Friday, October 1, 2010

Virus W32/VBWorm


The presence of virus W32/VBWorm.BEUA or better known as viruses that exploit security holes shortcut is quite disturbing. For, although labeled local virus, he not only take advantage of user negligence. But has more seriourly with a break through Windows security holes.

8 practical steps to kick the virus is able to change the folder that is in the USB flash disk into the shortcut

1. Non activated 'System Restore' as long as cleaning process.

2. Disconnect for the network

3. Turn off the virus active in memory by using the tools 'Ice Sword'. Once the tools are installed, select the file that has the icon 'Microsoft Visual Basic Project' and click 'Terminate Process'. Please download these tools at http://icesword.en.softonic.com/

4. Delete the registry that has been created by the virus by:
-. Click the [Start]
-. Click [Run]
-. Type Regedit.exe, and click the [OK]
-. In the Registry Editor application, browse the key [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run]
-. Then delete the key that has the data [C: \ Documents and Settings \% username%].

5. Disable the autoplay / autorun Windows. Copy the script below in notepad and then save it as repair.inf, install the files in the following manner: Right-click repair.inf -> INSTALL

[Version]

Signature="$Chicago$"

Provider=Vaksincom

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""

HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

6. Delete Files parent and duplicate files are created by the virus included in the flash disk. To expedite the search process, you can use the 'Search'. Before conducting the search should show all hidden files by changing the Folder Options settings.

7. Show re-folders have been hidden by the virus. To speed up the process, please download the tools Unhide Files and Folders in http://www.flashshare.com/bfu/download.html.
Once installed, select the directory [C: \ Documents and Settings] and folders that exist on the flash disk by moving into fields that are already available. In the [Attributes] clear all the options, then click the [Change Attributes].

8. Install security patches 'Microsoft Windows Shell shortcut handling remote code execution vulnerability, MS10-046'. Please download the security patch at http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx

No comments: