Aug 8, 2010

Overcoming Virus Mc ~. VBE

Overcoming Virus Mc ~. VBE

Tools required:
1. the killer machine
2. hijackthis
3. sysexplore
4. fix.reg /ansav
5.flash disinfector

step :


1. run hijackthis  and  will appear like this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:32 AM, on 9/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual Machine Additions\vmusrvc.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virtual Machine Additions\vmsrvc.exe
C:\Program Files\Virtual Machine Additions\vpcmap.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\System32\WScript.exe
C:\Documents and Settings\niezha\Desktop\Anti Virus\Killer Machine 4\Mesin Pembunuh_gunakanlah software oroginal ato free software hhe pesan ini dipersembahkan oleh cowok paling ganteng se-tangerang bersemangat-jadi diri sendiri dan sll optimis.exe
C:\Documents and Settings\niezha\Desktop\Anti Virus\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:Blank
O4 - HKLM\..\Run: [VMUserServices] C:\Program Files\Virtual Machine Additions\vmusrvc.exe
O4 - HKLM\..\Run: [vr64] C:\WINDOWS\system32\prnjobt.vbe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


2.  copy the blue color C:\WINDOWS\system32\prnjobt.vbe(Right click copy)
3. run killer machine and choice virus removal >browse from disk>copy paste yg C:\WINDOWS\system32\prnjobt.vbe
4. run aansav>plugin>registry Fx>Check all>restart explorer
5.run process explorer / taskmanager
6. open explorer kill wscript.exe
7. look for autorun.inf and Mc~.vbe control+click  delet this file
8. run flash disinfector and waiting to finish
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)