Ehm,,,,sebenarnya ini pengalaman yang gak baru sih,,,
tapi, bagus juga de kayaknya kalo di ceritain..
hehehehe...
begini ceritanya ;
pada suatu hari saya mencoba untuk membuka regedit di suatu komputer di lab...
eh, kok gak bisa y, malah restart! &^%*!@
eng...buka command prompt juga restart! @#^%$
waduh,,ada yang gak bener ni....betul kan, tnyata ada worm yg tertanam di itu kompi....
taunya dari mana??,,soalnya, itu worm pede bgt ngeliatin dirinya dgn nama "Brontok.A"...
eng, pertama sih ngiranya Brontok.A,,,eh, tapi kok nama file "tebar pesonanya" "about.Joseray.A"
kayaknya bukan Brontok.A ni,,,tapi Joseray.A....
langsung aja de ke inti ceritanya,,how to remove Joseray.A???
1. Restart dulu akh komputernya dan masuk ke safe mode with command prompt
2. Ketik aja explorer.exe di jendela cmd, biar ada jendela explorernya gtu...
3. Buka notepad, copy paste ni script
[Version]
Signature="$Chicago$"
Provider=garyabraham
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableCMD
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, Andrian-Pkus
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableCMD
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, Joseray_World
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, Andrian-Pkus
HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Repair
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Repair
save dah tu, jadi "repair.inf" (tanpa kutip dua)
4. Kalo udah di save, coba klik kanan tu repair.inf, pilih install
5. Ok, buka regedit akh,,,,buat mastiin aja, udah ke delete apa belum startup-nya??? Kalo belum,
6. Delete value Andrian-Pkus, di HKCU\Software\Microsoft\Windows\CurrentVersion\Run
dan di HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
Joseray_World, di HKLM\Software\Microsoft\Windows\CurrentVersion\Run
7. Keluar dari regedit
8. Buka msconfig, unchecklist value esojray dan smss, jangan langsung di restart yup...
9. Delete file
a. esojray (aplikasi) di C:
b. Jose.ray-3-17 (folder) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
c. Jose.ray-3-18 (folder) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
d. Loc.Mail.Brontok (folder) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
e. OK-SendMail-Jose-ray (folder) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
f. csrss (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
g. inetinfo (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
h. Kosong.Jose.Ray (text document) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
i. lsass (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
j. services (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
k. smss (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
l. winlogon (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
m. about.Joseray.A (html) di C:\Documents and Settings\"Account kamu"\My Documents\My Pictures
10. Delete schedule task "AT1"
11. Restart de komputernya
12. Masuk ke mode normal dan selesai!!!!!!
fuih, panjang bgt ya ceritanya.......
ditunggu perbaikannya, caci makinya, dll
thx.
My Jesus
Vaksincom
Pak Hendri (Instruktur saya)
dan yang saya tidak sebutkan
i love u all......
tapi, bagus juga de kayaknya kalo di ceritain..
hehehehe...
begini ceritanya ;
pada suatu hari saya mencoba untuk membuka regedit di suatu komputer di lab...
eh, kok gak bisa y, malah restart! &^%*!@
eng...buka command prompt juga restart! @#^%$
waduh,,ada yang gak bener ni....betul kan, tnyata ada worm yg tertanam di itu kompi....
taunya dari mana??,,soalnya, itu worm pede bgt ngeliatin dirinya dgn nama "Brontok.A"...
eng, pertama sih ngiranya Brontok.A,,,eh, tapi kok nama file "tebar pesonanya" "about.Joseray.A"
kayaknya bukan Brontok.A ni,,,tapi Joseray.A....
langsung aja de ke inti ceritanya,,how to remove Joseray.A???
1. Restart dulu akh komputernya dan masuk ke safe mode with command prompt
2. Ketik aja explorer.exe di jendela cmd, biar ada jendela explorernya gtu...
3. Buka notepad, copy paste ni script
[Version]
Signature="$Chicago$"
Provider=garyabraham
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableCMD
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, Andrian-Pkus
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableCMD
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, Joseray_World
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, Andrian-Pkus
HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Repair
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Repair
save dah tu, jadi "repair.inf" (tanpa kutip dua)
4. Kalo udah di save, coba klik kanan tu repair.inf, pilih install
5. Ok, buka regedit akh,,,,buat mastiin aja, udah ke delete apa belum startup-nya??? Kalo belum,
6. Delete value Andrian-Pkus, di HKCU\Software\Microsoft\Windows\CurrentVersion\Run
dan di HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
Joseray_World, di HKLM\Software\Microsoft\Windows\CurrentVersion\Run
7. Keluar dari regedit
8. Buka msconfig, unchecklist value esojray dan smss, jangan langsung di restart yup...
9. Delete file
a. esojray (aplikasi) di C:
b. Jose.ray-3-17 (folder) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
c. Jose.ray-3-18 (folder) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
d. Loc.Mail.Brontok (folder) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
e. OK-SendMail-Jose-ray (folder) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
f. csrss (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
g. inetinfo (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
h. Kosong.Jose.Ray (text document) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
i. lsass (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
j. services (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
k. smss (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
l. winlogon (aplikasi) di C:\Documents and Settings\"Account kamu"\Local Settings\Application Data
m. about.Joseray.A (html) di C:\Documents and Settings\"Account kamu"\My Documents\My Pictures
10. Delete schedule task "AT1"
11. Restart de komputernya
12. Masuk ke mode normal dan selesai!!!!!!
fuih, panjang bgt ya ceritanya.......
ditunggu perbaikannya, caci makinya, dll
thx.
My Jesus
Vaksincom
Pak Hendri (Instruktur saya)
dan yang saya tidak sebutkan
i love u all......
