How To Delete Shortcut Virus and Starter Virus

How to delete Shortcut virus on way to 7 step….
PIF/Starter Virus or better known as the shortcut virus
upset victim with a lot of shortcuts that are created by the
virus. Fuss, if ways of handling this virus is not right then he
actually will come back again, again and again.
Therefore, consider the 7 ways of telling a virus analyst at
Vaksincom MG Lat to stop shortcut flood caused this virus:
1. previously turning off system restore process.
2. Turn off the process of Wscript file located in C:\Windows
\System32, by using tools such as CProcess, HijackThis or
can also use the Task Manager of Windows.
3. Once off the process of Wscript, we need to delete or
rename the file so as not to be used temporarily by the
virus.
For the record, if we are to rename the file wscript.exe it
automatically, it will be copied again in the folder. Therefore,
we must find where the file wscript.exe others, usually in C:
\Windows\$NtServicePackUninstall$, C:\Windows
\ServicePackFiles\i386.
Unlike other VBS viruses, we can change the Open With
from the vbs file into Notepad, the virus that matters is the
extension MDB Microsoft Access file. So Wscript
DATABASE.MDB will run the file as if he is VBS file.
4. Delete an existing parent file in C:\Documents and Settings
\\My Documents\database.mdb, for every time the
computer boots will not load the file. And do not forget we
also open MSCONFIG, disable the command to run it.
5. Now we are going to delete the files autorun.inf,
Microsoft.INF and Thumb.db. Way, click the START button,
type CMD, and moved to the drive to be cleaned, for
example, drive C:\, then we have to do is:
Type C:\del Microsoft.inf /s, this command will be to delete
all files microsoft.inf the whole folder on drive C:. Meanwhile,
if you want to move the drive to stay just renamed drive
example: D:\del Microsoft.inf /s.
For the autorun.inf file, type C:\del autorun.inf /s /ah /f, the
command will be to delete the autorun.inf file (syntax /ah /f)
is used because the file is taking attrib RSHA, as well as to file
Thumb.db also do the same thing.
6. To delete files older than 4 files, we must find a way
search files with extensions. Lnk size 1 kb. In the ‘More
advanced options’ make sure the option ‘Search system
folders’ and ‘Search hidden files and folders’ are both
checked.
Please be careful, not all files shortcut / LNK with I kb of file
size a virus, we can distinguish it from an icon, size and
type. For the shortcut icon created virus always uses icons
‘folder’, size 1 kb and type ‘shortcut’. While the correct folder
should not have ‘size’ and its type is ‘File Folder’.
7. Fix the registry has been changed by the virus. To speed
up the process of repair registry copy the script below on
the program ‘notepad’ and save with the name ‘repair.inf’.
Run the file in the following manner:
- Right-click repair.inf
- Click Install
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""% 1""
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""% 1
HKLM, Software\CLASSES\regfile\shell\open\command,,,"reg e
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""% 1""
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wi
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0
[del]
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Run ,
HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Run , e
thanks