itu tandanya default aplikasi exe udah diambil alih Notepad. kekna kena pangeranblank.
solusinya udah pernah diposting Xaviero disini. di OPC juga udah diposting. OprekPC.com Forum Index -> Virus dan AntiVirus -> [SOLVED] File ExeRun.exe http://www.oprekpc.com/forum/viewtopic.php?t=7543 Thursday, January 25, 2007, 3:09:18 PM, Xaviero wrote: > caranya ga bakalan bisa dari safe-mode > sampe saat ini , cara ini yg ane pake cukup efektip... > 1. booting dengan xp-live (terserah mo pake minipe, > bartpe, ato apa deh) > 2. scan dengan NOD32 (di ane update sampe tgl 12 > desember 06 sudah mampu > babat nih virus) > 3. booting normal lagi ke windows xp nya > 4. baikin registrinya, copy paste dari source bawah > ini, buat nama > "terserah.inf" asal .inf yah...terus klik kanan di > file ini kalo dah > kelar, pilih install [Version] Signature="$Chicago$" Provider=xaviero [DefaultInstall] AddReg=UnhookRegKey DelReg=del [UnhookRegKey] HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1"" HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*" HKCU, Control Panel\Desktop, SCRNSAVE.EXE,0, HKLM, SOFTWARE\Classes\exefile,,,"Application" HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe" HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe" HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe" HKLM, SYSTEM\ControlSet003\Control\SafeBoot, AlternateShell,0, "cmd.exe" HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe" HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, "About:Blank" HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1 [del] HKCU, Software\Microsoft\Windows\CurrentVersion\Run,tboh.exe HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,iusbi HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableConfig HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableSR HKLM, SOFTWARE\Classes\exefile, NeverShowExt HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CClaw.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\freecell.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshearts.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nip.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nipsvc.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshearts.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Niu.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Njeeves.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvccf.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcoas.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcod.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcsched.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sol.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\URemovalCRC32.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winamp.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmine.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV32.exe > ok, selamat membersihkan virus -- cheers ;)) balthazor[at]oprekpc.com http://www.oprekpc.com/forum/login.php ||||||||||||||||||||||||original message|||||||||||||||||||||||||> Monday, March 5, 2007, 5:22:26 PM, "fachru_zanetti fachru_zanetti" <[EMAIL PROTECTED]> wrote: > setiap saya hendak membuka Registry Editor > dll selalu yang muncul ialah notepad berisi ribuan(mungkin lebih > banyak lagi) baris2 kode yang aneh sekali. Send instant messages to your online friends http://asia.messenger.yahoo.com
