If this happen to yours computer attack by conficker, make your computer can't connect to network. But don't worry you can remove step by step.
1. Put off yours computer from network include LAN and WIFI.
2. Shutdown system restore on yours computer(Vista and XP only)
Start-->Program-->accessories-->system tool-->System restore.
after you inside turn off system restore for all drive.
for next step...read more
3. Turn off any service on your computer, you can use tool from Norman by free. you can download here
4. Delete service svchost.exe on your computer is that make by conficker.
5. Delete Schedule Task that make by conficker (C:-WINDOWS-Tasks).
6. Delete Registry string that make by conficker, for easy you can copy this script to notepad and install.
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU, Software-Microsoft-Windows-CurrentVersion-Explorer-Advanced, Hidden, 0x00000001,1
HKCU, Software-Microsoft-Windows-CurrentVersion-Explorer-Advanced, SuperHidden, 0x00000001,1
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Explorer-Advanced-Folder-Hidden-SHOWALL, CheckedValue, 0x00000001,1
HKLM, SYSTEM-CurrentControlSet-Services-BITS, Start, 0x00000002,2
HKLM, SYSTEM-CurrentControlSet-Services-ERSvc, Start, 0x00000002,2
HKLM, SYSTEM-CurrentControlSet-Services-wscsvc, Start, 0x00000002,2
HKLM, SYSTEM-CurrentControlSet-Services-wuauserv, Start, 0x00000002,2
[del]
HKCU, Software-Microsoft-Windows-CurrentVersion-Applets, dl
HKCU, Software-Microsoft-Windows-CurrentVersion-Applets, ds
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Applets, dl
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Applets, ds
HKLM, SYSTEM-CurrentControlSet-Services-Tcpip-Parameters, TcpNumConnections
give this file with "repair.inf". To run this file right click choose run.
7. For optimal remove this virus and make your computer not infected again, you should use update anti virus and pacth yours computer with http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Top Dropper In April
16 years ago
0 comments
Post a Comment