Tuesday, May 6, 2008

Hilangkan Spyware using Ad-Aware

Banyak pengguna komputer memiliki Spyware dan tidak tahu itu mereka miliki, dan tidak tahu bagaimana cara menghilangkannya. Jika komputer anda sedang membuka website yang tidak ingin anda buka, atau jika anda mendapat pop-ups ketika anda tidak sedang berada pada Internet, atau jika komputer anda berjalan sangat lambat, tanpa alasan, anda mungkin memiliki Spyware.

2 program AntiSpyware yang bagus adalah: AdAware SE dan SpyBot. Kedua program ini sangat disarankan oleh TechTV dan syarikat komputer lainnya dan keduanya dapat berkerja secara bersama dengan baik. Mereka saling melengkapi dan menangkap Spyware jika yang lain gagal melakukannya.

Jika selepas pemasangan antivirus tersebut anda masih tidak dapat membuang atau menghapuskan Spyware tersebut, anda mungkin perlu membawa komputer anda kepada pakar yang dapat menyelesaikannya.

Harus diingat juga, sebahagian Spyware adalah sungguh bijak. Walaupun anda telah membuangnya daripada sistem komputer, namun ia berupaya untuk masuk semula secara sendiri kedalam komputer anda. Keadaan ini boleh menyebabkan gangguan kepada kerja anda seharian terutamanya mereka yang menjalankan perniagaan menggunakan sistem komputer.

Jika keadaan ini sukar di selesaikan, satu cara terbaik untuk anda lakukan ialah buat back up terhadap fail yang anda perlukan dan format hard disk anda seterusnya install semula sistem operasi tersebut. (*Last Resort to do)

Posted by at No comments:

IE Hacked by Pokemon

Did your Internet Explorer title bar shown this "Hacked by Pokemon"?Don't worry this is not a high risk virus.Just some visual basic program.The file that run this visual basic is BHA.VBS.DLL.We at Zooltechnology.com will show you how to remove this bug manually.

Description

-This thread will infected every of your partition including removable drive.This is because the script was written to generate bha.vbs.dll and autorun.inf.

-This thread can spread via removable drive such as pendrive or other storage device because of its capability to generate dll file using vbs script.

-This thread also will generate new registry value in your windows registry that is:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL - winpath&"\Bha.dll.vbs

HKCR\vbsfile\DefaultIcon - shell32.dll

And also modify this registry value:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","Hacked by pokemon"

-All your partition cannot open normally if your PC infected because the authority was given to the 'autoplay' option not 'open' option if normal condition.To ensure this,just right click one of your drives and see the first bolt option,is it open or autoplay.

Did your pc infected by these thread?

-Just right click any of your hard disk partition drive or removable disk, if the AutoPlay is the main authority of your right click popup, you PC might be infected but not confirmed yet because these symptom cause by autorun.inf file.


In normal windows operation, the ‘Open’ option always on top not ‘AutoPlay’

-To confirmed that your PC infected by this thread, you will see these word on top of your Internet Explorer bar:


This thread caused by these two files: Autorun.Inf and bha.vbs.dll as seen on figure below.


-This file is a system file, you cannot see this file until you unhidden this file. So, how to unhidden this file?


Step to unhidden

Firstly, open My Computer, click tools and choose Folder Options…

-This Window will popup:


-Uncheck Hide protected operating system files (Recommended) and Use simple file sharing(Recommended)

-Click Apply and Close the window.

-Then open any of your drive and you may see the file.Don’t delete it first because you may find an error that the file is in use.To stop the process, open windows task manager by press CTRL+ALT+DELETE.


-Select wscript.exe and click End Process. Continue the step by clicking OK.

-After that you may delete that file in every partition of your drive including removable drive.


WARNING: When you open your drive partition, MAKE SURE you open by right clicking it and choose Open, IF NOT,the thread will RUNNING again.

Is your PC free from this thread after you delete all that files?

Not yet,why?Because the generated script file still in the system volume!System volume is the placed that windows will save their system restore file.Every partition has its own system volume file.But you cannot access the folder because access to the are denied by windows security.To access this folder you must get permission from windows security.How?

Enable the access

Right click System Volume Information and choose Sharing and Security...


-Then System Volume Information Properties window will popup.Click at the security* tab and Choose Add...

*-Make sure you log in as Administrator to access this security tab.


-Then enter your current Administrator name,if none just type Administrator and click OK


After you done this step,you can now access the System Volume information folder.



Clearing the .vbs file in system volume information

How to clearing the .vbs file in System Volume Information with many folder in it?In this case,we just using windows file search on

START-->Search


-Choose option search for File And Folders

-follow the above figure step.

-Choose browse..* and search for system volume information folder in every drive partition.

*- Windows will not search the system volume information folder if you just choose to search local disk.you must set the search manager to search for the system volume information for each drive including removable drive.


-After you finish searching,the result of this .vbs file is in A00XXXXX.vbs and the file size is 4kb.Delete all the files and do all these step to all partition drive.Make sure no files left!


Cleaning the registry

-After clean and delete the file, now you must clean the windows registry because this thread generate new registry value after they were activated.

-Run registry editor:START--->Run (type regedit)

-Open this location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL

Delete registry named MS32DLL

-And open this location:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

-Choose Window title and edit the string.

-You may put any names or delete the string value (Window title)

-Then reboot your PC

-See the result!!! hope can remove... try it 1st...

Posted by at No comments:

How to remove JambanMU.com

JambanMu.com Virus Info

Lately, a lot of my friends' computer has been infected by JambanMu.Com virus. What can I say is this virus is quit annoying because it messing up with your registry. Your computer may become slow because this virus will load your registry with unnecessary entry that they created.

Here's what the virus did to your system you've been infected :-
->Disable Task Manager
->Disable Folder Option
->Disable Regedit
->Disable "cmd"
->JambanMu.com run everytime you start your computer(at startup)
{
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
Shell = Explorer.exe has been change into:- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
Shell = Explorer.exe %sysdir% \ JambanMu.com
}

->This virus also will create a few folders and files like flash.10.exe, msconfig.com, cmd.com, jambanmu.com, ping.com, regedit.com, aweks.pikz, msn.msn and many more...
-> This Virus is created by using VB Basic v5 which i believed coding by Malaysian(stupid malaysian).

This program I just found in a forum, very usefull...Thanxxx to the people that create this program.

Download this program

Double click this program.

Restart your PC or Laptop.

** Have been tested by me.It is 100% working.
Posted by at No comments:
Subscribe to: Posts (Atom)