Hãy chọn Truy cập mobile | Tiếp tục

Nét Đẹp Việt Nam

 Quên mật khẩu
 Register
Xem: 5869|Trả lời: 0

Win32.Virut.CF Removal Tool

[Lấy địa chỉ]
Đăng lúc 3-11-2009 00:03:59 | Xem tất |Chế độ đọc
Win32.Virut.CF còn có nhiều biến thể khác ví dụ  Win32.Virut.CE... có một đặc điểm là ăn hết các file exe của hệ thống, biến các folder abc thành abc.exe. Chỉ cần click đúp chuột vào USB có chứa virus là máy tính bạn đã ăn đủ . Lúc này mọi phần mềm diệt virus gần như là bó tay (vì đều là các file exe, và file etc/hosts đã vô hiệu hóa tất cả trang web anti-virus).
  Đây là lúc để Dr Web trổ tài. Dr Web là ứng dụng trên Web bạn chỉ cần tải về Dr Web Client và chạy (không cần cài đặt ) là đã tìm ra thủ phạm của vụ này
1. Những đồ dùng cần thiết để loại bỏ con virus quái ác này:
+ Dr. Web CureIt Scanner : http://freedrweb.com
+ Symantec Virut Removal Tool (chỉ chạy trong chế độ Safe Mode để vá/phục hồi các file đã bị virus ăn,nhiễm): http://www.mediafire.com/file/zmhtkngznmo/FixVirut.com
+ ATF Cleaner (dùng để xóa virus): http://www.mediafire.com/file/1tjnj1mrmdk/ATF-Cleaner.exe

2. You want to disable System Restore on your computer. This can be done by viewing the System Restore tab in your System Properties. Next you want to disconnect your computer from any network cables it may be connected to. Make sure to disable any means your computer may have of connecting to the internet (such as disabling any wireless network adapters).

3. Start your computer in Safe Mode (login to the account with the highest administrative privileges, of course).

4. You want to open the file DrWeb.exe which you downloaded. As soon as it opens, it will run a quick system scan which won’t take very long (a few minutes). If you are indeed infected with this virus, the scanner will detect some of your infected files during this scan. Allow the scanner to cure/repair the files it finds (on my machine, the virus came up as “Win32.Virut.56″). When the quick scan completes, minimize the Dr. Web scanner for now.

5. THIS IS IMPORTANT: Like I said, this virus can spread onto other computers and devices quite easily, so you want to plug in any removable flash drives or hard drives that may have been connected to the infected computer while it was infected. Make sure you have plenty of time to allow your computer to sit idle while additional scans are performed with these peripherals connected (like 6 hours).

6. If Dr.Web managed to find some of the “Virut” infected files on your machine, you want to now go on to open the file FixVirut.com which you downloaded. It is a tool I found online which was recently released by Symantec to repair files infected by this virus. This tool is quite self-explanatory and simple to use, just run it. It may take a few hours. The tool may ask you to reboot when it finishes, but do not reboot yet(When i ran the tool it found 2700+ infected files on my system, mostly .exe files, and terminated two process threads running in my winlogon.exe file. The tool creates a simple log of infected files within the same folder the tool is run from.)

7. After FixVirut.com finishes running, you want to return to Dr.Web to run a complete system scan. Before you start the complete system scan, enter Dr.Web’s settings configuration (do this by pressing F9, not hard to find) go to the File Types tab and uncheck “Files in archives” (If you leave this setting checked, Dr.Web will take forever unpacking and scanning inside all the archive-type files on your computer. This virus doesn’t appear to attack the CONTENTS of archives in any case. If you think you need it and have the extra time to burn, you can leave it checked).

8. Running the Dr.Web complete virus scan is very important. It will pick up any infected files the Symantec tool may have missed. Also, it picked up a couple of Trojan downloaders and suspicious files I believe were affiliated with this virus. In addition, those connected peripherals that may have been infected as some time will be scanned and cured during this complete scan. Click “Yes to all” the first time this program asks to cure an infected file and it will basically do the rest. Be aware that the scan will pause and ask you what to do if it comes across a file it cannot cure. This entire process will take several hours.

9. When the scan finishes, go through the list of infected and suspicious files. Manually quarantine (move) or delete any suspicious files Dr.Web may have left alone, just to be on the safe side, unless those files are VERY important on your particular computer.

10. Be happy, because most of the hard work is done. When you are done with Dr.Web you can close it and open the ATF-Cleaner.exe file you downloaded. Click “Select All” at the bottom to select every category then click “Empty Selected” to begin the deletion process. This will basically remove all the TEMP files from your computer, which is OK because you really don’t need them. This step may not be necessary but I did it simply as a precaution.

11. Next I went into my systemroot TEMP folder and manually deleted all the files inside. (For me, the file path was “C:\WINNT\Temp”. For others it may be “C:\WINDOWS\TEMP”) Again this may not be necessary, but I did it as a precaution to be on the safe side.

12. And now you’re done. You can run another quick express scan in Dr.Web to double check if you want, but right now your computer should be clean. Restart your computer normally. If you don’t already have one, I recommend getting some sophisticated Antivirus and Firewall software (ie. not Windows Firewall). It was the lack of such software that got me in this mess in the first place.

I hope this information helps some of you clean your computers of this nasty virus. It was by reading a variety of other people’s posts that eventually allowed me to figure out how to get rid of Virut, and stay better protected in the future.
*** Hạn chế click đúp vào USB lạ / quét virus trước khi sao chép dữ liệu qua USB. Chúc các bạn thành công
Bạn phải đăng nhập mới được đăng bài Đăng nhập | Register

Quy tắc điểm

Phòng tối|iPhone|Archiver|G+|Youtube|Facebook|Twitter|Contact| Netdepviet.org

GMT+7, 29-3-2024 12:03 AM , Processed in 0.014258 second(s), 17 queries .

Powered by Discuz! X3.2

© 2006 Made with in Hanoi,Vietnam and Contents are published by all members

Trả lời nhanh Lên trên Trở lại danh sách