In recent years many emerging viruses began troublesome computer user community. If the first internet users are confused by the virus is still limited because of its spread by email and network. Along with the development of technology, the mobile device is also developing information technology. Nowadays almost every computer user definitely has a flash disk is a data storage medium that is highly portable and easy to use because of its nature as a floppy disk, but with a large capacity and is not easily damaged. But the popularity of flash disk in the computer users fished virus makers to create a virus that is spread through this storage media. This makes the users who do not understand computers are sometimes fooled because running a virus he thought was another file such as a Microsoft Word document file, folder, or another file format. Yet that is being opened is a virus program that has the same icon with these files.No need to discuss too long history of the emergence of this virus, but for users who are already infected with the virus, the actual eradication measures viruses are similar. Usually the general public who do not have internet access on the computer will be more susceptible to viruses because antivirus software is not up to date so that his antivirus does not recognize new viruses. There are several ways to eliminate the virus from your computer if already infected with this virus. The following techniques are discussed in the Windows XP operating system because it is the most common OS infected and most widely used. Here are the techniques are:Remove the antivirus on another computerBy releasing a computer hard drive that has been infected with a virus and then loaded onto another computer that has the latest antivirus or at least be able to recognize the virus in the system that has been infected. Perform full system scan on the infected hard drive and remove any viruses that are found. After completion of the hard drive can already be reassembled dikomputer and run the system as usual. Make checks again whether the computer still shows the same symptoms when exposed to the virus. This method is effective to clean the virus along the antivirus on another computer can recognize and remove the virus in the infected hard drive. But the virus is still leaving a trail of startup autorun or not functioning. This trail is sometimes an error message that is not harmful, but may be a bit disturbing.Remove with other operating systemsOn a laptop or a computer that is not removable hard drive, the other way is to run other operating systems that are not infected with the virus and perform a full scan of the entire disk. Usually there beberpa users who use dual OS such as Linux and Windows or Windows XP and Windows Vista etc. Besides it can also use a LiveCD or as Knoopix Portable OS and Windows PE (Windows which has diminimazed and bootable from portable storage media such as flash disk or CD.) And then do a full scan with the latest antivirus. Equally effective to remove the virus with antivirus on another computer example above. Viruses sometimes still leave traces harmless.Manually removeIf you have difficulty doing the above there are other ways that the manual way. The steps are:1. Turn off the process that is run by a virus. Active virus certainly has a process running on the system. This process typically monitor system activity and perform an action when certain events are recognized by the virus. For example, when we install flash disk, virus process will recognize this action and infects flash disk with the same virus. This process should be seen from the task manager that can be activated with Ctrl + Alt + Del, but sometimes the virus will block this action by logging off, close the Task Manager window, or restart the system. Another way is to use another tool to view and kill the virus. I used to use Process Explorer from http://www.sysinternals.com/. With this tool, you can turn off the process that is considered a virus. At the time of the deadly virus belongs to note sometimes the virus belongs comprises more than one process to monitor each other. When one process is turned off then the page will be turned on again by other processes. Because of the deadly virus process must be quickly shut down before the process is turned on again by other processes. Identify the processes that are considered first and then turn off all virus quickly. Usually the virus is disguised to resemble the windows but of course no difference as iexplorer.exe that mimics Explorer.exe. Here is a process that can be used as a reference windows are categorized as safe process:2. C: \ WINDOWS \ system32 \ smss.exe3. C: \ WINDOWS \ system32 \ csrss.exe4. C: \ WINDOWS \ system32 \ winlogon.exe5. C: \ WINDOWS \ system32 \ services.exe6. C: \ WINDOWS \ system32 \ svchost.exe7. C: \ WINDOWS \ system32 \ lsass.exeC: \ WINDOWS \ explorer.exeIn addition to process explorer, you can use other tools that may be more easily and can remove the process as well. Another example is HiJackFree. You can search on google similar tools.8. After the deadly virus managed to do returns default parameter values system used a virus to activate itself and remove his effort blocked. These parameters are in the windows registry can be reset to the default values. Save the following file with any name with a .reg file extension. Then execute the file by clicking 2 times. If no confirmation you can answer Yes / Ok. The following registry file:9. Windows Registry Editor Version 5.0010. [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced]11. "Hidden" = dword: 0000000012. "superhidden" = dword: 0000000013. "ShowSuperHidden" = dword: 0000000014.15. [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ SafeBoot]16. "AlternateShell" = "Cmd.exe"17. [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Control \ SafeBoot]18. "AlternateShell" = "Cmd.exe"19. [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot]20. "AlternateShell" = "Cmd.exe"21.22. [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]23. "Shell" = "Explorer.exe"24. "Userinit" = "C: \ WINDOWS \ system32 \ userinit.exe,"25.26. [HKEY_CLASSES_ROOT \ regfile \ shell \ open \ command]27. @ = "regedit.exe \"% 1 \ ""28.29. [HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command]30. @ = "\"% 1 \ "% *"31.32. [HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command]33. @ = "\"% 1 \ "% *"34. [HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command]35. @ = "\"% 1 \ "% *"36. [HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command]@ = "\"% 1 \ "% *"Registry file above will unblock regedit, prevent virus grafted itself to the system, and reset other parameters to prevent the virus again.37. Once the virus is turned off and reset the system parameters. Prevent the virus reactivates by removing entry and autorun virus on Windows startup. Can use the default Windows MSConfig tool or directly edit the registry with Regedit. To more easily use third-party tools such as autoruns of http://www.sysinternals.com to remove entry and startup autorun virus belonging TSB. Do not forget to check the Startup folder on the Start menu Menu -> Programs -> Startup and make sure no virus entry page.38. Download the latest antivirus and do full antivirus scanning on the system in order to check the entire system and remove all viruses found. I suggest Avira that can be downloaded from http://www.free-av.com due to its free and virus scanners as tough with commercial antivirus like Symantec or Kaspersky.39. Before restarting make sure you do not miss a good virus from proces or autorun and startup of the system. Because if not then upon restart, the system will return as at the time of virus infection and wasted all the steps that you did before.40. After restarting your computer check and see if the symptoms appear when the computer is infected is still there or not. When there then you missed beberpa autorun virus or reset the system parameters above are not successful. Retune and check more carefully each step before you restart the system.That step-by-step removal of viruses on Windows XP systems. To prevent the virus coming back you should be diligent in updating antivirus or installing applications such as Winpooch prevention or Comodo Firewall will warn the user if there is another program that will modify the system. So even if the virus is not recognized but before entering the user will be warned by the application of a deterrent. If you identify programs that want to access your system then you can allow such access, but if not you should reject and block such access because there is the possibility of the program is a virus.Be careful when opening the flash disk. Do not open the flash disk by clicking 2 times. Open with a right-click and select Open menu so that the autoplay feature on the flash disk is not running virus tasks automatically. Do not forget to note the files that you open. Although the same icon note that the file you open open the type of application or program. Make sure the word file is actually a word and folders truly folders can see the details or properties of the file. Hopefully this article helps and prevents your computer infected with a virus.
0 comments:
Post a Comment