Menghapus Virus DOC.VBS

Kemungkinan komputer Anda terinfeksi virus VBS/Smalltroj.XRS

Lakukan pembersihan berikut:
1. Matikan wscript.exe yang aktif dimemori (silahkan download dialamat http://download.sysinternals.com/Files/ProcessExplorer.zip)

2. gunakan tools pengganti registry editor (regAnalizer, silahkan download di alamat http://www.safer-networking.org/files/regalyz.exe) kemudian masuk ke lokasi HKCRinffileshellInstallcommand, kemudian ganti string “default” yang ada disebeah kanan layar menjadi C:WindowsSystem32rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1

3. Hapus registry yang dibuat virus, untuk mempercepat proses pembersihan copy script dibawah ini pada program notepad, simpan dengan nama repair.inf kemudian jalankan dengan cara


- klik kanna repair.inf
- klik Install

[Version]
Signature=”$Chicago$”
Provider=Vaksincom

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, SoftwareCLASSESbatfileshellopencommand,,,”"”%1″” %*”
HKLM, SoftwareCLASSEScomfileshellopencommand,,,”"”%1″” %*”
HKLM, SoftwareCLASSESexefileshellopencommand,,,”"”%1″” %*”
HKLM, SoftwareCLASSESpiffileshellopencommand,,,”"”%1″” %*”
HKLM, SoftwareCLASSESregfileshellopencommand,,,”regedit.exe “%1″”
HKLM, SoftwareCLASSESscrfileshellopencommand,,,”"”%1″” %*”
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionWinlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEMControlSet001ControlSafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEMControlSet002ControlSafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEMCurrentControlSetControlSafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWAREClassesexefileDefaultIcon,,,”%1″
HKLM, SOFTWAREClassesVBSFile,,,”VBScript Script file”
HKLM, SOFTWAREClassesVBSFileDefaultIcon,,,”C:WIndowsSystem32WScript.exe,2″
HKLM, SOFTWAREClassesVBSFileShellEditCommand,,,”C:WIndowssystem32notepad.exe %1″

[del]
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer,NoFolderOptions
HKCU, SoftwareMicrosoftWindowsCurrentVersionRun, Adobe
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, NoDesktop
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, NoFileAssociate
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, NoFolderoptions
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, NoRun
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, NoFind
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableCMD
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegistryTools
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit
HKCU, SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableTaskMgr
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem, DisableTaskmgr
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscmd.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsconfig.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsregedit.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsregedt32.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTaskMgr.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsattrib.exe
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsinstall.exe, Debugger
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssetup.exe, Debugger
HKLM, SOFTWAREClassesVBSFile, NeverShowExt

4. Hapus file virus dengan ekstensi VBS (berukuran 9 KB) dan DOC.VBS. Untuk mempermudah proses pencarian gunakan tools search windows, hapus jiga autorun.inf di setiap folder

5. Tampilkan file doc yg disembunyikan (attrib -s -h *.doc /s) pada dos prompt dengan memastikan kursor berada di drive yang akan di cek

6. Untuk pembersihan optimal dan mencegak infeksi ulang silahkan scan dengan antivirus yang sudah dapat menengenali vrus ini dengan baik.