Bookmark and Share
Showing posts with label Related Articles Antivirus. Show all posts
Showing posts with label Related Articles Antivirus. Show all posts

Improving File. Exe is damaged by virus

Sunday, February 7, 2010 Posted by Ella Aprilia
This article discusses the computer this time around due to Virus komputer and that in him. Virus komputer is a scourge (a ghost / demon) is frightening for any computer user (PC / Notebook / Laptop). bagaiaman not so .. a few days ago my friend her confusion because the computer suddenly crashes, all file types. exe (application program) can not be executed (opened). Then he asked me to help overcome the problems occurred.


I then tried to help by doing a virus scan using the latest antivirus (update). When the program opened up instead of "open with" and if it appears on the right-click popup menu "Run As". Then I tried to do recovery system and it did not work, it means all the software or application programs can not run anymore (deh Dizziness ...).

I tried every possible way to overcome these problems, until the computer system back to normal. Here are the steps for improvements made:


A. Check Settings File Types list:

1. Open Windows Explorer ---> [Tool Option]

2. Select Tab [File Types] ---> New

3. In the File box fill exstention [EXE]

4. Click the [Advance]

5. Select [Application], and click the [OK]



If not managed to do the following:


B. Update registry [download]
The way this is done if the first way does not work, at this step will be reform that changes the registry by the virus and the like.
or you can simply create your own Filenya, copy the following files into the notepad kemuadian U.S. Save the file name [fix.reg] customize to your wondows;


Windows XP

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT \. Exe]
@ = "exefile"
"Content Type" = "application / x-msdownload"

[HKEY_CLASSES_ROOT \. Exe \ PersistentHandler]
@ = "(098f2470-bae0-11cd-b579-08002b30bfeb)"

[HKEY_CLASSES_ROOT \ exefile]
@ = "Application"
"EditFlags" = hex: 38,07,00,00
"TileInfo" = "prop: FileDescription; Company; FileVersion"
"InfoTip" = "prop: FileDescription; Company; FileVersion; Create; Size"

[HKEY_CLASSES_ROOT \ exefile \ DefaultIcon]
@ = "% 1"

[HKEY_CLASSES_ROOT \ exefile \ shell]

[HKEY_CLASSES_ROOT \ exefile \ shell \ open]
"EditFlags" = hex: 00,00,00,00

[HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command]
@ = "\"% 1 \ "% *"

[HKEY_CLASSES_ROOT \ exefile \ shell \ runas]

[HKEY_CLASSES_ROOT \ exefile \ shell \ runas \ command]
@ = "\"% 1 \ "% *"

[HKEY_CLASSES_ROOT \ exefile \ shellex]

[HKEY_CLASSES_ROOT \ exefile \ shellex \ DropHandler]
@ = "(86C86720-42A0-1069-A2E8-08002B30309D)"

[HKEY_CLASSES_ROOT \ exefile \ shellex \ PropertySheetHandlers]

[HKEY_CLASSES_ROOT \ exefile \ shellex \ PropertySheetHandlers \ PEAnalyser]
@ = "(09A63660-16F9-11D0-B1DF-004F56001CA7)"

[HKEY_CLASSES_ROOT \ exefile \ shellex \ PropertySheetHandlers \ PifProps]
@ = "(86F19A00-1069-42A0-A2E9-08002B30309D)"

[HKEY_CLASSES_ROOT \ exefile \ shellex \ PropertySheetHandlers \ ShimLayer Property Page]
@ = "(513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8)"

Download File or her [Here]


Windows 98

[HKEY_CLASSES_ROOT \. Exe]
@ = "exefile"
"Content Type" = "application / x-msdownload"

[HKEY_CLASSES_ROOT \ exefile]
@ = "Application"
"EditFlags" = hex: D8, 07,00,00

[HKEY_CLASSES_ROOT \ exefile \ shell]
@ = ""

[HKEY_CLASSES_ROOT \ exefile \ shell \ open]
@ = ""
"EditFlags" = hex: 00,00,00,00

[HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command]
@ = "\"% 1 \ "% *"

[HKEY_CLASSES_ROOT \ exefile \ shellex]

[HKEY_CLASSES_ROOT \ exefile \ shellex \ PropertySheetHandlers]

[HKEY_CLASSES_ROOT \ exefile \ shellex \ PropertySheetHandlers \ (86F19A00-1069-42A0-A2E9-08002B30309D)]

@ = ""

[HKEY_CLASSES_ROOT \ exefile \ DefaultIcon]
@ = "% 1"

Download File or her [DISINI]


Windows Vista

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ FileExts \. Exe]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ FileExts \. Exe \ OpenWithList]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ FileExts \. Exe \ OpenWithProgids]
"exefile" = hex (0):

Download File or her [Here] ;

NB:

Remember scrift copy to notepad and then save with the name of a clear up renamed the file extention. "Bat" and select save as type "all files"
http://beautify-bloggers.blogspot.com/2009/10/improving-file-exe-is-damaged-by-virus.html
Improving File. Exe is damaged by virus - File Under Posted by Ella Aprilia 11:16 PM.

Virus Virut | | the most dangerous viruses

Posted by Ella Aprilia
Virus Virut | | the most dangerous virusesComputer time this article discusses the problem of the most dangerous virus in damage Sistem Komputer


Virus Virut is the most dangerous virus than the virus Conficker. Although not spreading as fast as Conficker, but this virus into the level of virus is very dangerous, even today there are no tools that can detect and eradicate the virus completely.


The following characteristics of the virus, according Virut Vaksin.com :

1. Disable Windows File Protection

Virus Virut | | the most dangerous viruses
2. Spread through the HTML-based web pages, ASP and PHP

3. Infection host Windows file, and the remote control to the IRC server, if the computer is connected to the Internet

4. Making a prickly update computer viruses and spam to spread a particular address

5. Making computers into spam servers by using the public IP router owned computer so that the resulting IP-blacklist

6. Paralyze the network due to a network drive directly into, ie changing ndis.sys files, and TCPIP.sys

7. Make contact to a remote IRC server or file sharing

8. Can spread via removable drives such as USB, Card Reader.

9. Injected in the system files and Winlogon.exe and disable Windows File Protection (System File Checker) by changing the file sfc.dll and sfc_os.dll.

10. The file is executed. Exe file type and application. Scr Screen Saver types, each of size 22KB

11. When connected to the Internet, viruses make contact to the remote server / IRC (Internet Relay Chat) to use port 65,520. Some used the IP 91.212.220.156:65520, 91.121.221.157:65520, or domain dns2.zief.pl, nss2.ircgalaxy.pl, proxim.ircgalaxy.pl, proxima.ircgalaxy.pl, sys.zief.pl, gidromash . cn, core.ircgalaxy.pl, jl.chura.pl


How to clean the virus:

1. Disable System Restore (XP / ME) computer

2. Download Norman Malware Cleaner ( http://normanasa.vo.llnwd.net/o29/public/Norman_Malwar e_Cleaner.exe )
to remove the virus from a clean computer, then save the file with the extension. com or cmd, or compress into the zip, then run.

3. After the cleaning process is complete, restart your computer.

4. Remove string registry that was created by the virus. To make it easier to use the following registry script.

[Version]
Signature = "$ Chicago $"
Provider = Articles on Computers | ErhaesCom
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del

[UnhookRegKey]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Adva nced \ Folder \ Hidden \ SHOWALL, CheckedValue, 0 × 00010001, 1
HKLM, SYSTEM \ CurrentControlSet \ Services \ SharedAccess \ Paramete rs \ FirewallPolicy \ StandardProfile, EnableFirewall, 0 × 00010001, 1

[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, reader_s
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, servises
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Expl orer \ Run
HKCU, Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows, load
HKCU, Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows, run
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, reader_s
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, servises
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, 22,951
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Regedit32
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Expl orer \ Run
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Adva nced \ Folder \ Hidden \ NOHIDORSYS
HKLM, SYSTEM \ CurrentControlSet \ Services \ SharedAccess \ Paramete rs \ FirewallPolicy \ StandarProfile \ AuthorizedApplications \ List, \?? \ C: \ WINDOWS \ system32 \ winlogon.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ WindowsFirewall

5. Use the notepad, then save with the name "repair.inf" (use the Save As Type option to All Files to avoid mistakes).

6. To anticipate if the drive is not connected to the network, network drive replace file "ndis.sys" (size 179 kb) and "TCPIP.SYS" (size 351 kb) from uninfected computer. Usually the file is located in C: \ WINDOWS \ system32 \ drivers and C: \ WINDOWS \ system32 \ dllcache

7. Return the hosts file is already infected with the replace the file "hosts" (size 1 kb) from uninfected computer. Usually located at C: \ WINDOWS \ system32 \ drivers \ etc.

8. Use antivirus which was updated and can detect and eradicate this virus very well.
http://beautify-bloggers.blogspot.com/2009/10/virus-virut-most-dangerous-viruses.html
Virus Virut | | the most dangerous viruses - File Under Posted by Ella Aprilia 10:23 PM.
Subscribe to: Posts (Atom)
 

© 2011 Beautify Blogger - Google By Yuril