VIRUS BaTaM HaCKeR

Akhir akhir ini banyak dari sebagian pengguna komputer yang diresahkan dengan munculnya varian baru dari virus BaTam HaCKeR.virus ini mempunyai ciri dia akan membuat account baru dengan nam BaTaM HaCKeR,dan didesktop ada file about.htm.

virus inijuga akan mematikan regedit,msconfig dan juga task manager.untuk mengatasi virus ini tidaklah mudah dan juga tidaklah sulit.

untuk menghilangkan virus ini gunakan smadav anti virus.dan ini adalah cara menghapus virus tersebut:
1.download smadav anti virus download
2.buka windows explorer,cari dimana file kamu simpan
3.click smadav3.5.exe
4.click scan computer
5.setelah selesai scan tinaggal click fixall
dan semua virus BaTaM HaCKeR sudah bersih dari komputer kamu,langkah terakhir simpan script dibawah ini dengan nama repair.inf
*click kanan repair.inf
*pilih install



[Version]

Signature="$Chicago$"

Provider=Vaksincom


[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del



[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""

HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,CheckedValue,0x00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,DefaultValue,0x00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, CheckedValue,0x00010001,0

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, DefaultValue,0x00010001,0

HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, "about:blank"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, type,0, "checkbox"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, type,0, "checkbox"

HKCU, Control Panel\International, s1159,0, "AM"

HKCU, Control Panel\International, s2359,0, "PM"

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"

HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1

HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1

HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0


[del]

HKCU, Software\Microsoft\Internet Explorer\Main, Window Title

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspoold.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspool.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HokageFile.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rin.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMP.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Obito.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KakashiHatake.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HOKAGE4.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansav.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe,debugger

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Instal.exe, debugger

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe,debugger

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansavgd.exe

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind

HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, DisableMSI

HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, LimitSystemRestoreCheckpointing

HKCR, exefile, NeverShowExt

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PaRaY_VM

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ConfigVir

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NviDiaGT

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NarmonVirusAnti

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AVManager

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, EnableLUA

HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore

Grab The Post URL

URL:
HTML link code:
BB (forum) link code:

Leave a comment

  • Google+
  • 0Blogger
  • Facebook
  • Disqus

0 Response to "VIRUS BaTaM HaCKeR"

Post a Comment

comments powered by Disqus