W32.Borax@mide Removal

Standar

cara menghilangkan virus W32.Borax@mide

1. buka notepad…tulis kode dibawah ini,,,,hehehe…

2. atau copy paste ajah,,

‘——cut here———————————————————————————————————————–

on error resume next

dim normalkan

Set normalkan = CreateObject(“WScript.Shell”)

normalkan.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “0”, “REG_DWORD”

normalkan.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “0”, “REG_DWORD”

normalkan.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “0”, “REG_DWORD”

normalkan.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “0”, “REG_DWORD”

normalkan.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “0”, “REG_DWORD”

normalkan.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu”, “0”, “REG_DWORD”

normalkan.regwrite “HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR”, “0”, “REG_DWORD”

normalkan.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel”, “0”, “REG_DWORD”

normalkan.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, “0”, “REG_DWORD”

normalkan.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden”, “0”, “REG_DWORD”

normalkan.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden”, “1”, “REG_DWORD”

normalkan.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “”

normalkan.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText”, “”

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger”, “”

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger”, “”

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avast.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordpad.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Project1.vbp\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avira.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrar.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Wee!.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\find.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enses32.exe\Debugger”,””

normalkan.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc\Debugger”,””

normalkan.regwrite “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText”, “”

normalkan.regwrite “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption”, “”

‘——cuthere———————————————————————————————————————–

3. Simpan dengan nama “Removal_Borax.vbs”

4. hapus autorun virus di registry di HKLM\…\Run dengan nama “B0r4x” dan “Windows”

5. tulis script berikut

‘——cuthere———————————————————————————————————————–

@echo off

del %Windir%\System32\garo2.exe

del %Windir%\System32\Config\Msvbc16.sav.exe

del %Windir%\System\130124.XTR.exe

::Untuk Menghilangkan Username di Windows

net user BORAX_Rock /DELETE

::Hapus File pesan

del %Windir%\Borax-Barox.html

‘——cuthere———————————————————————————————————————–

simpan dengan nama “Borax_Removal.bat”

6. search dengan kriteria file 55 kb dan icon notepad (hmm…Cara yang Ok), file ini ada diseluruh folder satu drive dengan nama yang sama dengan nama foldernya…

7. kayaknya cuma itu deh, soalnya aku belum ketemu lagi apa aja yang dimodif,, .

ENSES32,Antivirus,antivirus,ENSES32 antivirus,antivirus lokal,antivirus indonesia,antivirus karya anak bangsa,ENSES32 antivius security,ENSES32 antivius security 2,New Indonesian Antivirus,ENSES32 Antivirus 2.0.862

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s