virus Computer

How to remove a Trojan, Virus, Worm, or other Malware

Diposting oleh black-white di 03.42

f you use a computer, read the newspaper, or watch the news, you will know about computer viruses or other malware. These are those malicious programs that once they infect your machine will start causing havoc on your computer. What many people do not know is that there are many different types of infections that are categorized in the general category of Malware.

Malware - Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms, Trojan horses, spyware, hijackers, and certain type of adware.

This article will focus on those malware that are considered viruses, trojans, worms, and viruses, though this information can be used to remove the other types of malware as well. We will not go into specific details about any one particular infection, but rather provide a broad overview of how these infections can be removed. For the most part these instructions should allow you to remove a good deal of infections, but there are some that need special steps to be removed and these won't be covered under this tutorial.
Before we continue it is important to understand the generic malware terms that you will be reading about.

Adware - A program that generates pop-ups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware.
Backdoor - A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.
Dialler - A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.
Hijackers - A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker's own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.
Spyware - A program that monitors your activity or information on your computer and sends that information to a remote computer without your knowledge.
Trojan - A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity or to provide a backdoor to your system.
Virus - A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself. These types of infections tend to be localized to your computer and not have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses trojans, worms, and viruses.
Worm - A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or by using the Internet to infect a remote computer using known security holes.

How these infections start
Just like any program, in order for the program to work, it must be started. Malware programs are no different in this respect and must be started in some fashion in order to do what they were designed to do. For the most part these infections run by creating a configuration entry in the Windows Registry in order to make these programs start when your computer starts.
Unfortunately, though, in the Windows operating system

there are many different ways to make a program start which can make it difficult for the average computer user to find manually. Luckily for us, though, there are programs that allow us to cut through this confusion and see the various programs that are automatically starting when windows boots. The program we recommend for this, because its free and detailed, is Autoruns from Sysinternals.

When you run this program it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or know you do not need them to run at startup.
At this point, you should download Autoruns and try it out. Just run the Autoruns.exe and look at all the programs that start automatically. Don't uncheck or delete anything at this point. Just examine the information to see an overview of the amount of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section.

Use an anti-virus and anti-malware program to remove the infections
Make sure you are using an anti-virus program and that the anti-virus program is updated to use the latest definitions. If you do not currently have an anti-virus installed, you can select one from the following list and use it to scan and clean your computer. The list below includes both free and commercial anti-virus programs, but even the commercial ones typically have a trial period in which you can scan and clean your computer be

It is also advised that you install and scan your computer with MalwareBytes' Anti-Malware and SUPERAntiSpyware. Both of these are excellent programs and have a good track record at finding newer infections that the more traditional anti-virus programs miss. Guides on how to install and use these programs can be found below.

How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
How to use SUPERAntiSpyware to scan and remove malware from your computer

After performing these instructions if you still are infected, you can use the instructions below to manually remove the infection.

How to remove these infections manually

We have finally arrived at the section you came here for. You are most likely reading this tutorial because you are infected with some sort of malware and want to remove it. With this knowledge that you are infected, it is also assumed that you examined the programs running on your computer and found one that does not look right. You did further research by checking that program against our Startup Database or by searching in Google and have learned that it is an infection and you now want to remove it.
If you have identified the particular program that is part of the malware, and you want to remove it, please follow these steps.

Download and extract the Autoruns program by Sysinternals to C:\Autoruns
Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.
Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.
When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.
1. Include empty locations
2. Verify Code Signatures
3. Hide Signed Microsoft Entries
Then press the F5 key on your keyboard to refresh the startups list using these new settings.
The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our Startup Database for that information or ask for help in our computer help forums.
Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.
Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:

How to see hidden files in Windows
When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.

How to protect yourself in the future
In order to protect yourself from this happening again it is important that take proper care and precautions when using your computer. Make sure you have updated antivirus and spyware removal software running, all the latest updates to your operating system, a firewall, and only open attachments or click on pop-ups that you know are safe. These precautions can be a tutorial unto itself, and luckily, we have one created already:

Simple and easy ways to keep your computer safe and secure on the Internet

Please read this tutorial and follow the steps listed in order to be safe on the Internet. Other tutorials that are important to read in order to protect your computer are listed below.

Conclusion
Now that you know how to remove a generic malware from your computer, it should help you stay relatively clean from infection. Unfortunately there are a lot of malware that makes it very difficult to remove and these steps will not help you with those particular infections. In situations like that where you need extra help, do not hesitate to ask for help in our computer help forums. We also have a self-help section that contains detailed fixes on some of the more common infections that may be able to help. This self-help section can be found here:

9 Tips Get rid of Virus Sality

Diposting oleh black-white di 03.39

Jakarta - Not all antivirus programs to clean up files that have been infected with the virus W32/Sality.AE. In fact, can-can, the file will be destroyed after being scanned and cleaned by the antivirus that is not appropriate.
Sality virus will spread quickly through a network share by using the default Windows folder or share that has full access by way of infected files that have extensions exe / com / scr.
For that, security companies Vaksincom suggest that computer users to disable the default share (C $, D $ .. etc) and avoid full folder sharing on your network.
Here are 9 ways to clean the virus W32/Sality.AE brief received from analysts detikINET Vaksincom virus, Adang Jauhar Taufik, on Wednesday (04/03/2009):
1. Disconnect the computer that will be cleared from the network and the Internet.
2. Turn off System Restore during the cleaning process takes place.
3. Turn off the Autorun and Default Share. Please download the file and run the following ways: right-click and then install repair.inf.
http://www.4shared.com/file/82762498/f5dc1edd/repair.html?dirPwdVerified=feea1d94
4. Turn off the active application program in memory so that the cleaning process faster, especially programs that exist in the startup list.
5. We recommend that you scan by using the removal tools with the first extension of the removal tools with an extension other [for example: CMD] for not re-infected by W32/Sality.AE.
6. In order for a computer that is infected W32/Sality.AE to boot safe mode, please restore the registry has been changed by the virus.
Please download the following files and then run the OS that is infected W32/Sality.AE.
http://www.4shared.com/file/82761423/934fb170/_2__Sality.htmldirPwdVerified=feea1d947. Fix another registry is modified by the virus, please download the following tools and then run the file in the following manner: right-click and then install repair.inf
http://www.4shared.com/file/82874724/f485f1dd/repair.html?dirPwdVerified=3b1f2fa9
8. Restart the computer and re-scan using removal tools to ensure your computer has been clean from viruses.
9. For optimal cleaning and prevent re-infection should install and scan with the antivirus can detect well Sality

virus Shortcut

Diposting oleh black-white di 03.33

A virus that makes your computer flood Shortcut

Amid the onslaught of viruses hit the world of martial Confiker network, then there is a local virus that does not want to lose to show teeth. This virus writers get by accident, when there beranjang in a workplace close friends, he complained why so many shortcuts in computer hell.

Having observed it is true a lot of shortcut files are scattered in every folder that is in the computer, such as Microsoft.lnk, and also a shortcut file with a name like the name of the folder that is owned. Finally, with the instinct vaksinis who can not hear any new viruses that are not detected by antivirus, then immediately direct the complaint further analyzed and made remedies.

The characteristics of the virus are:

1. In the My Documents folder contained a file called database.mdb, and apparently this is the file on the mainland.

2. Autorun.inf files, Thumb.db, Microsoft.lnk in every driver, folders and flash disk to the folder that the SUB-2.

3. Make any folders Duplicate Files with the extension. lnk, maximum 5 first folder name, for example, if the C: \ Windows there are a lot of it will only take 5 first name only. And is valid until the sub folder of the 2nd (see Figure 2)
4. Turn off the function of the Registry file (see Figure 3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistrytools"=dword:00000001

Menambahkan value di registry :
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Explorer"="Wscript.exe //e:VBScript \"C:\Documents and Settings\Administrator\My Documents\database.mdb\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WinUpdate"="Wscript.exe /e:VBScript \"C:\WINDOWS\:Microsoft Office
Update for Windows XP.sys\""

For the last script that is only likely to deceive any script, but
in practice we must mendeletenya. If at the time we logged on the computer, then
will get an error message as below

What makes us angry is a lot of shortcuts that are created by the virus. And the terrible virus that was not the right way of handling it will return again and again. Therefore there are several ways to do to combat this annoying virus:

    Turn off the process of WSCRIPT file located in C: \ Windows \ System32, by using tools such as CProcess, HijackThis or can also use the Task Manager of windows.

    Previously, the process of turning off System Restore.

    Once off the process of Wscript, we must mendetele or rename of the file so as not to be used (temporarily) again by the virus. For the record, if we rename the file wscript.exe is to automatically be copied again in the folder, therefore we must find where the other wscript.exe file usually in C: \ Windows \ $ NtServicePackUninstall $, C: \ Windows \ ServicePackFiles \ i386. Unlike other VBS viruses, we can change the Open With from the vbs file into Notepad, the virus that matters is berextensi MDB Microsoft Access file. So Wscript DATABASE.MDB will run the file as if he is VBS file. (Viruses smart right)
Wscript.exe / / E: VBScript \ "C: \ Documents and Settings \ Administrator \ My Documents \ database.mdb \" "

    Delete an existing parent file in C: \ Documents and Settings \ <user> \ My Documents \ database.mdb, for every time the computer boots will not load the file. And do not forget we also open MSCONFIG, disable the run command.

    Now we will delete the files autorun.inf. Microsoft.INF and Thumb.db. by the way, click the START button, type CMD, and moved to the drive to be cleaned, for example, drive C: \, then we have to do is
Type C: \ del Microsoft.inf / s = this command will delete all files microsoft.inf the whole folder on drive C:, if you want to move the drive to stay just renamed drive example: D: \ del Microsoft.inf / s
For the autorun.inf file, type C: \ del autorun.inf / s / ah / f = command will delete the autorun.inf file (syntax / ah / f is used because the file is taking attrib RSHA, as well as to do Thumb.db file also the same thing

HISTORY VIRUS COMOPUTER

Diposting oleh black-white di 03.19

The virus, which first appeared in this world named [Elk Cloner] was born about 1981 in TEXAS A & M. Spread through Apple II floppy disks are the operating system. The destroyer is displaying a message on the screen: "It will of get on all your disks It will of infiltrate your-chips-yes it is the Cloner!-It will of stick to you like glue It will of-modify RAM too-send in the Cloner!" Hi ... ... ... ... ... ....
The name "virus" that new sendiiri diberkan after 2 years of his birth by Len Adleman on November 3, 1983 in a seminar that ngebahas how to create viruses and protect yourself from viruses. But those people often assume that the virus, which first appeared is a virus [Brain] who actually was born in 1986. Fair wrote, because the virus is the most shocking and most widely spread karean spread through a DOS diskette that time again ngetrend. The birth also in conjunction with [PC-Write Trojan] and [Vindent]
From then on, `the virus began to rule the world. These developments are really horrible and frightening! one year later appeared the first virus that infects files. Usually the attack was the *. exe files that have this virus named [suriv] included in the class of viruses "Jerusalem". The speed of its spread enough 'thrill' for the moment. But this virus guns' too bad ko 'because this virus hit and beat up its IBM mainframe guns' for long, just a year (it is a year older eh what ya soon ...?)
In 1988, BIG attacks appear to Machintosh by the virus [MacMag] and [scores] and the Internet got beat out by artificial virus Robert Morris. In 1989 there prankster who sent the file "AIDS information program" and unfortunately, so this file is opened, which is obtained instead of info about AIDS, but the virus that mengenskrypsi hard drive and require payment for the opening code (hehehe ... ... .. there is no aja-way nyari people money)
Since then, the spread of the virus already guns' keitung again. However, the impact of guns' are too big. New year 1995 show a massive attack. Guns' half-hearted, they attacked large companies such as Griffith Air Force Base, Korean Atomic Research Institute, NASA, IBM and many other GIANT COMPANY persecuted by "INETRNET Liberation Front" on Thanksgiving day ~ ~. Because of the courage and the magnitude of the attack, dubbed as the year 1995, the Hacker and Cracker.
The Cracker is never satisfied. Each show a new operating system or program, they were ready with new viruses. You are often typed in MS Word may never nemuin Titassic virus. This is original Indonesian local virus lho ... and unique, this virus remind us make prayers on time (Oh no, goody too ya ..) But make no mistake, macro viruses that have the title [concept] can also be bad, really frightening and ferocious . Because of the pious that this evil going ngemusnahin 80% of data files and programs victims.
Well, in line with technological developments, emerging virus that combines the first macro viruses and worms. His name is pretty sweet [Melissa]. But the guns' as sweet as the name implies, this virus going to spread to others via E-Mail and the most painful, he is going to spread to all E-Mail addresses in your address book. And now comes millions of viruses that roaming guns' erratic in nature the Internet.