How to Delete Surabaya virus
Many people are facing problem with the new USB worms coming up,one such worm is Surabaya Virus[As it calls itself by that name!]
Some info:Surabaya is the second largest city in Indonesia,the name and language suggests that the worm was actually originated in Indonesia by some spammer.Ok,enough about it’s history,Let’s get into the details of the worm’s operation.
When the virus enters your system,the following message would come up:
“Surabaya in my birthday
Don't kill me, i'm just send message from your computer
Terima kasih telah menemaniku walaupun hanya sesaat, tapi bagiku sangat berarti
Maafkan jika kebahagiaan yang kuminta adalah teman sepanjang hidupku
Seharusnya aku mengerti bahwa keberadaanku bukanlah disisimu, hanyalah lamunan dalam sesal
Untuk kekasih yang tak kan pernah kumiliki 3r1k1m0”
And it creates a lot of ‘.SCR’ files and also changes Shell Extensions for all Drives(C,D,E,F,G,H..whatever).
So when you try to open any drive,or if you right-click on any drive you’ll be amazed to find “Test,Configure” instead of standard “Open/Explore”.
It also changes the registry to hide all the hidden folders and also disables ‘FOLDER OPTIONS’.
Let’s See How to Remove Surabaya virus
THE SOLUTION:
>>STEP1:First,Delete file ‘Autorun.inf’ which allows the malicious script to run automatically when you click/double click on the drive.
If you are not able to delete it from Windows Explorer,then you can try using ‘DOS Command Prompt’. To enter into this,
Go to Start Menu>Click on RUN>Type ‘cmd’ ,Click ‘OK’.
Now the command prompt will be opened up,
the default root will be ‘C:\Documents and Settings\Administrator>’
You have to change it to ‘C:\’,to do that type ‘cd..’ twice and it’ll take you to ‘C:\’.
Now type attrib autorun.inf -s -h –r[And Hit ‘Enter’-This is to change attributes if the file so that we can delete it]
Now Type ‘DEL autorun.inf’
>>STEP2:The Second step is very important because you need to work with ‘Windows Registry’
Warning:Any unwanted mistakes in the registry,I’ll guarantee you that your OS will be dumped.
Ok let’s start it:
As in the first step,go to Start>Click on RUN>type ‘REGEDIT’ and press ‘ok’.
[Note:’REGEDIT’ stands for Windows Registry Edit]
Then Click on>“HKEY_LOCAL_MACHINE”[Click onthe ‘+’ sign]
Then find ‘SOFTWARE’ and Again Click on the ‘+’ sign next to it.
Next Find ‘Microsoft’ under it and then ‘WINDOWS NT’
Next ‘CURRENT VERSION’ and finally find ‘WINLOGON’.
The path you’ve followed is HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>CURRENT VERSION’ >WINLOGON
on the right windows (under data) modify or delete “LegalNoticeCaption” & “LegalNoticeText”.
This removes any message coming up in the start up.
>>STEP3:Let’s see how to enable FOLDER OPTIONS to show hidden files
Follow START>RUN>Type CMD>Type REGEDIT
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\
Hidden\SHOWALL
If CheckedValue = "0" the change it to “1” as shown above.
This will enable the ‘FOLDER OPTIONS’ and will show hidden files/folders if checked.
This will only stop from running again,but will not actually kill it,You have use good Anti-Virus Softwares like Kaspersky Anti-Virus/AVG/BItDefender
Tuesday, February 10, 2009
|
Labels:
Tips n Trick
|
How About Them?
-
-
-
Pada Garis Takdir2 years ago
-
-
-
脱毛サロンにおけるアフターケア4 years ago
-
-
-
Hello Blog. Babai Facebook!10 years ago
-
-
Korban, Berkorban @ Terkorban..11 years ago
-
E-Cigarettes: The Bagga Brass V1.5 by Wu Tang11 years ago
-
Ulang tahun kelahiran...11 years ago
-
-
-
-
Ahad Yang Bosan...13 years ago
-
Selamat tinggal sayang.....15 years ago
-
Memencilkan diri...15 years ago
-
-
vBLOG Hot FM15 years ago
-
Disclaimer15 years ago
-
-
-
-
-
-
-
-
-
-
My Allied
KillroyLive Chat Box
Killroy Think..
- killr0yLive
- PJ, Selangor, Malaysia
- A true friend respects you for who you are.they won't expect you to change or do things differently just to please them..
3 comments:
thanks a lot for this! it's very easy to understand ..really thank you :)
Hello Killroy, The above post that you've copied is a copy-righted work from http://techrena.blogspot.com--->http://techrena.blogspot.com/2008/11/how-to-deleteremove-surabaya.html
We treat plagiarism seriously and please remove this article or at least mention a back link to the original post or else you may end up loosing your Google account.
i just copy this for my self, not got no profit if i put this in my blog.
this is for my note only...
and i dont copy from your blog, i copy from other blog that maybe copy from yours...
tq
Post a Comment