Setelah kemarin berkelut dengan virus serverx.exe, sekarang ganti kerkelut dengan virus anie.ani, Alhamdulillah semua dapat teratasi dengan baik, tools yang saya gunakan tetep pakai hirren boot usb, dan antivirus smadav terbaru. setelah boothing lewat usb dan saya pilih mini windows, baik xp maupun win 7, dari situ saja jalankan smadav dan di scan alhamdulillah dapat banyak tangkapannya. untuk virus serverx.exe saya merename file serverx.exe di system32 dengan serverx123.txt kemudian saya buat file text dan saya kasih extensien serverx.exe terus saya masukkan ke system32 dan juga 1 file lagi lupa mungkin tulisan dari
dibawah ini yang sangat membantu.
1 ;buka smadav ( smadav berapa ) ---toll----system editor--pilih select all---apply and restat explore---
2 ;buat file baru di desktop dengan cara ,klk kanan (pada desktop ) ----new---tekt document-
rename text document itu dengan (serverx.exe) dan buat satu lagi kaih nama ( runouce.exe ) trus klik kanan
buka smadav ( smadav berapa ) ---toll----system editor--pilih select all---apply and restat explore---
masih di smadav sekarang masuk ke toll----proses manager----trus lu lihatin di daftar proses manager cari
3.;kalu udah ketemu asal virusnya.( biasanya di Windows system 32) rename virus itu dengan nama apa aja
tanpa extensi.exe dan cari juga runouce.exe sama direname juga.
4 ;drag file yang sudah kamu bikin dilangkah 2 ke folder asal virus tadi.
6 ;ulangi langkah 3 untuk memastikan masih ada apa enggaknya virus itu scan dengan smadav untuk
membersihkan registry nya.
sedangkan untuk virus anie.ani bisa diselesaikan dengan smadav juga, dan pathing regestry dengan tulisan seperti dibawah ini. dikutip dari
Dim
oWSH:
Set oWSH =
CreateObject("WScript.Shell")
on
error
resume Next
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command\","""%1""
%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command\","""%1""
%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\","""%1""
%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command\","""%1""
%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\regfile\shell\open\command\","regedit.exe
%1"
oWSH.Regwrite
"HKEY_CLASSES_ROOT\regfile\shell\open\command\","regedit.exe
%1"
oWSH.Regwrite
"HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open
With\","{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell","Explorer.exe"
oWSH.Regwrite
"HKEY_LOCAL_MACHINESoftware\Microsoft\Windows
NT\CurrentVersion\Winlogon\Userinit",
"Userinit.exe,"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command\","C:\windows\System32\rundll32.exe
setupapi,InstallHinfSection
DefaultInstall
132 %1"
oWSH.Regwrite
"HKEY_CLASSES_ROOT\inffile\shell\Install\command\","C:\windows\System32\rundll32.exe
setupapi,InstallHinfSection
DefaultInstall
132 %1"
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image
File Execution
Options\Autoruns.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image
File Execution
Options\procexp.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image
File Execution
Options\reg.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image
File Execution
Options\regAlyzer.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image
File Execution
Options\taskkill.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image
File Execution
Options\rstrui.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image
File Execution
Options\attrib.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
NT\SystemRestore\DisableConfig")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
NT\SystemRestore\DisableSR")
oWSH.Regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",1,
"REG_DWORD"
oWSH.Regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,
"REG_DWORD"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\UncheckedValue",1,"REG_DWORD"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\UncheckedValue",0,"REG_DWORD"
jalankan. selesai deh virus hilang uang datang :D