Manual Clean Removal Instruction for Worm.Pabug.ck or Worm.Pabug.co Manual malinis na pagtanggal ng pagtuturo para sa Worm.Pabug.ck o Worm.Pabug.co
Worm.Pabug.ck is a computer virus also known as Worm.Pabug.co, Dropper/QQPass.48436, Trojan-PSW.Win32.QQPass.jh or DeepScan.Generic.Malware.SP!dldPk!g.01C03DEE. Worm.Pabug.ck ay isang computer virus na kilala rin bilang Worm.Pabug.co, Dropper/QQPass.48436, Trojan-PSW.Win32.QQPass.jh o DeepScan.Generic.Malware.SP! DldPk! G.01C03DEE. The virus carries high system risk as the malicious dropper will disable some commonly used anti-virus software and unable to open security applications. Ang virus na nagdadala mataas na sistema ng panganib bilang ng malisyosong dropper ay huwag paganahin ang ilang karaniwang ginagamit anti-virus software at hindi para buksan ang mga aplikasyon ng seguridad. Other reported infected symptoms include unable to update virus signatures, unable to access or load antivirus websites or forums. Ibang iniulat apektadong sintomas hindi isama sa i-update ang virus signatures, hindi ma-access o load antivirus website o forums. All these effects caused the removal or disinfection process for Worm.Pabug.ck/co virus a little bit harder. Lahat ng mga epekto sanhi ng pagtanggal o disimpektahin proseso para sa Worm.Pabug.ck / co lubhang nakapipinsala ng isang maliit na bit mahirap.
The worm can’t self-propagate. Ang worm ay hindi maaaring mag-anak-sa-sarili. It is likely that the system could be infected when a user downloads an executable file from email, messenger, board, and download centers and run the file. Ito ay malamang na ang sistema ay maaaring may impeksyon kapag ang isang user ay nagda-download ng isang executable file mula sa email, messenger, board, at i-download centers at patakbuhin ang file. Or, it is possible that it is installed by other malicious codes (worms, viruses and trojan horses). O, ito ay posible na ito ay nai-install sa pamamagitan ng iba pang mga malisyosong code (bulate, virus at trojan kabayo). The worm which is a dropper, when executed, will create the following files: Ang worm na kung saan ay isang dropper, kapag naisakatuparan, ay lumikha ng sumusunod na file:
%systemroot%\system32\gfosdg.exe or jusodl.exe % systemroot% \ system32 \ gfosdg.exe o jusodl.exe
%systemroot%\system32\gfosdg.dll or jusodl.dll % systemroot% \ system32 \ gfosdg.dll o jusodl.dll
%systemroot%\system32\severe.exe % systemroot% \ system32 \ severe.exe
%systemroot%\system32\drivers\mpnxyl.exe or pnvifj.exe % systemroot% \ system32 \ driver \ mpnxyl.exe o pnvifj.exe
%systemroot%\system32\drivers\conime.exe % systemroot% \ system32 \ driver \ conime.exe
%systemroot%\system32\hx1.bat % systemroot% \ system32 \ hx1.bat
%systemroot%\system32\noruns.reg % systemroot% \ system32 \ noruns.reg
X:\OSO.exe X: \ OSO.exe
X:\autorun.inf X: \ autorun.inf
X represents non-system hard drive. X ay kumakatawan sa non-system hard drive. %systemroot% folder is usually C:\Windows on most systems (so the path to the infected files are C:\Windows\System for Windows 95/98/ME, C:\WinNT\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP). %% systemroot folder ay karaniwang C: \ Windows sa karamihan ng sistema (kaya ang landas sa ang mga nahawaang file ay C: \ Windows \ System para sa Windows 95/98/ME, C: \ WinNT \ System32 para sa Windows NT/2000, o C : \ Windows \ System32 para sa Windows XP).
Beside, the dropper also adds the following value to Windows registry key entries by executing noruns.reg and then delete the file once done to run itself automatically whenever Windows starts. Sa tabi, ang dropper din nagdadagdag ng mga sumusunod na halaga sa Windows registry key entries by executing noruns.reg at pagkatapos ay tanggalin ang mga file sa sandaling tapos na tumakbo mismo ay awtomatikong magsisimula kapag Windows.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer]
“NoDriveTypeAutoRun”=dword:b5 "NoDriveTypeAutoRun" = dword: b5
Above change the auto run method of the drive. Sa itaas baguhin ang mga auto tumakbo paraan ng drive.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
“jusodl” = “C:\WINDOWS\system32\severe.exe” "Jusodl" = "C: \ WINDOWS \ system32 \ severe.exe"
“pnvifj” = “C:\WINDOWS\system32\jusodl.exe” "Pnvifj" = "C: \ WINDOWS \ system32 \ jusodl.exe"
or o
“mpnxyl” = “C:\WINDOWS\system32\gfosdg.exe” "Mpnxyl" = "C: \ WINDOWS \ system32 \ gfosdg.exe"
“gfosdg” = “C:\WINDOWS\system32\severe.exe” "Gfosdg" = "C: \ WINDOWS \ system32 \ severe.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
“Shell” = “explorer.exe C:\WINDOWS\system32\drivers\conime.exe” "Shell" = "explorer.exe C: \ WINDOWS \ system32 \ driver \ conime.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File pagpapatupad Opsyon]
Debugger = Windows system folder\drivers\pnvifj.exe Debugger = Windows system folder \ driver \ pnvifj.exe
or o
“Debugger”=”C:\WINDOWS\system32\drivers\mpnxyl.exe” "Debugger" = "C: \ WINDOWS \ system32 \ driver \ mpnxyl.exe"
The above registry value is for the child registry key which based on the executables file names of the security programs, so that when these security software are been double clicked, the virus file that is been run. Ang pagpapatala sa itaas na halaga ay para sa mga anak pagpapatala susi na batay sa mga executables file pangalan ng mga security programs, kaya na kapag ang seguridad ng software ang mga ito ay nai-double-click, ang mga virus ang file na ito ay nai-tumakbo. The child registry keys include: Ang anak ng pagtatala key ay kasama ang:
+ 360Safe.exe + 360Safe.exe
+ adam.exe + Adam.exe
+ avp.com + Avp.com
+ avp.exe + Avp.exe
+ IceSword.exe + IceSword.exe
+ iparmo.exe + Iparmo.exe
+ kabaload.exe + Kabaload.exe
+ KRegEx.exe + KRegEx.exe
+ KvDetect.exe + KvDetect.exe
+ KVMonXP.kxp + KVMonXP.kxp
+ KvXP.kxp + KvXP.kxp
+ MagicSet.exe + MagicSet.exe
+ mmsk.exe + Mmsk.exe
+ msconfig.com + Msconfig.com
+ msconfig.exe + Msconfig.exe
+ PFW.exe + PFW.exe
+ PFWLiveUpdate.exe + PFWLiveUpdate.exe
+ QQDoctor.exe + QQDoctor.exe
+ Ras.exe + Ras.exe
+ Rav.exe + Rav.exe
+ RavMon.exe + RavMon.exe
+ regedit.com + Regedit.com
+ regedit.exe + Regedit.exe
+ runiep.exe + Runiep.exe
+ SREng.EXE + SREng.EXE
+ TrojDie.kxp + TrojDie.kxp
+ WoptiClean.exe + WoptiClean.exe
The worm terminates following running process(es). Ang worm terminates mga sumusunod na tumatakbo na proseso (es). Targets (listed below) are antivirus software, firewall, system process, and other malicious codes. Target (nakalista sa ibaba) ay ang antivirus software, firewall, sistema ng proseso, at iba pang mga malisyosong code. The command used in ‘net stop’ and using sc.exe to configure forbid usage of these services with the command “config [service_name] start=disabled” Ang command na ginagamit sa 'net stop' at ang paggamit ng sc.exe upang isaayos ang ipinagbabawal ng paggamit ng mga serbisyong ito sa pamamagitan ng command na "config [service_name] start = disable"
srservice
sharedaccess
KVWSC
KVSrvXP
kavsvc
RsRavMon
RsCCenter
The virus also terminates and stops the following process from running: Ang virus din terminates at huminto ang mga sumusunod na mga proseso mula sa mga tumatakbo:
PFW.exe
Kav.exe
KVOL.exe
KVFW.exe
adam.exe
qqav.exe
qqkav.exe
TBMon.exe
kav32.exe
kvwsc.exe
CCAPP.exe
EGHOST.exe
KRegEx.exe
kavsvc.exe
VPTray.exe
RAVMON.exe
KavPFW.exe
SHSTAT.exe
RavTask.exe
TrojDie.kxp
Iparmor.exe
MAILMON.exe
MCAGENT.exe
KAVPLUS.exe
RavMonD.exe
Rtvscan.exe
Nvsvc32.exe
KVMonXP.exe
Kvsrvxp.exe
CCenter.exe
KpopMon.exe
RfwMain.exe
KWATCHUI.exe
MCVSESCN.exe
MSKAGENT.exe
kvolself.exe
KVCenter.kxp
kavstart.exe
RAVTIMER.exe
RRfwMain.exe
FireTray.exe
UpdaterUI.exe
KVSrvXp_1.exe
RavService.exe
It also modifies HOSTS file to keep the user from connecting specifiec addresses. Ito din modifies nagho-host ng file na panatilihin ang mga gumagamit mula sa pagkonekta specifiec address. Generally, the addresses are homepages of Internet security sites and antivirus engine updates servers. Kadalasan, ang mga address ay mga homepage ng Internet security sites at antivirus engine update server. So the infected system’s user can’t get information or engine updates to scan and remove the malicious code. Kaya ang nahawaang sistema ng user ay hindi maaaring makakuha ng impormasyon o engine update sa pag-scan at tanggalin ang mga malisyosong code.
Following is the addresses that are blocked: Ay ang mga sumusunod na mga address na ay hinarangan:
127.0.0.1 localhost 127.0.0.1 localhost
127.0.0.1 mmsk.cn 127.0.0.1 mmsk.cn
127.0.0.1 ikaka.com 127.0.0.1 ikaka.com
127.0.0.1 safe.qq.com 127.0.0.1 safe.qq.com
127.0.0.1 360safe.com 127.0.0.1 360safe.com
127.0.0.1 www.mmsk.cn 127.0.0.1 www.mmsk.cn
127.0.0.1 www.ikaka.com 127.0.0.1 www.ikaka.com
127.0.0.1 tool.ikaka.com 127.0.0.1 tool.ikaka.com
127.0.0.1 www.360safe.com 127.0.0.1 www.360safe.com
127.0.0.1 zs.kingsoft.com 127.0.0.1 zs.kingsoft.com
127.0.0.1 forum.ikaka.com 127.0.0.1 forum.ikaka.com
127.0.0.1 up.rising.com.cn 127.0.0.1 up.rising.com.cn
127.0.0.1 scan.kingsoft.com 127.0.0.1 scan.kingsoft.com
127.0.0.1 kvup.jiangmin.com 127.0.0.1 kvup.jiangmin.com
127.0.0.1 reg.rising.com.cn 127.0.0.1 reg.rising.com.cn
127.0.0.1 update.rising.com.cn 127.0.0.1 update.rising.com.cn
127.0.0.1 update7.jiangmin.com 127.0.0.1 update7.jiangmin.com
127.0.0.1 download.rising.com.cn 127.0.0.1 download.rising.com.cn
127.0.0.1 dnl-us1.kaspersky-labs.com 127.0.0.1 dnl-us1.kaspersky-labs.com
127.0.0.1 dnl-us2.kaspersky-labs.com 127.0.0.1 dnl-us2.kaspersky-labs.com
127.0.0.1 dnl-us3.kaspersky-labs.com 127.0.0.1 dnl-us3.kaspersky-labs.com
127.0.0.1 dnl-us4.kaspersky-labs.com 127.0.0.1 dnl-us4.kaspersky-labs.com
127.0.0.1 dnl-us5.kaspersky-labs.com 127.0.0.1 dnl-us5.kaspersky-labs.com
127.0.0.1 dnl-us6.kaspersky-labs.com 127.0.0.1 dnl-us6.kaspersky-labs.com
127.0.0.1 dnl-us7.kaspersky-labs.com 127.0.0.1 dnl-us7.kaspersky-labs.com
127.0.0.1 dnl-us8.kaspersky-labs.com 127.0.0.1 dnl-us8.kaspersky-labs.com
127.0.0.1 dnl-us9.kaspersky-labs.com 127.0.0.1 dnl-us9.kaspersky-labs.com
127.0.0.1 dnl-us10.kaspersky-labs.com 127.0.0.1 dnl-us10.kaspersky-labs.com
127.0.0.1 dnl-eu1.kaspersky-labs.com 127.0.0.1 dnl-eu1.kaspersky-labs.com
127.0.0.1 dnl-eu2.kaspersky-labs.com 127.0.0.1 dnl-eu2.kaspersky-labs.com
127.0.0.1 dnl-eu3.kaspersky-labs.com 127.0.0.1 dnl-eu3.kaspersky-labs.com
127.0.0.1 dnl-eu4.kaspersky-labs.com 127.0.0.1 dnl-eu4.kaspersky-labs.com
127.0.0.1 dnl-eu5.kaspersky-labs.com 127.0.0.1 dnl-eu5.kaspersky-labs.com
127.0.0.1 dnl-eu6.kaspersky-labs.com 127.0.0.1 dnl-eu6.kaspersky-labs.com
127.0.0.1 dnl-eu7.kaspersky-labs.com 127.0.0.1 dnl-eu7.kaspersky-labs.com
127.0.0.1 dnl-eu8.kaspersky-labs.com 127.0.0.1 dnl-eu8.kaspersky-labs.com
127.0.0.1 dnl-eu9.kaspersky-labs.com 127.0.0.1 dnl-eu9.kaspersky-labs.com
127.0.0.1 dnl-eu10.kaspersky-labs.com 127.0.0.1 dnl-eu10.kaspersky-labs.com
The virus is may also affect USB flash drive or portable hard disk, by autorun OSO.exe. Ang virus ay maaaring ring makaapekto sa USB flash drive o portable hard disk, sa pamamagitan ng autorun OSO.exe. All non system partition will contains OSO.exe and autorun.inf virus files too. Lahat ng mga hindi system partition ay naglalaman ng OSO.exe at autorun.inf virus file masyadong. Beside, system time may be changed too to cause some anti virus programs to expire. Sa tabi, sistema ng panahon ay maaaring maging sanhi sa mga masyadong nagbago ng ilang mga programa sa anti lubhang nakapipinsala mawawalan ng bisa.
How to Remove and Disinfect Worm.Pabug.ck or Worm.Pabug.co Manually Kung paano Alisin at disimpektahin Worm.Pabug.ck o Worm.Pabug.co nang mano-mano
To run antivirus program that has been disabled, you can try to rename the antivirus executable file name to another file name, and then run the new file name. Upang patakbuhin ang antivirus program na ito ay hindi pinagana, maaari mong subukang muli ang antivirus maipapatupad na file na pangalan sa ibang file name, at pagkatapos ay tatakbo ng bagong file name.
Terminate and end the following processes (tasks) using Task Manager (alternative you can use procexp): Tapusin at tapusin ang mga sumusunod na proseso (gawain) gamit ang Task Manager (alternative maaari mong gamitin ang procexp):
%systemroot%\system32\gfosdg.exe % systemroot% \ system32 \ gfosdg.exe
%systemroot%\system32\severe.exe % systemroot% \ system32 \ severe.exe
%systemroot%\system32\drivers\conime.exe % systemroot% \ system32 \ driver \ conime.exe
Remove the registry key added by virus under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options registry key using Registry Editor or Alisin ang pagpapatala susi idinagdag sa pamamagitan ng virus sa ilalim ng HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File pagpapatupad Opsyon pagpapatala susi sa paggamit ng pagtatala o Editor Autoruns (for Autoruns, remember to first select Options -> Hide Microsoft Entries to avoid mistaken delete valid entries). This process will allow anti virus or security software or system utilities such as IceSword, SREng and etc to be able to function properly again: (para sa Autoruns, tandaan sa unang piliin ang Opsyon -> Itago ang Microsoft Entries upang maiwasan ang mga mali burahin ang balidong entries). Ang prosesong ito ay magbibigay-daan sa anti lubhang nakapipinsala o seguridad ng software o system utilities tulad ng IceSword, SREng at etc para ma-function ng maayos ulit:
+ 360Safe.exe c:\windows\system32\drivers\mpnxyl.exe + 360Safe.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ adam.exe c:\windows\system32\drivers\mpnxyl.exe + Adam.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ avp.com c:\windows\system32\drivers\mpnxyl.exe + Avp.com c: \ windows \ system32 \ driver \ mpnxyl.exe
+ avp.exe c:\windows\system32\drivers\mpnxyl.exe + Avp.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ IceSword.exe c:\windows\system32\drivers\mpnxyl.exe + IceSword.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ iparmo.exe c:\windows\system32\drivers\mpnxyl.exe + Iparmo.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ kabaload.exe c:\windows\system32\drivers\mpnxyl.exe + Kabaload.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ KRegEx.exe c:\windows\system32\drivers\mpnxyl.exe + KRegEx.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ KvDetect.exe c:\windows\system32\drivers\mpnxyl.exe + KvDetect.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ KVMonXP.kxp c:\windows\system32\drivers\mpnxyl.exe + KVMonXP.kxp c: \ windows \ system32 \ driver \ mpnxyl.exe
+ KvXP.kxp c:\windows\system32\drivers\mpnxyl.exe + KvXP.kxp c: \ windows \ system32 \ driver \ mpnxyl.exe
+ MagicSet.exe c:\windows\system32\drivers\mpnxyl.exe + MagicSet.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ mmsk.exe c:\windows\system32\drivers\mpnxyl.exe + Mmsk.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ msconfig.com c:\windows\system32\drivers\mpnxyl.exe + Msconfig.com c: \ windows \ system32 \ driver \ mpnxyl.exe
+ msconfig.exe c:\windows\system32\drivers\mpnxyl.exe + Msconfig.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ PFW.exe c:\windows\system32\drivers\mpnxyl.exe + PFW.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ PFWLiveUpdate.exe c:\windows\system32\drivers\mpnxyl.exe + PFWLiveUpdate.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ QQDoctor.exe c:\windows\system32\drivers\mpnxyl.exe + QQDoctor.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ Ras.exe c:\windows\system32\drivers\mpnxyl.exe + Ras.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ Rav.exe c:\windows\system32\drivers\mpnxyl.exe + Rav.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ RavMon.exe c:\windows\system32\drivers\mpnxyl.exe + RavMon.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ regedit.com c:\windows\system32\drivers\mpnxyl.exe + Regedit.com c: \ windows \ system32 \ driver \ mpnxyl.exe
+ regedit.exe c:\windows\system32\drivers\mpnxyl.exe + Regedit.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ runiep.exe c:\windows\system32\drivers\mpnxyl.exe + Runiep.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
+ SREng.EXE c:\windows\system32\drivers\mpnxyl.exe + SREng.EXE c: \ windows \ system32 \ driver \ mpnxyl.exe
+ TrojDie.kxp c:\windows\system32\drivers\mpnxyl.exe + TrojDie.kxp c: \ windows \ system32 \ driver \ mpnxyl.exe
+ WoptiClean.exe c:\windows\system32\drivers\mpnxyl.exe + WoptiClean.exe c: \ windows \ system32 \ driver \ mpnxyl.exe
Remove the following auto run on Windows startup registry entries located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run registry key by using Registry Editor or SREng (System Repair Engineer) Alisin ang mga sumusunod na mga auto tumakbo sa Windows startup registry entries na matatagpuan sa HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run pagpapatala susi sa pamamagitan ng paggamit ng pagpapatala Editor o SREng (System Repair Engineer)
“mpnxyl”=”C:\WINDOWS\system32\gfosdg.exe” "Mpnxyl" = "C: \ WINDOWS \ system32 \ gfosdg.exe"
“gfosdg”=”C:\WINDOWS\system32\severe.exe” "Gfosdg" = "C: \ WINDOWS \ system32 \ severe.exe"
Also navigate to the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry key, double click on it and remove the text behind “Explorer.exe” in the value data, so that it will become looked like as below: Din mag-navigate sa HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon pagpapatala susi, double-click sa mga ito at tanggalin ang text sa likod ng "Explorer.exe" sa halaga ng data, upang ito ay maging mukhang bilang sa ibaba:
“shell”=”Explorer.exe” "Shell" = "Explorer.exe"
Next delete all files planted by the virus. Susunod na tanggalin ang lahat ng mga file sa pamamagitan ng nakatanim ang virus. Note that even if you right click on these infected files may trigger the infection process, so it’s recommended to use IceSword or WinRAR to delete these files: Tandaan na ang kahit na right click sa mga nahawaang file ay maaaring mag-trigger ang impeksiyon sa proseso, kung kaya't inirerekomenda na gamitin IceSword o WinRAR upang tanggalin ang mga file na ito:
%systemroot%\system32\gfosdg.exe % systemroot% \ system32 \ gfosdg.exe
%systemroot%\system32\gfosdg.dll % systemroot% \ system32 \ gfosdg.dll
%systemroot%\system32\severe.exe % systemroot% \ system32 \ severe.exe
%systemroot%\system32\drivers\mpnxyl.exe % systemroot% \ system32 \ driver \ mpnxyl.exe
%systemroot%\system32\drivers\conime.exe % systemroot% \ system32 \ driver \ conime.exe
%systemroot%\system32\hx1.bat % systemroot% \ system32 \ hx1.bat
%systemroot%\system32\noruns.reg % systemroot% \ system32 \ noruns.reg
X:\OSO.exe X: \ OSO.exe
X:\autorun.inf X: \ autorun.inf
X mean all non system partitions, including your USB flash drive and portable hard disk. X ibig sabihin ng lahat ng hindi hati system, kasama ang inyong mga USB flash drive at portable hard disk.
System Recovery and Clean Up System Recovery at malinis Up
Navigate to the following registry keys and add back the original value. Mag-navigate sa mga sumusunod na mga pagpapatala keys at magdagdag ng bumalik sa orihinal na halaga.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL]
“CheckedValue”=dword:00000001 "CheckedValue" = dword: 00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer]
“NoDriveTypeAutoRun” value is vary depending on system, normally by default it will set as 91 (in HEX value) "NoDriveTypeAutoRun" halaga ay nag-iiba-iba depende sa sistema, sa pamamagitan ng normal na default na ito ay naka-set na 91 (sa hex value)
Next remove all contents added by the worm in Hosts file. Susunod na tanggalin ang lahat ng mga nilalaman na idinagdag ng worm sa Hosts file. Use Notepad to open %systemroot%\system32\drivers\etc\hosts, and remove the entries or lines specified above. Gamitin ang Notepad para buksan ang% systemroot% \ system32 \ driver \ etc \ host, at tanggalin ang mga entries o linya na tinukoy sa itaas. If you’re using SREng, simply click on “System Recovery” -> “Hosts file”, then click “Replace” and then “Save”. Kung ikaw ay gumagamit ng SREng, i-click lamang sa "System Recovery" -> "Hosts file", pagkatapos ay i-click ang "Palitan ang" at pagkatapos ang "Save".
Finally, you will need to recover or repair or reinstall the anti virus program, if it has been damaged. Panghuli, kailangan mong makuha o repair o muling i-install ang anti virus na program, kung ito ay nasira.
IMPORTANT : This is a machine translated page which is provided "as is" without warranty. MAHALAGA: Ito ay isang makina isinalin pahina na kung saan ay ibinigay "bilang ganito" walang warranty. Machine translation may be difficult to understand. Makina ng pagsasalin ay maaaring mahirap maintindihan. Please refer to Mangyaring sumangguni sa original English article orihinal na Ingles article whenever possible. hangga't maaari.
Share and contribute or get technical support and help at Share at kontribusyon o makakuha ng teknikal na suporta at tulong sa My Digital Life Forums Aking Digital buhay Forums .
Related Articles Mga Kaugnay na Akda
- Manual and Clean Uninstall Oracle for Windows Manual at malinis na i-uninstall Oracle for Windows
- Dr.Web CureIt! Dr.Web CureIt! Free Download to Clean Virus, Worm, Rootkit, Spyware and Other Malwares Libreng Download sa Clean Virus, worm, Rootkit, Spyware at Iba Pang Malwares
- AMD Introduced SSE5 Instruction Set Extensions AMD nagpasimula ng SSE5 pagtuturo Itakda ang extension
- How to Use Tachymeter Function on Watch Bezel - Usage Instruction and Definition Paano sa Paggamit Tachymeter Function sa Bezel Watch - Paggamit sa tagubilin at Definition
- Avoid Santa Claus Worm While Celebrating Christmas Iwasan ang Santa-Klaus worm habang Celebrating Christmas
- New SanDisk SD WORM (Write Once Read Many) Card Offering Up To 100-year Archive Life Bagong SanDisk SD worm (Isulat Kapag maraming read) card na nag-aalok ng hanggang sa 100-taon archive buhay
- Manual Setting on White Balance Manual setting sa White Balance
- Create Your Own Removal Tool Gumawa ng iyong sariling removal na Kasangkapan
- Download Yahoo Messenger for Vista 2007.11.30.421 Standalone Manual Setup Installer Pag-download ng Yahoo Messenger para sa Vista 2007.11.30.421 standalone Manual Setup Installer
- Malicious Software Removal Tools by Microsoft Malisyosong software ng pagtanggal ng mga kasangkapan sa pamamagitan ng Microsoft
