Well actually a little upset with this virus. How not, this virus works very silent and have a very harmful effect. Malicious programs categorized as this Trojan is very unique, because it can paralyze some windows system periodically and replace functions.
A little analysis of this virus.
This virus uses a similar name with a pdf reader program. Only slightly modified, which should reader_sl be reader_s. The virus is a master file in a directory system. There are antiviral bebrapa categorize analysis of this virus as a new variant virus virut. Analysis virut virus reader_s as can be seen here.
1. C: \ Documents and Settings \% username% \
2. c: \ windows \ system32 \
3. C: \ Documents and Settings \% username% \ Local Settings \ Temp \
Removal process it for you can do this under way.
Previous hijacthis download tools that can be downloaded here. Run Hijacthis, then it will display the log. See the string listed in the log, if there are strings can be ascertained reader_s.exe already infected your computer.
Download some tools-these tools.
1. sdb.exe
2. vcleaner.exe
3. rmvirut removal tools
4. process explorer
should download the tools on another computer clean and have the updated antivirus, and then save it in a flash disk or other removable media that are not infected with the virus, too. Forgot Jangn rename all *. exe programs to *. cmd. sdb.cmd example.
1. Turn off your Sytem restore, and then disconnect the Internet connection.
2. Now run Process Explorer, then locate reader_s.exe process.
3. Run rmvirut, try rmvirut.cmd and rmvirut.nt in a folder by flasdishk. Let the prosess running, if you have questions select "ok". Then the computer will automatically restart. not in his pull flsdisk y!
4. Prosess right click, then select kill process tree.
5. Run sdb.cmd, install. then do fullscan.
6. Last Run vcleaner.cmd vcleaner
To be sure you are still terinfect or not, run hijacthis back. do scan, check whether there reader_s string again. If there's still live in the fix it just use hijacthis.
Please note!! Above Prosess better done in safe mode, and better use storage media Toos clean removal, and merename tools-tools with the extension *. exe into *. cmd. You better disable the previously installed antivirus.
Download tools, these tools on another computer, this is done to removal tools are not infected before starting his task.
Tidak ada komentar:
Posting Komentar