Re: [balita-anda] OOT - kena virus MTX

Wed, 15 Nov 2000 02:48:15 -0800 

Saya juga kena virus MTX , agak susah memang ngapusnya , untung ada teman
yg bisa membantu sekarang sudah bersih. Saya jadi berpikir mungkin virusnya
tersebar lewat email by balita-anda egroups ??

Pak/ibu Admin apakah email yang masuk ke egroups Balita-anda sudah terbebas
dari virus ?? maksud saya automatic sudah di-scan and clean dari virus ??
---------------------- Forwarded by Teny Yudawati/bjsfer/BJSERVICES on
11/15/2000 06:22 PM ---------------------------


"Sumitronis Wijaya" <[EMAIL PROTECTED]> on 11/15/2000 01:30:42 PM

Please respond to [EMAIL PROTECTED]

To:   <[EMAIL PROTECTED]>
cc:
Subject:  Re: [balita-anda] OOT - kena virus MTX


Dear Mas Budi,

Coba pakai NAV dengan virus definition terbaru.
Sesudah Detect and clean, NAV akan memberitahu bahwa ada 3 file yang
tidak dapat direpair.

untuk merepair ketiga file tersebut silahkan baca pada attachment email
ini.

Salam,
Sumitro
Ps. Semoga dapat membantu anda and Good Luck!


Content-Transfer-Encoding: 7bit
Received: from ns2.medan.indo.net.id [202.159.112.196] by pansbs.co.id
[192.168.0.1] with POP (MDaemon.v2.7.SP4.R) for <[EMAIL PROTECTED]>;
Fri, 20 Oct 2000 08:15:40 +0700
Received: from fj.egroups.com (64.209.169.104)          by
medan.indo.net.id with MERCUR-SMTP/POP3/IMAP4-Server (v3.20.01 HS-0040000)
for <[EMAIL PROTECTED]>; Thu, 19 Oct 2000  20:41:28 +0700
X-eGroups-Return:
[EMAIL PROTECTED]
Received: from [10.1.10.36] by fj.egroups.com with NNFMP; 19 Oct 2000
13:36:54 -0000
X-Sender: [EMAIL PROTECTED]
X-Apparently-To: [EMAIL PROTECTED]
Received: (EGP: mail-6_1_0); 19 Oct 2000 13:36:50 -0000
Received: (qmail 14453 invoked from network); 19 Oct 2000 13:36:50 -0000
Received: from unknown (10.1.10.142) by m2.onelist.org with QMQP; 19 Oct
2000 13:36:50 -0000
Received: from unknown (HELO vanadium.mitra.net.id) (202.43.252.23) by mta3
with SMTP; 19 Oct 2000 13:36:35 -0000
Received: (qmail 25602 invoked by uid 0); 19 Oct 2000 13:36:10 -0000
Received: from port3-16.mitra.net.id (HELO power) (202.43.252.111) by
vanadium.mitra.net.id with SMTP; 19 Oct 2000 13:36:10 -0000
Message-ID: <01f801c039d1$48acb4c0$70fc2bca@power>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>, "Warung" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, "tips-internet" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, "stiebp" <[EMAIL PROTECTED]>,
"SenyumSimpul" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, "pasarkampus"
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, "jakbisnis" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
"Sekilas Info" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, "Super Iklan" <[EMAIL PROTECTED]>, "Pasang Iklan"
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, "ekampusku" <[EMAIL PROTECTED]>, "Putra
Djaja" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, "bursa" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, "bisnisDewi" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, "Pasar Bebas" <[EMAIL PROTECTED]>,
"Batam-Jobstreet" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.1
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
From: "Sources" <[EMAIL PROTECTED]>
MIME-Version: 1.0
Mailing-List: list [EMAIL PROTECTED]; contact
[EMAIL PROTECTED]
Delivered-To: mailing list [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
Date: Thu, 19 Oct 2000 20:32:48 +0700
Reply-To: [EMAIL PROTECTED]
Subject: [informasi-konsumen] CARA BERSIHKAN VIRUS !!!!
Content-Type: text/plain; charset=US-ASCII
X-MDaemon-Deliver-To: [EMAIL PROTECTED]

Rekan-rekan,

Ada cara untuk membersihkan harddisk anda yg terkena WIN95.MTX
secara tuntas tanpa harus kehilangan data atau install ulang.

How to repair :

This is a complex and difficult virus to remove. It alters system files and
on some systems these files cannot be repaired. In some cases, after
attempting to repair the virus, you will not be able to start Windows until
you restore the needed system files from the original Windows installation
CD. This document assumes that you are familiar with basic Windows and DOS
procedures. If you are not, we suggest that you obtain the services of a
qualified computer consultant.

CAUTION:
Windows 98 allows you to create a startup disk that contains both system
files and drivers that will work with most CD-ROMs. Windows 95 does not.
Before you start this procedure, it is strongly recommended that you create
or obtain a Windows 98 Startup disk. This can be used to boot a Windows 95
or a Windows 98 computer. If you do not create this disk first, and the
first part of the removal procedure does not work on your system, you may
not be able to restore some Windows files if this is needed.

NOTES:

Due to the nature of this virus, some files will not be repairable. The
unrepairable files will need to be restored from clean backup copies, or
from the original distribution disks.
To remove this threat you will need to carefully watch Norton AntiVirus
(NAV) during the detection process. The files infected by the virus portion
of W95.MTX should be detected as W95.MTX and W95.MTX (.dll). Any files that
are detected as being infected with either W95.MTX or W95.MTX (.dll) should
be able to be repaired.
Files that are part of the Trojan and worm part of the infection should be
detected as W95.MTX.dr. Any files detected as being infected with
W95.MTX.dr
must be removed.
It is important to make the distinction between the virus and the worm
components, because the virus part of W95.MTX can infect Windows system
files and if you delete system files you might damage Windows.
To repair the damage done by this virus, follow in turn the instructions in
each section.

Create or obtain a Startup disk
Before you begin the removal process, you must create or obtain a Windows
98
Startup disk. If you are running Windows 95, you may be able to obtain one
from a local computer store. To create one on a Windows 98 computer, follow
these steps:

Click Start, point to Settings, and then click Control Panel.
Double-click Add/Remove programs.
Click the Startup disk tab.
Place a new, formatted floppy disk in the floppy disk drive.
Click Create Disk and follow the prompts.
Ensure that you have the most recent virus definitions

You must have Norton AntiVirus installed, and you must have virus
definitions dated September 5, 2000 or later. If you do not, because this
virus blocks access to most antivirus vendors Web sites, including
Symantec's, you will not be able to run LiveUpdate or download the
definitions from the SARC Web site.

There are two ways to work around this:

If you have access to an uninfected computer, download the most recent
definitions from the SARC Web site, and then install the definition files
on
the infected computer. For instructions on how to do this, see the
following
documents:
Title: How to update virus definition files using the Virus Definition
Update Installer
Document ID: 1998082013035306
Title: How to update virus definitions on computers without Internet or
network connections.
Document ID: 199811293832
If you do not have access to a uninfected computer, you can download the
Virus Update Definition Installer from the Tucows Web site. Follow these
steps to do this:

Go to:

http://www.tucows.com
In the Search Software Library! box, type the following and then click GO!:

norton dat
Locate the entry--it should be the first in the list--for the Platform:
Windows 95/98 and then click Download Now.
Choose your region and state or locality and then click GO!
Click the download site nearest your location.
Download the file to a location on the hard drive such as the Windows
desktop.
When the download is finished, double click the file that you downloaded to
install it.
Restart the computer to a command prompt
You need to restart the computer to a command prompt. Follow the steps for
your operating system:

How to start Windows 95 to a command prompt:
Click Start and click Shut Down. The Shut Down Windows dialog box appears.
Click Restart, then click Yes. Windows will shut down and the computer will
restart.
When "Starting Windows 95..." appears on the screen, press F8. The Windows
95 Startup Menu appears.
Select "Command Prompt only" and press Enter.

How to start Windows 98 to a command prompt:
Click Start and click Shut Down. The Shut Down Windows dialog box appears.
Click Restart, then click OK. Windows will shut down and the computer will
restart.
As the computer restarts, press and hold down the Ctrl key until the
Windows
98 Startup Menu appears. Note: On some computers, a keyboard or other error
may appear during restart as you hold down the Ctrl key. If so, then follow
the prompts to press a key to continue (for example, the message may prompt
you to press the Esc key), then immediately press the Ctrl key again.
Select "Command Prompt only" and then press Enter.
Delete the infected files
Follow these steps to delete the infected files:

NOTE: These instructions assume that you have Windows installed to the
default of C:\. If you have Windows installed to a different location,
please make the appropriate substitutions.

Type each of the following commands and press Enter after each one:

cd \windows
attrib -r -s -h *.*
del ie_pack.exe
del win32.dll
del mtx_.exe

NOTE: If after entering any of these commands, you see a messages such as
"File not found," type the command again to make sure that it was typed
exactly as shown. For example, ie_pack.exe is "ie" then an underscore then
"pack.exe"

Type the following command and then press Enter after each one:

dir /s \navdx.exe

This will search the hard drive for the location of the Norton AntiVirus
DOS
scanner. If you have NAV installed to a different drive, changed to the
root
of that drive first.

Write down the location that follows "Directory of," for example,
C:\Progra~1\Norton~1.

Change to the directory whose location you wrote down in the previous step
by typing cd followed by the path. For example, to change to the default
location shown in step 3, type the following command and then press Enter:

cd \progra~1\norton~1

Type the following command and then press Enter:

navdx /a /doallfiles /repair /delete

This will scan all hard drives and files. NAV will attempt to repair any
infected files; if it cannot repair an infected file, the file will be
deleted.

CAUTION: This could take several hours or more on some computers. Do not
attempt to stop the scan once it has started.

When the scan is finished, go on to the next section.
Extract new copies of the Wsock32.dll, Explorer.exe, and Rundll32.exe files
This is necessary because these files have very likely been infected by the
virus and are critical for accessing the Internet and using the computer.
You need to use the Extract command at a DOS prompt to restore good copies
of these files from the Windows installation files.

There are two locations from which these files can be extracted:


The Windows installation files on your hard drive. On many newer computers,
the Cab files that contain the Windows installation files are stored on the
computer's hard drive. If you are sure that this is the case, see the
section How to extract files that are located on the hard drive.
The Microsoft Windows 95/98 Installation CD. If you do not have the Cab
files on the hard drive, see the section How to extract files that are
located on the installation CD.
How to extract files that are located on the hard drive

Type the following and then press Enter:

dir /s \precopy1.cab

This will search the hard drive for the location of the Cab files. If the
file is not found, it is likely that the Cab files are not on the hard
drive. Skip to the section How to extract files that are located on the
installation CD.

Write down the location that follows "Directory of," for example,
C:\Windows\Options\Cabs.

Change to the directory whose location you wrote down in the previous step
by typing cd followed by the path. For example, to change to the location
shown in step 2, type the following command and then press Enter:

cd \windows\options\cabs

What you do next depends on which operating system you are using:

NOTES:
If after entering any of these commands, you see a messages such as "File
not found," type the command again to make sure that it was typed exactly
as
shown.
If you see a message asking if you want to overwrite a file, (Yes/No/All)
type Y and then press Enter.
If you have Windows installed to a different location, please make the
appropriate substitutions.

If you are using Windows 98, type the following commands and press Enter
after each one:

extract /a precopy1.cab wsock32.dll /l c:\windows\system
extract /a win98_40.cab explorer.exe /l c:\windows
extract /a win98_40.cab rundll32.exe /l c:\windows

If you are using Windows 95, type the following commands and press Enter
after each one:

extract /a win95_10.cab wsock32.dll /l c:\windows\system
extract /a win95_10.cab explorer.exe /l c:\windows
extract /a win95_10.cab rundll32.exe /l c:\windows

If you experience no error messages, then you are finished with the
extraction process. Go on to the section Edit the registry.

How to extract files that are located on the installation CD

Insert the Windows 98 Startup disk in the floppy disk drive.
Insert the Windows 98 installation Cd in the CD-ROM drive.
Turn off the computer and wait thirty seconds.
Turn on the computer. The computer will start to a startup menu.
The default menu item is Start Computer with CD-ROM Support. Do not change
this, but instead press Enter.
Allow the computer to finish booting to a A: prompt. This could take a few
minutes.
The next step is to change to the CD-ROM drive. Because you are using the
Startup disk, the drive letter will be one letter greater than the drive
letter that usually represents the CD-ROM drive. For example, if the CD-ROM
drive is the D: drive in Windows, it will now be the E: drive.

Type the following, changing the drive letter as necessary, and then press
Enter:

E:\Win98 (If the installation disk is for Windows 98)

or

E:\Win95 (If the installation disk is for Windows 95)

If you see an error message, try retyping the command with a different
drive
letter, for example, F:\Win98.
What you do next depends on which operating system you are using:

NOTES:

If after entering any of these commands, you see a messages such as "File
not found," type the command again to make sure that it was typed exactly
as
shown.
If you see a message asking if you want to overwrite a file, (Yes/No/All)
type Y and then press Enter.
If you have Windows installed to a different location, please make the
appropriate substitutions.
If you are using Windows 98, type the following commands and press Enter
after each one:

extract /a precopy1.cab wsock32.dll /l c:\windows\system
extract /a win98_40.cab explorer.exe /l c:\windows
extract /a win98_40.cab rundll32.exe /l c:\windows

If you are using Windows 95, type the following commands and press Enter
after each one:

extract /a win95_10.cab wsock32.dll /l c:\windows\system
extract /a win95_10.cab explorer.exe /l c:\windows
extract /a win95_10.cab rundll32.exe /l c:\windows

If you experience no error messages, then you are finished with the
extraction process. Go on to the next section.

Edit the registry
Follow these steps to remove the entry that the virus added to the
registry:

CAUTION: We strongly recommend that you back up the system registry before
making any changes to it. Incorrect changes to the registry may result in
permanent data loss or corrupted files. Please make sure that you modify
only the keys specified. Please see the document How to back up the Windows
95/98/NT registry before proceeding. This document is available from the
Symantec Fax-on-Demand system. In the U.S. and Canada, call (541) 984-2490,
select option 2, and then request document 927002.

Remove the floppy disk from the floppy disk drive.
If you extracted the files from the Installation CD, remove the CD from the
CD-ROM drive.
Turn off the computer and wait thirty seconds.
Turn on the computer and allow Windows to start.

NOTE: It is normal at this point for error messages to appear. They will
refer to the virus files with messages such as "Windows cannot find..."
Ignore these messages. They are the result of the remaining entries in the
Windows registry that you will remove next. They do not indicate that the
computer is still infected.
Click Start, and then click Run. The Run dialog box appears.
Type regedit and then click OK. The Registry Editor opens.
Navigate to and select the following subkey:

HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run
Delete the following value in the right pane:

SystemBackup C:\WINDOWS\MTX_.EXE
Click Yes to confirm.
Delete the following subkey:

HKey_Local_Machine\Software\[Matrix]
Click Yes to confirm.
In the left pane, click the My Computer key.
Click Edit and then click Find.
In the Find what box, type mtx and then click Find Next.
What you do will depend on whether any entries are found.
If no entries are found that contain the string mtx, go on to the next
step.

If any entries are found, and they refer to MTX_.EXE, you should delete the
entry. Because this is a string search, it could find entries for
legitimate
programs that happen to contain this string. Make sure that the references
is to MTX_.EXE before you delete it. To continue the search if an entry is
found, press F3. Keep doing this until no more entries are found.
Repeat step 11, but this time search for [MATRIX]. Delete any entries that
are found.
Click the Registry menu, and then click Exit to save the changes and close
the Registry Editor.
Restart the computer.



PlusMinus



























.

CALL WITH LOWEST RATE - Please visit ADSENGER site.




[Non-text portions of this message have been removed]


-------------------------- eGroups Sponsor -------------------------~-~>
eGroups eLerts
It's Easy. It's Fun. Best of All, it's Free!
http://click.egroups.com/1/9698/10/_/_/_/971962611/
---------------------------------------------------------------------_->

To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]




>>>> 2.5 Mbps InternetShop >> InternetZone << Margonda Raya 340 <<<<
>> Kirim bunga ke-20 kota di Indonesia? Klik, http://www.indokado.com
>> Info balita, http://www.balita-anda.indoglobal.com
Etika berinternet, email ke: [EMAIL PROTECTED]
Stop berlangganan, e-mail ke: [EMAIL PROTECTED]




















>>>> 2.5 Mbps InternetShop >> InternetZone << Margonda Raya 340 <<<<
>> Kirim bunga ke-20 kota di Indonesia? Klik, http://www.indokado.com
>> Info balita, http://www.balita-anda.indoglobal.com
Etika berinternet, email ke: [EMAIL PROTECTED]
Stop berlangganan, e-mail ke: [EMAIL PROTECTED]

Kirim email ke