fyi. U/ pertanyaan seputar virus Funny ... Sorry, attachment... > -----Original Message----- > From: Dian Agung Nugroho > Warga RisTI ysh, > > Cara manual dan cara penggunaan toolnya bisa dibaca di > attachment yang saya kirimkan berikut. Demikian pula > referensi (page) aslinya saya sertakan dalam file-file html > yang saya kirimkan. > >
What follows are manual removal instructions. In most cases we recommend that you download and run the previously mentioned removal tool. If you are not able to do so at this time, or if you prefer to use the manual removal procedure, please follow, in turn, the instructions in each section. NOTE: Due to the large number of modifications made to the system by the worm, the procedure described in this document is complex and assumes that you are familiar with basic Windows and DOS procedures. If you are not, then we suggest that you obtain the services of a computer consultant. Find and delete files Please follow these steps to locate and remove some of the files that were added by the worm: 1. Click Start, point to Find, and then click Files or Folders. 2. Make sure that Look In is pointing to C:, or All Drives if you have more than one. 3. In the Named box, type *.shs and then click Find Now. 4. In the Results pane, select any .txt.shs files and then press Delete. Click Yes to confirm. 5. Click New Search. 6. In the Named box, type scanreg.vbs vbaset.olb msinfo16.tlb and then click Find Now. 7. In the Results pane, select the files that are found--they should be in the \Windows\System folder--and press then Delete. Click Yes to confirm. Restore the Registry Editor The worm moves the Registry Editor to the Recycle Bin and renames it. Please follow these steps to restore it: NOTES: When typing the fourth entry, if you have Windows installed to a location other that C:\Windows. Please make the appropriate substitution when typing the path. If you are using Windows NT, the default path is C:\Winnt. If you see the message "File not found," reenter the command to make sure that it was entered correctly. If you still receive the message, go on to the next command. If you are prompted to overwrite files, first make sure that you have typed the command correctly and then press Y. 1. Click Start, point to Programs, and then click MS-DOS Prompt. 2. Type each of the following commands and press Enter after each one: cd\ cd recycled attrib -h -s -r *.* copy recycled.vxd c:\windows\regedit.exe del recycled.vxd del msrcycld.dat del rcycldbn.dat del dbindex.vbs exit Edit the Registry Follow these steps to undo the changes made to the Windows Registry by the worm: WARNING: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. Please see the document, How to Back Up the Windows 95/98/NT Registry, before proceeding. 1. Click Start, and click Run. The Run dialog box appears. 2. Type regedit and then click OK. The Registry Editor opens. 3. Navigate to the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices 4. In the right pane, locate and select the Scanreg value. Press Delete, and then click Yes to confirm. 5. Navigate to the following key: HKEY_USERS\.Default\Software\Mirabilis\ICQ\Agent\Apps\ICQ 6. In the right pane, locate and delete the following values: Enable Parameters Path StartUp 7. Navigate to and select the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\OSName NOTE: This may not exist on all computers. 8. If it exists, press Delete, and then click Yes to confirm. 9. Navigate to the following key: HKEY_LOCAL_MACHINE\Software\Classes\regfile\shell\open\command 10. In the right pane, double-click Default. 11. In the Value data box, delete the current text and then type: regedit.exe 12. Click OK. 13. Navigate to the following key: HKEY_LOCAL_MACHINE\Software\Classes\regfile\DefaultIcon 14. In the right pane, double-click Default. 15. In the Value data box, delete the current text and then type: regedit.exe 16. Click OK. 17. Navigate to the following key: HKEY_CLASSES_ROOT\regfile\DefaultIcon 18. In the right pane, double-click Default. 19. In the Value data box, delete the current text and then type: regedit.exe NOTE: If you have Windows installed to a location other than C:\Windows. please make the appropriate substitution when typing the path. 20. Click OK. 21. Navigate to the following key: HKEY_CLASSES_ROOT\regfile\shell\open\command 22. In the right pane, double-click Default. 23. In the Value data box, delete the current text, and then type: regedit.exe NOTE: If you have Windows installed to a location other than C:\Windows then please make the appropriate substitution when typing the path. 24. Click OK. 25. Exit the registry Editor.
BE SURE TO SAVE IT TO YOUR DESKTOP! File: fixlife.exe To run automatically, click Start, Run. Then type the following in the Run dialogue box: C:\Windows\Desktop\fixlife.exe Click Enter. Using the Windows desktop directory is only a suggestion that may help novice users know where to store this tool. The Windows desktop directory may not be c:\windows\desktop on all systems. Other valid paths may be used if desired. Note: When this tool is launched a dialog will appear that instructs the user to start the repair. When it is finished it will indicate whether or not the computer was infected. If the user wants the tool to run without displaying the dialog the user should supply the '/auto' command line switch in the following manner: C:\Windows\Desktop\fixlife.exe /auto This tool performs the same actions as listed in the Manual Removal Instructions below. Fixlife.exe is digitally signed. Symantec recommends only using copies of fixlife.exe that have been downloaded directly from this site. The following tool is available to verify the digital signature of fixlife.exe: chktrust.exe To verify the digital signature of fixlife.exe using chktrust.exe: Download chktrust into the same directory where fixlife.exe is located. Launch the MS-DOS prompt via the Start/Programs/MS DOS prompt menu. Change to the directory where fixlife.exe and chktrust.exe are stored. If the files were saved to the desktop folder the command to enter in the MS DOS prompt is: cd \windows\desktop. Type the following command to check the digital signature of fixlife.exe: chktrust -i fixlife.exe If the digital signature is valid you will see a dialog asking the following question: Do you want to install and run "Fix Life Utility" signed on 6/19/2000 9:06 PM and distributed by Symantec Corporation. The date and time that are displayed in this dialog will be adjusted to your timezone if your computer is not set to the Pacific time zone. For example, if you live in the Eastern time zone the date and time you will see will be 6/20/2000 12:06 AM. If this dialog does not appear or the date and time are not properly adjusted for your timezone do not use your copy of fixlife.exe. It is not from Symantec. If this dialog appears and the text is correct for your timezone this copy of fixlife.exe is from Symantec. Click the "Yes" button to dismiss the chktrust dialog. Type exit and then press the enter key. This will terminate the MS DOS session.
> segera :: proyek 2502 - http://www.hackerlink.or.id --------------------------------------------------------------------- untuk berhenti kirim email ke [EMAIL PROTECTED] untuk menghubungi admin email ke [EMAIL PROTECTED]
