Tips & Tricks Step 5 Cleanup Virus Doraemon

Jakarta - Indonesia made a virus, known locally as the undercover movie cartoon Doraemon, Sinclair and Tom & Jerry. The virus is putting up with the Real Media Player icon.

Here's how to clean the virus:

1. Should do the cleaning mode in safe mode.
2. Turn off the virus is active in memory. Use task manager replacement tools, such as Itty Bitty Process Manager (can be downloaded at http://majorgeeks.com/Itty_Bitty_Process_Manager_d4690.html)

Make the process kill several files that the virus is active, namely:
* C: \ Windows \ Help \ explorer.exe
* C: \ Windows \ system32 \ 300403.exe
* C: \ Windows \ system32 \ aparaparsaparyangparipircapar.exe
* C: \ Windows \ system32 \ HacKid's. Exe

3. Remove string registry, which was created by the virus. To ease the registry can use the script below.

[Version]
Signature = "$ $ Chicago"
Provider = Vaksincom Oyee


[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del


[UnhookRegKey]
HKLM, SOFTWARE \ Classes \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Classes \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Classes \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Classes \ regfile \ shell \ open \ command, "regedit.exe"% 1 ""
HKLM, SOFTWARE \ Classes \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKLM, SYSTEM \ ControlSet001 \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM \ ControlSet002 \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM \ ControlSet003 \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM \ CurrentControlSet \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, Hidden, 0x00010001, 1
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, HideFileExt, 0x00010001, 0
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ SuperHidden,

UncheckedValue, 0x00010001, 1
SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL, DefaultValue, 0x00010001, 0


[del]
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, noboe
HKCU, Control Panel \ Desktop, SCRNSAVE.EXE
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoFolderOptions
HKLM, SOFTWARE \ Classes \. Reg \ shell
HKLM, SOFTWARE \ Classes \. Txt \ shell
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ App Paths \ MSCONFIG.EXE
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, NoDispScrSavPage
HKLM, SOFTWARE \ Policies \ Microsoft \ Windows NT \ SystemRestore, DisableSR
HKLM, SOFTWARE \ Policies \ Microsoft \ Windows NT \ SystemRestore, DisableConfig


* Use a notepad, and then save with the name "repair.inf" (use the Save As Type option to become All Files to avoid the mistakes).
* Run repair.inf with right-click and select install.
* There should make repair.inf files in the computer clean, so that the virus is not active.


4. Delete the file viruses that have the characteristics as follows:
* Icon "Real Player"
* Extension *. exe
* The size of 129 kb

Note:
* There should show hidden files that make it easier to search the files in the process of the virus.
* To facilitate the search process should use the "Search Windows" with the filter *. exe files that have a size of 45 KB.
* Delete the file the virus, which usually have modified the same date.


5. For optimal cleaning and prevent re-infection, use antivirus software that updates and most able to detect and eradicate this virus by both.