Anda di halaman 1dari 4

New: kalau ketika anda menekan CTRL + ALT + DEL, muncul pesan bahwa task manager tidak bisa

diakses, berarti task manager diblok dari registry. Untuk menghidupkannya ada beberapa alternatif : Double klik enable reg, lalu double klik enable task manager menggunakan The Killer Machine, hidupkan task manager

a. Dengan Command Prompt Command prompt sebenarnya mampu menampilkan proses yang sedang berjalan dengan perintah Tasklist. Untuk menghentikan proses kita gunakan perintah Taskkill.

1. Buka command prompt dengan membuka start/run dan mengetik : cmd 2. tulis perintah ini : tasklist /FI IMAGENAME eq w* 3. Akan terdapat list nama proses dengan awalan w. Kalau wscript.exe ada disitu, catat nomor 4.
PID nya pada kolom PID. Lalu teruskan ke langkah 4. Kalau tidak muncul, coba dengan opsi b. tulis : taskkill /pid nomorPID. NomorPID diganti dengan nomor PID yang anda catat di langkah 3

b. Dengan Free Extended Task Manager Free Extended Task Manager adalah program yang mirip dengan task manager, namun memiliki beberapa kelebihan, yaitu mampu menampilkan services yang sedang berjalan. Services dapat langsung di restart maupun dihentikan dengan mudah.

1. Download programnya disini


2. 3. 4. Lihat pada tab processes, apakah wscript muncul Klik kanan pada nama proses, lalu pilih End Process Tree Kalau belum berhasil juga, teruskan ke opsi c.

You fell ill a computer virus / malware folder shortcut harry potter.lnk, microsoft.lnk, new folder with file type is shortcut, file size is 1 Kb and many more indicator. The author use of Windows XP SP2 but this virus may attack on vista too.

According to my way of hypothetical virus / malware is as follows: Virus / malware will put this file database.mdb, thumb.db, Autorun.inf, shortcut folder harry potter .... lnk, microsoft folder shortcuts, folders and shortcuts to folders on the new document. Virus / malware will enable wscript.exe file that is located in the system32 folder on the Windows folder to run the file on my database.mdb document. Shortcut folders will be related to the earlier file wscript.exe and thumb.db. If you open a shortcut folders before they will activate the file wscript.exe and thumb.db and file will create a duplicate folder shortcut is on your computer, thumb.db file and the file autorun.inf in the drive C. If your computer is exposed to the virus / malware then this whole drive C: you will have found duplicates on your computer, thumb.db file and the file autorun.inf. It also will scan a drive, CD ROM, flash and your network as the media spread of the virus / malware this. There are 2 methods to remove this virus:

Method 1 - With the use of Antivirus update. Antivirus which can identify the virus (You can download directly "here" ), namely: AVG free: detect as VBS Worm. AVG will delete all folders and shortcuts duplicate files main virus earlier. Norton Antivirus 2009 (trial 15 days) : detect as VBSRunauto. Norton will delete all files on the drive thumb.db C. You can delete the Autorun.inf file and folder shortcuts all the duplicates manually. Antivir Avira Premium (license 6 months free) : detect as VBS/Yuyun A or malware DR/Agent.JP.4. Antivir will delete all thumb.db files on the drive C. You can delete the Autorun.inf file and folder shortcuts all the duplicates manually. or other antivirus that have newest update.

Method 2 - With the manual. 1.Turn off system Restore. 2.Turn off the virus by using wscript.exe tool CProcess or CurrProcess (you can download via google). Run Crocess, search tab on the process name wscript.exe then right click on the name of the file and click kill procesess selected. 3.Open Windows Explorer, click the tool menu option, folder option, view, click show hidden files and folders, click / uncheck the Hide extensions for known file types and Hide protected operating system files.Klik OK. 4.Open my documents. Delete the file database.mdb. 5.Click the Search button. Click All Files and Folders. In the All or part of the file name type: thumb.db, in the Look in a click. Delete all files that have been found. Repeat the steps above and delete all files that are found again. 6.Click the Search button. Click All Files and Folders. In the All or part of the file name type: Autorun.inf, Look at the click in my computer. Delete all files that have been found. Repeat the steps above and delete all files that are found again. 7.In step 6 virus is actually missing or no longer active but still have the rest of the shortcut duplicate folders created by malware earlier. 8.If you also want removed, you must be careful once the shortcut is created by the virus with a shortcut to the default windows. The shortcut of the folder is created by the virus that is when we refer to the folder will appear in the link from the shortcut to the windows/system32. That we should be clear. 9.How to find the folder shortcut: Click the Search button. Click All Files and Folders. In the All or part of the file name type: *. lnk, Look at the click in my computer. You must choose from based on the characteristics of a folder shortcut is created by the virus at the top of the line. 10.You can delete the registry made by the virus earlier by using the tool HijackThis. (You can download HijackThis). Click Scan system and only looking at the HKCU \ ... \ ... database.mdb, HKLM \ ... \ .... relating to the WindowsXP cd (I forget the name length, and for that sometimes there is also sometimes not), and HKCU \ ... \ .... disableregedit = 1. click the button fixed. 11.Now restart your computer. In fact, if we do not delete the registry before (step 10) is not a problem, but at the restart windows will appear 2 text box that the first search for the file dialog database.mdb we remove earlier, the second prompted enter cd WindowsXP (this show is that there are also who does not). click Ok. Regedit and then it is likely we will didisable by the virus earlier. This also ga not problem if your brain is often especial registry windows.

Method to prevent the virus come again: Virus this work if we click the folder shortcut new harry potter ... lnk, microsoft. Once we click the folder shortcut its so activated wsript.exe will find a file that is located in the folder windows system32 folder. Wscript.exe actively with the virus will begin to spread. So the key is that the virus is active on the file wscript.exe. For that we must kill wscript.exe way change of the name. Open Windows Explorer, click the tool menu option, folder option, view, click show hidden files and folders, click / uncheck the Hide extensions for known file types and Hide protected operating system files.Klik OK. Open the folder C: \ Windows \ system32 \ dllcache. This folder is collection of files from the backup files in the system32 folder. Find the file and click the right wsript.exe rename a wscriptx.exe for example. And open the C: \ Windows \ system32, find the file and click the right wsript.exe rename wscriptx.exe also be, for example.