'컴퓨터/일반'에 해당되는 글 20건
- 2010.04.25 Mazelink MU54U Driver
- 2010.04.07 악성코드 삭제({HCQ9D-TVCWX ~~)
- 2010.02.23 태그 정리표
- 2009.05.18 윈도우 7 하드에서 설치하기
- 2009.04.06 vb6ko.dll, msvbvm60.dll 오류 해결방법
- 2008.11.18 regsvr.exe Virus
- 2008.11.18 Num Lk 활성화
- 2008.10.31 OFFICE 초기화
- 2008.08.07 dll 복구
- 2008.03.17 숨은장치제거 다른방법
Restoring Modified Registry Entries
This solution deletes/modifies registry keys/entries added/modified by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs. Refer to this Microsoft article for more information about modifying your computer's registry.
- Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
- In the left panel, double-click the following:
HKEY_CLASSES_ROOT>txtfile>shell>open>command - In the right panel, locate the entry:
Default = "%System Root%\system32\wscript.exe "C:\WINDOWS\system32\
{HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs" %1 %*"
(Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.) - Right-click on the value name and choose Modify. Change the value data of this entry to:
%System Root%\system32\NOTEPAD.EXE %1 - In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows NT>CurrentVersion>
Windows - In the right panel, locate the entry:
load = "C:\WINDOWS\system32\
{HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs" - Right-click on the value name and choose Modify. Change the value data of this entry to blank.
- In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>
Explorer>Advanced>Folder>Hidden>SHOWALL - In the right panel, locate the entry:
CheckedValue = "0" - Right-click on the value name and choose Modify. Change the value data of this entry to:
1 - In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>
Policies>Explorer - In the right panel, locate the entry:
NoDriveTypeAutoRun = "81" - Right-click on the value name and choose Modify. Change the value data of this entry to:
91 - In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>
Explorer>Advanced - In the right panel, locate the entry:
ShowSuperHidden = "0" - Right-click on the value name and choose Modify. Change the value data of this entry to:
1 - Close Registry Editor.
Important Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.
Users running other Windows versions can proceed with the succeeding solution set(s).
Running Trend Micro Antivirus
If you are currently running in safe mode, please restart your computer normally before performing the following solution.
Scan your computer with Trend Micro antivirus and delete files detected as VBS_RUNAUTO.L. To do this, Trend Micro customers must download the latest virus pattern file and scan their computers. Other Internet users can use HouseCall, the Trend Micro online threat scanner.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS%5FRUNAUTO%2EL&VSect=Sn
보호되어 있는 글입니다.
내용을 보시려면 비밀번호를 입력하세요.
보호되어 있는 글입니다.
내용을 보시려면 비밀번호를 입력하세요.
There are so many types of computer viruses in this world that removing them and finding a specific solution for each of them is a big ask. One such virus that screwed me is regsvr.exe classified as a W32.Imaut worm.
It has become a daily routine that when I plug my pen drive in my college systems (full of all kinds of viruses), it gets infected by the viruses instantly. Though the Anti Virus I use (Symantec) successfully detects and remove them but I feel that I should discuss the steps to remove regsvr.exe virus.
What the regsvr.exe virus does?
• This worm creates folders and a registry entry to enable its automatic execution at every system startup.
• This worm also creates a scheduled task to enable its automatic execution at a specified date and/or time.
• It also creates Autorun.inf file for its auto execution.
Solution to fix the problem:
1. If the task manager and registry editor is disabled then we need to enable them first. Read this post.
2. Delete the Autorun.inf file created by the virus. Read this post to know how to do that.
3. Now type msconfig in the Run dialog and click on startup tab.
4. Look for regsvr and uncheck any options, click OK.
5. Now traverse to control panel -> scheduled tasks, and delete the At1 task that might be listed there.
6. Type regedit in the Run dialog to open the registry editor.
7. Click on Edit -> Find and search for regsvr.exe
8. Just delete all the occurrences of regsvr.exe virus (do not confuse it with regsvr32.exe which is not a virus).
9. Navigate to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the entry Shell = “Explorer.exe regsvr.exe” to delete the regsvr.exe from it.
10. Now to actually delete the virus from the system go to system32 folder and delete the regsvr.exe virus file from there (you will need to uncheck the option of “Hide Protected System Files and Folders” in Folder Options to view the virus file).
Reboot the system for changes to take place.
C:\>expand D:\i386\ntoskrnl.ex_ C:\windows\system32
D드라이브안 i386폴더안의 ntoskrnl.ex_파일을 C:\windows\system32폴더안으로 복원
C:\>expand D:\i386\hal.dl_ C:\windows\system32
D드라이브안 i386폴더안의 hal.dl_파일을 C:\windows\system32폴더안으로 복원
C:\>bootcfg /rebuild
운영체제의 boot.ini의 부팅구성과 복구
로드ID(현재사용중인 운영체제를 입력합니다)
예)
Professional 인경우 ? Microsoft Windows XP Professional
HomeEdition 인경우 ? Microsoft Windows XP HomeEdition
os load option(부팅옵션을 지정합니다)
예)
서비스팩1가 설치된 운영체제인경우? /fastdetect
서비스팩2가 설치된 운영체제인경우? /noexecute=optin /fastdetect