Free Backlinks Free Backlinks General Business Web Directory

Chitika

Wednesday 6 April 2011

Tips Cleaning Stuxnet Virus : Hardisk Eaters


Stuxnet Virus or also known as Winsta, devouring all the vacant land on the hard disk until full. According to Alfons Tanujaya, antivirus analysts from Vaksincom, to detikINET, Friday (07/30/2010), Indonesia is the country with the second largest Stuxnet victims in the world after Iran.
The virus initially spread from various adult sites, pirated programs and content 'gray' other was quite disturbing. Here are the steps to eradicate the virus, as manifested by antivirus analysts Vaksincom Adi Saputra:

1. Using Dr. Web CureIt

Adi suggested that the victim Winsta Stuxnet alias to download a virus removal software. Removal Tools called Dr.Web CureIt can be downloaded from the site FreeDrWeb.com

2. Registry Fix

Then, Adi registry suggest improvements in Windows that has been modified by a virus. How, first of all, copy the script below into WordPad file.

[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0
HKLM, SOFTWARE\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"

[del]
HKLM, SYSTEM\CurrentControlSet\Services\MRxCls
HKLM, SYSTEM\CurrentControlSet\Services\MRxNet
HKLM, SYSTEM\ControlSet001\Services\MRxCls
HKLM, SYSTEM\ControlSet002\Services\MRxNet
HKLM, SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_MRXClS
HKLM, SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_MRXNET
HKLM, SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_MRXClS
HKLM, SYSTEM\ControlSet002\Services\Enum\Root\LEGACY_MRXNET

Then, save the file with the name 'repair.inf'. Use the Save as type option to Text Document in order to avoid mistakes. Then, right click the file 'repair.inf', select 'Install' and restart the computer.

"Clean up temporary files, this in order to prevent the rest of the trojan is trying to become active again. Use tools such as ATF Cleaner or use the features of Windows that is the Disk Clean-Up," wrote Adi.

3. Emergency Solutions

In addition, the following is a script that can be used in emergencies to prevent re-infecting Winsta not. Save the following script with the name Winsta.bat (file type: Text)

@echo off
del /f c:\windows\system32\winsta.exe
rem rd c:\windows\system32\winsta.exe
md c:\windows\system32\winsta.exe
del /f c:\windows\system32\drivers\mrxnet.sys
rem rd c:\windows\system32\drivers\mrxnet.sys
md c:\windows\system32\drivers\mrxnet.sys
del /f c:\windows\system32\drivers\mrxcls.sys
rem rd c:\windows\system32\drivers\mrxcls.sys
md c:\windows\system32\drivers\mrxcls.sys
attrib +r +h +s c:\windows\system32\winsta.exe
attrib +r +h +s c:\windows\system32\drivers\mrxnet.sys
attrib +r +h +s c:\windows\system32\drivers\mrxnet.sys

Once completed, double-click the resulting file Winsta.bat. For optimal cleaning and prevent re-infection, re-use antivirus software that scans an updated and properly recognize this virus.
Posted by funny at 18:55

9 comments:

  1. Unknown1 September 2021 at 23:20

    Hey! Great post I just came across, your blog and I love it!
    I really enjoyed to read that all i will always follow You thanks for the great article.


    SEO Company in Vijayawada

    ReplyDelete
  2. Seedbox5 September 2021 at 07:47

    Our Fast Seedbox service gives you a high speed, anonymous connection to our servers so you can download torrents in complete privacy. Our seedbox service is used by people all around the world to download and stream files like movies, tv shows, music, ebooks, software and much more.

    ReplyDelete
  3. Unknown11 October 2021 at 19:15

    I used to be able to find good information from your blog posts.http://spencernonk66677.blog-mall.com/8191733/all-about-satta-king

    ReplyDelete
  4. Abhishek12 October 2021 at 23:42

    thanks a lot for sharing, this really helped in my workhttps://dallasihgd33444.goabroadblog.com/7233707/all-about-satta-king

    ReplyDelete
  5. Michanel jims15 October 2021 at 23:53

    Thanks for sharing this valuable and understanding article with us.Finding Best SEO Company ahmedabad then plusply digital is offering the best SEO Services in ahmedabad for your business website or Online Marketing.

    ReplyDelete
  6. Link Doozer18 October 2021 at 04:09

    Great content, amazing post altogether! keep posting such quality posts would be delighted to be updated with the latest on your blog,
    Regards
    Fast Seedbox

    ReplyDelete
  7. Music Audio10 November 2021 at 04:19

    Very efficiently written information. It will be valuable to everyone who uses it, including myself. Thanks.
    I can say this is the best way to know gain knowledge thank You!!
    Regards
    cheap seedbox

    ReplyDelete
  8. Twitch Dark Mode11 May 2022 at 01:16

    Dining Chairs

    At Only Dining Chairs, we bring to you a fabulous range of Australian dining room chairs that complement conservative to eclectic interior decor.

    Our dining chairs promise utmost comfort with great styles making them perfect for every occasion; mix & match with your dining table. Rustic, traditional, modern or retro, we have styles that you’ll love.

    ReplyDelete
  9. Twitch Dark Mode11 May 2022 at 02:33

    This comment has been removed by the author.

    ReplyDelete

Subscribe to: Post Comments (Atom)

ch