មេរោគ Play boy virus
1_Kill process
2_Program> Run > regedit .exe
3_HKEY_LOCAL_MACHINE\Software\Microsoft\windows\current version\ policy\explorer\Run( Delete Data Type in Run)
4_search *.exe
មេរោគ Oh la la world virus
It just makes your computer slowly than before.
1_We kill process: SVIQ.EXE ; FUN.EXE ; DC.EXE ;
2_HKEY_CURRENT_USER\Software\Microsoft\windows\current version\Run (Delete Data Type in run)
3_HKEY_CURRENT_USER\Software\Microsoft\windows NT\Current Version\Windows ( Delete tMél in Data Type load & Run )
4_HKEY_LOCAL_MACHINE \Software\Microsoft\windows NT\Current Version\Winlogon (change tMél shell to explorer.exe)
5_search *.exe
មេរោគ My Funny virus
We can’t open process taskmgr end process and show hidden file on windows
1_Easy to kill go to safe Mode, choose Safe Mode with Command Prompt
2_Prees Crtrl+Alt+Delete and then click File>Create new task>Type regedit.exe
3_HKEY_CURRENT_USER\Software\policies\Microsoft\Windows\ system (Delete system or disable CMD )
4 HKEY_CURRENT_USER\Software\Microsoft\windows NT\current version\ Windows (delete tMél Value Data in load)
5_HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\Current Version\Policies ( Delete Key all except Non enum ; Ratings ; system )
6_HKEY_LOCAL_MACHINE \Software\Microsoft\windows\current version\Run ( Delete Winsys)
7_ HKEY_LOCAL_MACHINE \Software\Microsoft\windows NT\ Current Version\Winlogon (change tMél shell to explorer.exe)
8_Close regedit > click File>Create new task>Type explorer.exe
9_Search *.exe *.com *.vbs
10_Delete New Story.reg and Recyle Bin
មេរោគ Phnom Penh virus
When we open window, it’s showed doll picture. It’s hidden regdit, search, folder option and control panel.
1_Kill process ” window.exe“
2_Drive C:\>window\ double click on regedit.exe
3_HKEY_CURRENT_USER\software\Microsoft\windows\currentversio\ policies\explorer ( delete all exept No drive type Auto Run )
4_ HKEY_LOCAL_MACHINE \Software\Microsoft\windows\current version\Run ( Delete Data type in key Run )
5_ HKEY_LOCAL_MACHINE \Software\Microsoft\windows NT\ Current Version\Winlogon (change tMél shell to explorer.exe)
6_Search *.exe
7_ and picture in C:\>window ( wallpaper. BMP )
មេរោគ BBU.EXE virus
It’s hidden regedit taskmgr run and make your computer slowly than before. it’s nameIT_student_BBU@yahoo.com.exe
1_Kill process Accounting.exe
2_New short cut>gpedit.msc or we write note pad to open regedit or use program to open regedit
3_On gpedit.msc > adminstrator template> system> prevent access to registry editing tool> tick Enable >Apply and then tick Not configured or disable > Apply again .
4_HKEY_CURRENT_USER\Software\Microsoft\windows\current version\policies\explorer ( delete No find , No folder options, No run )
5_ HKEY_LOCAL_MACHINE \Software\Microsoft\windows\current version\Run ( delete The king of ghost )
6_ search *.exe
មេរោគ Word.exe or leana virus
it’s hidden document of office9 ( word, excel…) we can not show hidden file go to regedit. If you show or go to regedit, your computer will restart as soon as. Especially we can not open safe Mode too.
1_kill process services.exe ( word picture )
2_go to window and rename regedit.exe to regedit.com. Other way Run type command.com
C:\>cd windows
C:\>Windows>ren regedit.exe regedit.com
3_HKEY_CLASS_ROOT\exefile\shell\open\command (change tMél to default. Here are [“%1″ %*])
4_ HKEY_LOCAL_MACHINE \Software\Microsoft\windows NT\ Current Version\Winlogon (change tMél shell to explorer.exe)
5_ HKEY_LOCAL_MACHINE \system\control set001\control\Safe Boot (change tMél Alternate shell to cmd.exe )
6_ HKEY_LOCAL_MACHINE \system\control set002\control\Safe Boot (change tMél Alternate shell to cmd.exe )
7_ search *.exe
មេរោគ AutoRun.exe Virus
1_kill process svchost.exe ( our svchost has service. svchost of virus hasn’t service) , there are three process : computer name, user name, and svchost
2_go to windows > double click on regedit.exe
3_HKEY_CURRENT_USER\Software\Microsoft\windows\current version\policies\explorer\Run (Delete Run)
4_HKEY_CURRENT_USER\Software\Microsoft\windows\current version\Run (Delete Data Typein Run)
5_HKEY_CURRENT_USER\Software\Microsoft\windows NT\current version\ Windows (DeleteValue Data in load and run)
6_ HKEY_CURRENT_USER\ Software\Microsoft\windows NT\Current Version\Winlogon (Deleteshell and Delete system)
7_ HKEY_LOCAL_MACHINE \Software\Microsoft\windows\current version\policies\Explorer\Run ( Delete Run)
8_ HKEY_LOCAL_MACHINE \Software\Microsoft\windows\current version\Run ( Deletecomputer name belong to your computer)
9_ HKEY_LOCAL_MACHINE \ Software\Microsoft\windows NT\Current Version\Winlogon (change tMél shell to explorer.exe and Delete system)
10_ HKEY_LOCAL_MACHINE \Software\Microsoft\windows NT\ Current Version\Winlogon (Delete Value Data in system and change Value Data In userinit toC:\Windows\system32\userinit.exe )
11_ HKEY_LOCAL_MACHINE \system\Control set001\control\safe Boot (change tMél Alternate shell to cmd.exe )
12_ HKEY_LOCAL_MACHINE \system\Control set002\control\safe Boot (change tMél Alternate shell to cmd.exe )
13- search *.exe *.com *.pif *.dll *.bat *.cmd
មេរោគ Master virus
It is similar Autorun.
kill process and go to regedit
1_ HKEY_CURRENT_USER\Software\Microsoft\windows\current version\explorer\advance\folder ( Delete key folder )
2_ HKEY_CURRENT_USER\software\Microsoft\windows\current version\policies\explorer\Run(Delete run)
3_HKEY_CURRENT_USER\software\Microsoft\windows\current version\ Run ( Delete Data Type in Run )
4_HKEY_CURRENT_USER\Software\Microsoft\windows NT\current version\window ( Delete Value Data in load and run.com )
5_ HKEY_CURRENT_USER\Software\Microsoft\windows NT\current version\win logon ( Delete shell and system )
6_HKEY_LOCAL_MACHINE \Software\Microsoft\windows\current version\policies\Explorer\Run ( Delete run or Explorer)
7_HKEY_LOCAL_MACHINE \Software\Microsoft\windows\current version\Run ( Delete Data Type run)
8_HKEY_LOCAL_MACHINE \Software\Microsoft\windows NT\ Current Version\Winlogon (Delete Value Data in system and change Value Data in userinit toC:\Windows\system32\userinit.exe )
9_HKEY_LOCAL_MACHINE \system\control set001\control\safe Boot (change tMél Alternate shell to cmd.exe )
10_HKEY_LOCAL_MACHINE \system\control set002\control\safe Boot (change tMél Alternate shell to cmd.exe )
11_ search *.exe *.com *.pif *.dll *.bat *.cmd
មេរោគ Global.exe virus
It close all application we usually to use .
1_ go to safe Mode With Command Prompt or we rename process (it that procexp to anther name Ex:Procexp killer).
2_kill process : system.exe, Globle.exe, svchose.exe
3_ regedit.exe after kill process again like number2
4_HKEY_CLASS_ROOT\regfile\shell\open\command (change it to regedit.exe”%1“)
5_HKEY_CLASS_ROOT \MSCfile\shell\open\command ( change to %system Root%system32\mmc.exe “%1“% or we copy from Run as that stay under command )
6_HKEY_CLASS_ROOT \exefile ( Delete NeverShow.ext )
7_HKEY_CLASS_ROOT\comfile ( Delete NeverShow.ext)
8_HKEY_CLASS_ROOT \piffile ( Delete NeverShow.ext )
9_HKEY_CURRENT_USER\control panel\desktop ( change Scrnsave.exe toC:\windows\system32\logon.scr
10_HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ System (Delete Key System)
11_HKEY_CURRENT_USER\ Software\Microsoft\Windows\Current Version\ policies\explorer ( Delete all except NoDriveTypeAutoRun)
12_HKEY_CURRENT_USER\ Software\Microsoft\Windows\Current version\Run once ( DeleteValue Data of Default in Run once)
13_HKEY_LOCAL_MACHINE \Software\ Policies\Microsoft\Windows\ System ( Delete key system )
14_HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\Current Version\Explorer\Advanced\Folder\ SuperHidden (In valuename double click and add “d ” it so that “ShowSuperHidden”)
15_HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\Current version\Policies ( Delete Key Explorer)
16_HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\Current version\Run ( Delete Data Type and include Value Data of Default in Run )
17_HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\
Current version\Run once ( Delete Value Data of Default in Run once)
18_HKEY_LOCAL_MACHINE \Software\Microsoft\windows NT\ Current Version\I mage file execution option ( Delete each key that have string is Debugger and in Value Data it writhe point to use it file other Drive )
19_search *.exe *.pif *.com *.bat *.vbs
0 comments:
Post a Comment