
If the lines are present, delete the file.
Repeat steps 3 to 6 for AUTORUN.INF files in the remaining removable drives.
Close Search Results.
Running Trend Micro Antivirus
If you are currently running in safe mode, please restart your computer normally before performing the following solution.
Scan your computer with Trend Micro antivirus and delete files detected as WORM_ONLINEG.JRC
قاسم الوكاع- عدد المساهمات : 79
نقاط : 23113
تاريخ التسجيل : 28/03/2009
مواضيع مماثلة» كيفية القضاء على فيروس Ssvichosst ...المزعج...نسايم
» كيفية القضاء على فيروسات الـ exe
» كيفية القضاء على فيروسات الـ exe
» كيفية القضاء على أخطر فيروسات العالم
» كيفية القضاء على الفيروسات و التروجانات و حتى ملفات الخبيثة
» كيفية القضاء على فيروسات الـ exe
» كيفية القضاء على فيروسات الـ exe
» كيفية القضاء على أخطر فيروسات العالم
» كيفية القضاء على الفيروسات و التروجانات و حتى ملفات الخبيثة
صفحة 1 من اصل 1
صلاحيات هذا المنتدى:
لاتستطيع الرد على المواضيع في هذا المنتدى