:: topengdigital ::

June 6, 2007

Membasmi virus butoijo

Filed under: analisa

membasmi virus buto ijo

::virus butoijo:: atau yang lebih akrab dengan :: worm butoijo ::

virus ini pemicunya ada di butoijo.exe, coba anda copy paste script ini ke notepad dan simpan kedalam format vbs ( bantai.vbs)

====================================

Dim WshShell
Set WshShell = WScript.CreateObject(”WScript.Shell”)
on error resume Next
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\system\DisableRegistryTools”, “0″, “REG_DWORD”
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\system\DisableTaskMgr”, “0″, “REG_DWORD”
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\system\DisableCMD”, “0″, “REG_DWORD”
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\system\NoDispCpl”, “0″, “REG_DWORD”
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\explorer\NoRun”, “0″, “REG_DWORD”
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\explorer\NoFolderOptions”, “0″, “REG_DWORD”
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\explorer\NoTrayContextMenu”, “0″, “REG_DWORD”
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\explorer\NoClose”, “0″, “REG_DWORD”
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\explorer\NoFind”, “0″, “REG_DWORD”
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\explorer\NoViewContextMenu”, “0″, “REG_DWORD”
WshShell.RegWrite “HKCU\software\microsoft\windows\currentversion\policies\explorer\NoControlPanel”, “0″, “REG_DWORD”
WshShell.RegDelete”HKLM\Software\Microsoft\Windows\CurrentVersion\Run\windll”
WshShell.RegDelete”HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption”
WshShell.RegDelete”HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText”
WshShell.RegWrite “HKLM\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization”,”Nama Organisasi”
WshShell.RegWrite “HKLM\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”,”Nama Anda”
WshShell.RegDelete”HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden”
WshShell.RegDelete”HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”
WshShell.RegDelete”HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden”
WshShell.RegDelete”HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden”
WshShell.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper”, “0″, “REG_DWORD”

====================================

setelah itu tekan ctrl+alt+del dan endtask butoijo.exe delete juga butoijo.exe di c:windows/system32 , dijamin amblas
dan delete file exe bernama butoijo.exe di masing masing drive
juga sudah di bahas di http://virologi.info/virologist/modules/news/article.php?storyid=178

Comments »

The URI to TrackBack this entry is: http://topengdigital.blogsome.com/2007/06/06/membasmi-virus-butoijo/trackback/

No comments yet.

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>























Get free blog up and running in minutes with Blogsome
Theme designed by Minz Meyer