Re: [ITCENTER] NEED HELP .... URGENT...KENA VIRUS...
maap, kalo boleh saya memperkenalkan diri, anggota baru di IT centre dan masih noebi di bidang IT, saya mengupload removal untuk newbrontok, mudah2an membantu. kalau ternyata salah atau temen2 sudah punya mohon di maafkan, saya masih ada beberapa virus removal untuk local yang lain, bila temen2 membutuhkan. mohon pencerahan juga untuk yang senior kalo ada info tec terbaru di bidang IT trims. --- Trimartono Agung Siswantoro - [EMAIL PROTECTED] wrote: mybro terbaru (release bulan agustus) atau virus MoonLight (removelnya bisa dibrowsing aja). Pake SAV corporate, avg juga bisa, dengan update terbaru. Jangan lupa untuk mengembalikan regedit and msconfig di kondisi semula copy ke notepad trus di safe dengan nama repair.inf [Version] Signature=$Chicago$ Provider=Vaksincom [DefaultInstall] AddReg=UnhookRegKey DelReg=del [UnhookRegKey] HKLM, Software\CLASSES\batfile\shell\open\command,,,%1 %* HKLM, Software\CLASSES\comfile\shell\open\command,,,%1 %* HKLM, Software\CLASSES\exefile\shell\open\command,,,%1 %* HKLM, Software\CLASSES\piffile\shell\open\command,,,%1 %* HKLM, Software\CLASSES\regfile\shell\open\command,,,regedit.exe %1 HKLM, Software\CLASSES\scrfile\shell\open\command,,,%1 %* HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, Explorer.exe HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, cmd.exe HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, cmd.exe [del] HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoControlPanel HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp HKCU, Software\Microsoft\Windows\CurrentVersion\Run,MooNlight HKCU, Software\Microsoft\Windows\CurrentVersion\Run,payLoad HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ObjectDock HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe Semoga membantu *salut buat yang bikin virus ini (nyusahin, dan bisa running di safe mode) usaha kerasnya berhasil membuat banyak orang bermasalah* Semoga bisa berubah ke jalan yang lebih baik . Dear all\ Mohon bantuannya, PC saya kena Virus; Nama: [tidakdiketahui] CIri-ciri: membuat nama folder jadi .scr ada file: c:\winnt\EmangEloh.exe (tidak bisa didelete) ada file: c:\winnt\SA-421844.EXE (Tidak bisa didelete) REGEDT32.exe - tidak bisa jalan, malah terbuka menggunakan notepad. l0nG L!F3 f0r 0p3N SoUrC3 Bst rgrds, n03b!Ny4 IT =HN= ^_^ A99CompScie __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com [Non-text portions of this message have been removed] -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] :: Hapus bagian yang tidak perlu (footer, dst) saat reply! :: ## Jobs: itcenter.or.id/jobs ## Bursa: itcenter.or.id/bursa ## $$ Iklan/promosi : www.itcenter.or.id/sponsorship $$ [@@] Jaket ITCENTER tersedia di http://shop.itcenter.or.id Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[ITCENTER] NEED HELP .... URGENT...KENA VIRUS...
Dear all\ Mohon bantuannya, PC saya kena Virus; Nama: [tidakdiketahui] Program Antivirus yg digunakan untuk mendeteksi: TrendMicro PCMAV, kedua-nya tidak bisa mendeteksi nama virus CIri-ciri: membuat nama folder jadi .scr ada file: c:\winnt\EmangEloh.exe (tidak bisa didelete) ada file: c:\winnt\SA-421844.EXE (Tidak bisa didelete) REGEDT32.exe - tidak bisa jalan, malah terbuka menggunakan notepad. bila di remote dari PC lain, menggunakan Regedt32, file SA-421844.EXE dihapus, maka otomatis akan muncul lagi barangkali ada yang pernah bisa ngebunuh di Virus... pls bagi2 ilmunya. thank's harry __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] :: Hapus bagian yang tidak perlu (footer, dst) saat reply! :: ## Jobs: itcenter.or.id/jobs ## Bursa: itcenter.or.id/bursa ## $$ Iklan/promosi : www.itcenter.or.id/sponsorship $$ [@@] Jaket ITCENTER tersedia di http://shop.itcenter.or.id Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [ITCENTER] NEED HELP .... URGENT...KENA VIRUS...
mybro terbaru (release bulan agustus) atau virus MoonLight (removelnya bisa dibrowsing aja). Pake SAV corporate, avg juga bisa, dengan update terbaru. Jangan lupa untuk mengembalikan regedit and msconfig di kondisi semula copy ke notepad trus di safe dengan nama repair.inf [Version] Signature=$Chicago$ Provider=Vaksincom [DefaultInstall] AddReg=UnhookRegKey DelReg=del [UnhookRegKey] HKLM, Software\CLASSES\batfile\shell\open\command,,,%1 %* HKLM, Software\CLASSES\comfile\shell\open\command,,,%1 %* HKLM, Software\CLASSES\exefile\shell\open\command,,,%1 %* HKLM, Software\CLASSES\piffile\shell\open\command,,,%1 %* HKLM, Software\CLASSES\regfile\shell\open\command,,,regedit.exe %1 HKLM, Software\CLASSES\scrfile\shell\open\command,,,%1 %* HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, Explorer.exe HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, cmd.exe HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, cmd.exe [del] HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoControlPanel HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp HKCU, Software\Microsoft\Windows\CurrentVersion\Run,MooNlight HKCU, Software\Microsoft\Windows\CurrentVersion\Run,payLoad HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ObjectDock HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe Semoga membantu *salut buat yang bikin virus ini (nyusahin, dan bisa running di safe mode) usaha kerasnya berhasil membuat banyak orang bermasalah* Semoga bisa berubah ke jalan yang lebih baik . Dear all\ Mohon bantuannya, PC saya kena Virus; Nama: [tidakdiketahui] CIri-ciri: membuat nama folder jadi .scr ada file: c:\winnt\EmangEloh.exe (tidak bisa didelete) ada file: c:\winnt\SA-421844.EXE (Tidak bisa didelete) REGEDT32.exe - tidak bisa jalan, malah terbuka menggunakan notepad. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] :: Hapus bagian yang tidak perlu (footer, dst) saat reply! :: ## Jobs: itcenter.or.id/jobs ## Bursa: itcenter.or.id/bursa ## $$ Iklan/promosi : www.itcenter.or.id/sponsorship $$ [@@] Jaket ITCENTER tersedia di http://shop.itcenter.or.id Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
