In recent years many emerging viruses that began to bother the community of computer users. If the first Internet users are confused by the virus because of its spread is still limited by email and network. As the technological development of mobile devices is also developing information technology. Today almost every computer user must have the flash disk data storage media which is highly portable and easy to use because of its nature, such as floppy disks but with large capacity and not easily damaged. But the popularity of flash disk on computer users lure makers virus to create a virus that spreads through these storage media. This makes the users who do not understand computers are sometimes fooled by a virus that thinks running is another file as a Microsoft Word document files, folders, or other file formats. In fact that is being opened is a virus program that has the same icon with these files.
No need to discuss too long the history of the emergence of this virus, but for users who have been hit by a virus then the actual eradication of the virus-virus measures are almost the same. Usually the general public who do not have internet access on her computer more susceptible to viruses because the antivirus is not up to date so that his antivirus does not recognize new viruses. There are several ways to remove viruses from your computer if already infected with this virus. The following techniques are discussed in the Windows XP operating system because the OS is the most common infection and most widely used. Here is the technique of these techniques:Removing the antivirus on another computer
By releasing a computer hard drive that has been infected with viruses and then loaded onto other computers that have the latest antivirus or at least be able to identify the virus in an infected system. Make a full scan of the hard drives of infected systems and remove any viruses found. After finishing the hard drive has been mounted back to computer and run the system as usual. Do check back to see if the computer is still showing the same symptoms when exposed to the virus. This method is powerful to clean the virus throughout the antivirus on another computer that can identify and remove viruses on the hard drive is infected. But the virus still leaves traces in the form or the startup autorun is not functioning. This trail is sometimes raises an error message that is not dangerous but may be a bit annoying.
Removing with other operating systems
On a laptop or computer that is not removable hard drive then the other way is to run other operating systems that are not infected with the virus and do a full scan of your entire hard drive. Usually there is beberpa users who use dual OS such as Linux and Windows or Windows XP and Windows Vista, etc.. Besides it can also use the LiveCD or OS Portable like Knoopix and Windows PE (Windows which has diminimazed and boots from portable storage media such as flash disk or CD.) And then do a full scan with current antivirus. Effective the same as deleting the virus with antivirus on another computer example above. Viruses sometimes still leaving a trail is not dangerous.Removing manually
If you have trouble doing the above still no other way is by manually. These steps are:
1. Shut down process run by the virus. Active virus must have a process running on the system. This process usually monitor the activities of the system and perform actions when certain events occur which identified the virus. For example when we install the flash disk, the process will recognize the virus and infect the action flash disk with the same virus. This process should be viewed from the task manager which can be activated with the Ctrl + Alt + Del, but sometimes the virus will block this action by doing a log off, close the Task Manager window, or restart the system. Another way is to use other tools to see and kill the virus. I used to use Process Explorer from http://www.sysinternals.com/. With this tool you can turn off the process which is considered a virus. At the time of the deadly virus belonging to note sometimes the process of the virus consists of more than a process of mutual monitoring. When a process is turned off then the process it will be turned on again by another process. Because of that deadly virus must rapidly process before the process is turned off again by another process. Identify the processes that are considered first and then turn off all virus quickly. Usually the windows process resembling a virus disguised but certainly no different as a mimic IExplorer.exe Explorer.exe. Here are the windows that can be used as reference processes that are categorized safe:
C: \ WINDOWS \ system32 \ smss.exeC: \ WINDOWS \ system32 \ csrss.exeC: \ WINDOWS \ system32 \ winlogon.exeC: \ WINDOWS \ system32 \ services.exeC: \ WINDOWS \ system32 \ svchost.exeC: \ WINDOWS \ system32 \ lsass.exeC: \ WINDOWS \ Explorer.exe
In addition to process explorer you can use other tools that may be easier and could erase process as well. Another example is HijackFree. You can search on google tools similar.# After the deadly virus managed to do the default return value parameter system used virus to activate itself and block efforts to remove him. The parameters are located in the windows registry that can be reset to default values. Save the following file with any name with the file extension. Reg. Then execute the file by clicking 2 times. If there is confirmation you can answer Yes / Ok. The following registry file:
Windows Registry Editor Version 5.00:
2. The above registry file will unblock regedit, and prevent the virus transplanting himself to the system, and reset other parameters to prevent the virus from the road again.
3. Once the virus is turned off and reset the system parameters. Prevent the virus active again by removing the autorun virus entry and startup of Windows. Can use the default Windows Msconfig tool or directly edit the registry with regedit. To more easily use third party tools like autoruns from http://www.sysinternals.com to delete autorun entry and startup of the virus tsb. Do not forget to check the Startup folder on the Start menu Menu -> Programs -> Startup and make sure no virus entry page.
4. Download the latest antivirus and do a full antivirus scan on the system for checking the whole system and remove all viruses found. I suggest avira which can be downloaded from http://www.free-av.com because it is free and the same virus scanner tough with commercial antivirus like Symantec or Kaspersky.
5. Before restarting make sure you do not miss either of proces virus or autorun and system startup. Because if not, upon restarting the system will go back like when infected with the virus and in vain all the steps you did before.
6. After restarting your computer check back and see if the symptoms appear when the computer is infected is still there or not. If there then you missed beberpa autorun virus or reset the system parameters above does not work. Perform the steps above and check more carefully every step before you restart the system.
That's the virus removal steps on Windows XP systems. To prevent the virus from coming back you should be diligent to update antivirus or install applications such as WinPooch prevention or Comodo Firewall will warn users when there are other programs that will modify the system. So even though the virus is not recognized but before entering the user will be warned by the application of prevention. If you recognize the programs that want to access your system then you can allow such access, but if not should be rejected and blocked access because there is a possibility the program is a virus.
Be cautious when opening flash disk. Do not open the flash disk with a click 2 times. Open with a right click and select the Open menu for autoplay feature on the flash disk can not run a virus ototmatis. Do not forget to note the files that you open. Although iconnya same note that the files that you open open the application or program type. Make sure the word file is the word really and truly a folder with a folder can view the details or properties of the file. Hopefully this article helps you become infected and prevent computer viruses.
No need to discuss too long the history of the emergence of this virus, but for users who have been hit by a virus then the actual eradication of the virus-virus measures are almost the same. Usually the general public who do not have internet access on her computer more susceptible to viruses because the antivirus is not up to date so that his antivirus does not recognize new viruses. There are several ways to remove viruses from your computer if already infected with this virus. The following techniques are discussed in the Windows XP operating system because the OS is the most common infection and most widely used. Here is the technique of these techniques:Removing the antivirus on another computer
By releasing a computer hard drive that has been infected with viruses and then loaded onto other computers that have the latest antivirus or at least be able to identify the virus in an infected system. Make a full scan of the hard drives of infected systems and remove any viruses found. After finishing the hard drive has been mounted back to computer and run the system as usual. Do check back to see if the computer is still showing the same symptoms when exposed to the virus. This method is powerful to clean the virus throughout the antivirus on another computer that can identify and remove viruses on the hard drive is infected. But the virus still leaves traces in the form or the startup autorun is not functioning. This trail is sometimes raises an error message that is not dangerous but may be a bit annoying.
Removing with other operating systems
On a laptop or computer that is not removable hard drive then the other way is to run other operating systems that are not infected with the virus and do a full scan of your entire hard drive. Usually there is beberpa users who use dual OS such as Linux and Windows or Windows XP and Windows Vista, etc.. Besides it can also use the LiveCD or OS Portable like Knoopix and Windows PE (Windows which has diminimazed and boots from portable storage media such as flash disk or CD.) And then do a full scan with current antivirus. Effective the same as deleting the virus with antivirus on another computer example above. Viruses sometimes still leaving a trail is not dangerous.Removing manually
If you have trouble doing the above still no other way is by manually. These steps are:
1. Shut down process run by the virus. Active virus must have a process running on the system. This process usually monitor the activities of the system and perform actions when certain events occur which identified the virus. For example when we install the flash disk, the process will recognize the virus and infect the action flash disk with the same virus. This process should be viewed from the task manager which can be activated with the Ctrl + Alt + Del, but sometimes the virus will block this action by doing a log off, close the Task Manager window, or restart the system. Another way is to use other tools to see and kill the virus. I used to use Process Explorer from http://www.sysinternals.com/. With this tool you can turn off the process which is considered a virus. At the time of the deadly virus belonging to note sometimes the process of the virus consists of more than a process of mutual monitoring. When a process is turned off then the process it will be turned on again by another process. Because of that deadly virus must rapidly process before the process is turned off again by another process. Identify the processes that are considered first and then turn off all virus quickly. Usually the windows process resembling a virus disguised but certainly no different as a mimic IExplorer.exe Explorer.exe. Here are the windows that can be used as reference processes that are categorized safe:
C: \ WINDOWS \ system32 \ smss.exeC: \ WINDOWS \ system32 \ csrss.exeC: \ WINDOWS \ system32 \ winlogon.exeC: \ WINDOWS \ system32 \ services.exeC: \ WINDOWS \ system32 \ svchost.exeC: \ WINDOWS \ system32 \ lsass.exeC: \ WINDOWS \ Explorer.exe
In addition to process explorer you can use other tools that may be easier and could erase process as well. Another example is HijackFree. You can search on google tools similar.# After the deadly virus managed to do the default return value parameter system used virus to activate itself and block efforts to remove him. The parameters are located in the windows registry that can be reset to default values. Save the following file with any name with the file extension. Reg. Then execute the file by clicking 2 times. If there is confirmation you can answer Yes / Ok. The following registry file:
Windows Registry Editor Version 5.00:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000000
"SuperHidden"=dword:00000000
"ShowSuperHidden"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot]
"AlternateShell"="Cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot]
"AlternateShell"="Cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="Cmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""
[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\piffile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\open\command@="\"%1\" %*"2. The above registry file will unblock regedit, and prevent the virus transplanting himself to the system, and reset other parameters to prevent the virus from the road again.
3. Once the virus is turned off and reset the system parameters. Prevent the virus active again by removing the autorun virus entry and startup of Windows. Can use the default Windows Msconfig tool or directly edit the registry with regedit. To more easily use third party tools like autoruns from http://www.sysinternals.com to delete autorun entry and startup of the virus tsb. Do not forget to check the Startup folder on the Start menu Menu -> Programs -> Startup and make sure no virus entry page.
4. Download the latest antivirus and do a full antivirus scan on the system for checking the whole system and remove all viruses found. I suggest avira which can be downloaded from http://www.free-av.com because it is free and the same virus scanner tough with commercial antivirus like Symantec or Kaspersky.
5. Before restarting make sure you do not miss either of proces virus or autorun and system startup. Because if not, upon restarting the system will go back like when infected with the virus and in vain all the steps you did before.
6. After restarting your computer check back and see if the symptoms appear when the computer is infected is still there or not. If there then you missed beberpa autorun virus or reset the system parameters above does not work. Perform the steps above and check more carefully every step before you restart the system.
That's the virus removal steps on Windows XP systems. To prevent the virus from coming back you should be diligent to update antivirus or install applications such as WinPooch prevention or Comodo Firewall will warn users when there are other programs that will modify the system. So even though the virus is not recognized but before entering the user will be warned by the application of prevention. If you recognize the programs that want to access your system then you can allow such access, but if not should be rejected and blocked access because there is a possibility the program is a virus.
Be cautious when opening flash disk. Do not open the flash disk with a click 2 times. Open with a right click and select the Open menu for autoplay feature on the flash disk can not run a virus ototmatis. Do not forget to note the files that you open. Although iconnya same note that the files that you open open the application or program type. Make sure the word file is the word really and truly a folder with a folder can view the details or properties of the file. Hopefully this article helps you become infected and prevent computer viruses.