Jump to content
Balthazor

Warning!

By Balthazor, in Utiliti & Sekuriti

Recommended Posts

Balthazor    1

Balthazor
Posted

Icon bar tu yg mane? Ke toolbar yg virus ni tukar yg jd kaler ijau tu?

Kalo yg tu, aku da bagitau kat atas tu..

yg wallpaper tuh aku perasan ko dah buat yg toolbar kat atas tuh kalo korang perasan cuba masuk My computer pastu perhatikan kat atas tuh kan warna lain

Share this post

Link to post
Share on other sites

johnburn    6

johnburn
Posted

yg wallpaper tuh aku perasan ko dah buat yg toolbar kat atas tuh kalo korang perasan cuba masuk My computer pastu perhatikan kat atas tuh kan warna lain

Kalo bukan kat toolbar tu, katne? Bleh bg screenshot?

Share this post

Link to post
Share on other sites

Balthazor    1

Balthazor
Posted

Untuk buang gambar tu plak masuk registry editor, pergi ke entri:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar

dan delete BackBitmapShell

Kalo rase nak tukar gambar lain, takyah delete entri tu, just tukar valuenye ke path untuk gambar yg nak digunakan (bitmap jer)..

sori dah nampak thanks....but virus tuh leh masuk kedalam another drive like D or E .....ada satu folder EXE kat dalam tuh

Share this post

Link to post
Share on other sites

TonikCapGajah2013    175

TonikCapGajah2013
Posted

Kepada sapa2 nak cuba dan tak ada kaspersky

sebelum uji lebih baik buat satu restore point.

lebih selamat kalau backup terus partition C:

NOD32 macamana? ;)

Share this post

Link to post
Share on other sites

Balthazor    1

Balthazor
Posted

Kepada sapa2 nak cuba dan tak ada kaspersky

sebelum uji lebih baik buat satu restore point.

lebih selamat kalau backup terus partition C:

NOD32 macamana? ;)

jangan!!!!!! jangan cuba ngan restore point........ia x jadi.........cara terbaik nak cuba pakai la Goback atau Ghost

Share this post

Link to post
Share on other sites

johnburn    6

johnburn
Posted (edited)

jangan!!!!!! jangan cuba ngan restore point........ia x jadi.........cara terbaik nak cuba pakai la Goback atau Ghost

Yup, sbb virus ni kaco registry nih:

  • HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\LimitSystemRestoreCheckpointing >> (disable Windows Installer dari create restore point)
  • HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR >> (disable system restore)
  • HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig >> (disable link System Restore Settings dlm Restore interface dan Control Panel > System > System Restore page)

Nak baiki balik, tukar value untuk entri tu jd 0

Edited by johnburn

Share this post

Link to post
Share on other sites

Balthazor    1

Balthazor
Posted

ada antivirus nih nama dia Ashampoo Antivirus........aku test ngan AV nih impressive AV nih leh detect.......... :ph34r: .........aku extact terus keluar warning virus kena delete...................x infect PC aku pun :blush: ................

Share this post

Link to post
Share on other sites

johnburn    6

johnburn
Posted

ada antivirus nih nama dia Ashampoo Antivirus........aku test ngan AV nih impressive AV nih leh detect.......... :ph34r: .........aku extact terus keluar warning virus kena delete...................x infect PC aku pun :blush: ................

Kalo dah kene infect, AV tu bleh heal tak?

AV lain camne? Da ade yg bleh detect virus ni?

Share this post

Link to post
Share on other sites

Balthazor    1

Balthazor
Posted

Kalo dah kene infect, AV tu bleh heal tak?

AV lain camne? Da ade yg bleh detect virus ni?

AV lain AVG aku dah test......dia detect but aku still x puas hati.....rasa ada bende miss.......aku rasa pakai AV Ashampoo ni ok gak leh Delete ngan Clean infected files sekali...........cuba ko download AV tuh pastu ko update dan pastu ko EXTRACT Virus Lim Kok Wing tu.......ada keluar warning........... :lol:

AVira aku dah update tengah test.......

Share this post

Link to post
Share on other sites

TonikCapGajah2013    175

TonikCapGajah2013
Posted

Yup, sbb virus ni kaco registry nih:
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\LimitSystemRestoreCheckpointing >> (disable Windows Installer dari create restore point)
  • HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR >> (disable system restore)
  • HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig >> (disable link System Restore Settings dlm Restore interface dan Control Panel > System > System Restore page)
Nak baiki balik, tukar value untuk entri tu jd 0

Dah try ker?

Aku cuba buat ok. Jadi.

Cuba ko terangkan macamana ko guna Restore Point tu..

Share this post

Link to post
Share on other sites

johnburn    6

johnburn
Posted

Dah try ker?

Aku cuba buat ok. Jadi.

Cuba ko terangkan macamana ko guna Restore Point tu..

Aku tak test pn system restore tu, cume ape yg gitau tu berdasarkan code asal virus tu jer (sbb aku ade code nye)...

WriteRegistry.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\noFolderOptions", "1", "REG_DWORD"
WriteRegistry.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools", "1", "REG_DWORD"
WriteRegistry.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\Disabletaskmgr", "1", "REG_DWORD"
WriteRegistry.RegWrite "HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableMSi", "1", "REG_DWORD"
WriteRegistry.RegWrite "HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\LimitSystemRestoreCheckpointing", "1", "REG_DWORD"
WriteRegistry.RegWrite "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR", "1", "REG_DWORD"
WriteRegistry.RegWrite "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig", "1", "REG_DWORD"

Share this post

Link to post
Share on other sites

ApoNie    0

ApoNie
Posted (edited)

bagus aidea buat file reg tu.. hokhokhokh

tp untuk geekz remover, rename jer file tu jadik *.scr pon bleh.. :D

Edited by ApoNie

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go To Topic Listing
×
×
  • Create New...