worm dlm ym anda (rvhost.exe)

korang taw tak worm yg terhangat kat pasaran skrg..ramai da org bertani worm skrg ni heheh. diaorg kate leh bt ubat2tan n utk produk kecantikkan.. tp laen plak cerita nya ngan worm yahoo mesengger ni..br2 ni beberape pc kat rmh aku kn worm ni...mula2 dia akan kuar error pastu bila korang klik yes mula r dia mguasai pc anda... lagi tanda2 ialah bila ym ada kuar status pelik2 dan hanya kwn anda yg akan perasan sbb anda tak sedar pun..member anda akan terlihat status ym anda..so bila dia klik status tu hahhhhh,...lengkap r kitaran smua org akan kena :D

setelah mbuat carian n merujuk mr google aku dpt taw worm ni nama dia WORM_SILLYFDC.B . Ia adalah worm yg low-risk dengan medium damage and distribution potentials. This worm copies itself dlm removable drives and runs on Windows 98, ME, NT, 2000, XP, and Server
2003. Setelah bjaya mgenal makluk ni...so aku da dpt jalan pnyelesaian..tp penyelesaian ni hanya aku dpt apply kat xp yg laen aku tak try lagi.... so ni step2 dia..pastikan korang follow step ni betul2 k.

1. Go to Start > Run...

2. Taip "cmd" and click "Ok". (bukak korang nye console).

3. Dlm console, taip "taskkill /t /im "rvhost.exe" (ini utk stop kan task tu- secara manual blh gak..korang g task manager pastu cari rvhost.exe pastu end task tp kekadang dia bg warning kata yg benda ala tu tak le stop sbb tgh guna..so korang kena r guna console cmd tue :P)

4. Padam "rvhost.exe" :

c:\windows\system32\
c:\windows\

5. Padam "new folder.exe" dlm lokasi ni:

%all drives%\

6. Padam "at1.job" :

c:\windows\tasks\

7. Tapi kekadang worm ni bt korang nya task manager, folder option hilang and register editor disable by adminitrator... act dia leh bt scara manual tp korang leh donload file ni utk lbh mudah

Re-Enable All.vbs - execute fail ni kmdian restart

8. Go to Start > Run...

9. Type "regedit" and click "Ok". utk bukak registry editor. tapi klu regedit tu takleh bukak gak. download fail ni. kmdian restart :P ..
tp klu nak blajar gak yg manual blh tp utk xp je

1. Go to Start > Run...
2. Type "gpedit.msc" and click "Ok".
3. Go to User Configuration > Administrative Templates > System > Group Policy
4. Pastikan smua entry set pada "Not Configured" pd properties dia.
5. Restart system.

10. Remove Yahoo Messengger = "%System%\RVHOST.exe" pd lokasi ni:

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run

(%System% adalah Windows system folder, biasanya C:\Windows\System for Windows 98
and Windows ME, C:\WINNT\System32 for Windows NT and Windows 2000, and
C:\Windows\System32 for Windows XP and Server 2003)

11. Ubah nofolderoptions = "1" to nofolderoptions = "0" :

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Policies>Explorer

12. ubah shell = "explorer.exe rvhost.exe" to shell = "explorer.exe" :

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Winlogon

13. ubah nextatJjobid = "2" to nextatjobid = "1" :

HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>Schedule

14. ubah attaskmaxhours = "0" attaskmaxhours = "24" :

HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>Schedule

15. akhir skali ttup registry editor kmdian restart...



ADios ...step dia mmg byk n perlukan ksbaran...but its better than u hav to format yur pc rite :P.. Rutin budak2 skrg ni ada virus je format..korang tak taw ke setiap kali korang format akn mberi kesan pada hardisk korang...cair siootttt ..tak takut ke? lalalala PEACE




2 comments:

Dilla Abu Bakar said...

wah.. gud..gud..gud.. berguna kalu terkena.. mntk2 dijauhkan..

btui2,, cannot format awaz..
ibaratnyee,, amek selai kertas.. conteng atas kertas.. pastu padam.. conteng lagi, pastu padam.. mesti kertas akan jd nipis dan nk terkoyak..hihi~

oklaa.. bubyee...

SukRuL_AzaM said...

assalamualaikum,
just nak ajak join group utem blogger,
kalau ada pertanyaan atau pandangan boleh layari

http://utem-bloggers.blogspot.com/

harap sudi join,
terima kasih