Tips Membersihkan Virus Huhuhaha



Minggu,8 Februari 2009
1. Putuskan komputer yang akan dibersihkan dari jaringan/internet.
2. Matikan proses virus yang aktif pada memori.

Gunakan Windows Task Manager untuk mematikan proses virus, yaitu dengan nama "wscript.exe". (wscript.exe merupakan file windows yang digunakan untuk menjalankan file vbscript). (Lihat Gambar)

3. Hapus file virus berikut:
• autorun.inf (pada semua root drive)
• huhuhaha.vbs (pada semua root drive)
• C:-WINDOWS-system32-XpWin.vbs

Catatan:
• Sebaiknya tampilkan file yang tersembunyi agar mempermudah dalam proses pencarian file virus. (virus memiliki atribut file Hidden, Archive, System, dan Read-Only). Caranya pada Windows Explorer pilih Tools>>Folder Options>>View>>Show hidden files and folders
• Untuk mempermudah proses pencarian sebaiknya gunakan fasilitas "Search" Windows dengan filter file autorun.inf dan *.vbs yang mempunyai ukuran 6 KB.

4. Hapus string registry yang dibuat oleh virus. Untuk mempermudah dapat menggunakan script registry di bawah ini :

[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee

[UnhookRegKey]
HKLM, SOFTWARE-Microsoft-Security Center, AntiVirusDisableNotify, 0x00000000,0
HKLM, SOFTWARE-Microsoft-Security Center, FirewallDisableNotify, 0x00000000,0
HKLM, SOFTWARE-Microsoft-Security Center, UpdatesDisableNotify, 0x00000000,0
HKLM, SOFTWARE-Microsoft-Windows NT-CurrentVersion, RegisteredOrganization, 0, "Organization"
HKLM, SOFTWARE-Microsoft-Windows NT-CurrentVersion, RegisteredOwner, 0, "Owner"
HKLM, SOFTWARE-Microsoft-Windows NT-CurrentVersion-SystemRestore, DisableSR, 0x00000000,0
HKLM, SYSTEM-ControlSet001-Control-SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM-ControlSet002-Control-SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM-ControlSet003-Control-SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{36FC9E60-C465-11CF-8056-444553540000}, (default), "Universal Serial Bus controller"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{4D36E965-E325-11CE-BFC1-08002BE10318}, (default), "CD-ROM Drive"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{4D36E967-E325-11CE-BFC1-08002BE10318}, (default), "DiskDrive"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{4D36E969-E325-11CE-BFC1-08002BE10318}, (default), "Standar floppy disk controller"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{4D36E96A-E325-11CE-BFC1-08002BE10318}, (default), "Hdc"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{4D36E96B-E325-11CE-BFC1-08002BE10318}, (default), "Keyboard"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{4D36E96F-E325-11CE-BFC1-08002BE10318}, (default), "Mouse"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{4D36E977-E325-11CE-BFC1-08002BE10318}, (default), "PCMCIA Adapters"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{4D36E97B-E325-11CE-BFC1-08002BE10318}, (default), "SCSIAdapters"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{4D36E97D-E325-11CE-BFC1-08002BE10318}, (default), "System"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{4D36E980-E325-11CE-BFC1-08002BE10318}, (default), "Floppy disk drive"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{71A27CDD-812A-11D0-BEC7-08002BE2092F}, (default), "Volume"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}, (default), "Human Interfaces Devices"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-AppMgmt, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-Base, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-Boot Bus Extender, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-Boot file system, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-CryptSvc, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-DcomLaunch, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-dmadmin, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-dmboot.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-dmio.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-dmload.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-dmserver, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-EventLog, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-File system, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-Filter, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-HelpSvc, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-Netlogon, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-PCI Configuration, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-PlugPlay, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-PNP Filter, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-Primary disk, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-RpcSs, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-SCSI Class, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-sermouse.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-sr.sys, (default), "FSFilter System Recovery"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-SRService, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-System Bus Extender, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-vga.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-vgasave.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Minimal-WinMgmt, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{36FC9E60-C465-11CF-8056-444553540000}, (default), "Universal Serial Bus controller"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E965-E325-11CE-BFC1-08002BE10318}, (default), "CD-ROM Drive"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E967-E325-11CE-BFC1-08002BE10318}, (default), "DiskDrive"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E969-E325-11CE-BFC1-08002BE10318}, (default), "Standar floppy disk controller"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E96A-E325-11CE-BFC1-08002BE10318}, (default), "Hdc"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E96B-E325-11CE-BFC1-08002BE10318}, (default), "Keyboard"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E96F-E325-11CE-BFC1-08002BE10318}, (default), "Mouse"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E972-E325-11CE-BFC1-08002BE10318}, (default), "Net"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E973-E325-11CE-BFC1-08002BE10318}, (default), "NetClient"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E974-E325-11CE-BFC1-08002BE10318}, (default), "NetService"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E975-E325-11CE-BFC1-08002BE10318}, (default), "NetTrans"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E977-E325-11CE-BFC1-08002BE10318}, (default), "PCMCIA Adapters"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E97B-E325-11CE-BFC1-08002BE10318}, (default), "SCSIAdapters"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E97D-E325-11CE-BFC1-08002BE10318}, (default), "System"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{4D36E980-E325-11CE-BFC1-08002BE10318}, (default), "Floppy disk drive"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{71A27CDD-812A-11D0-BEC7-08002BE2092F}, (default), "Volume"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}, (default), "Human Interfaces Devices"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-AFD, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-AppMgmt, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Base, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Boot Bus Extender, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Boot file system, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Browser, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-CryptSvc, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-DcomLaunch, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Dhcp, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-dmadmin, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-dmboot.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-dmio.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-dmload.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-dmserver, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-DnsCache, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-EventLog, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-File system, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Filter, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-HelpSvc, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-ip6fw.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-ipnat.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-LanmanServer, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-LanmanWorkstation, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-LmHosts, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Messenger, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-NDIS, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-NDIS Wrapper, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Ndisuio, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-NetBIOS, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-NetBIOSGroup, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-NetBT, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-NetDDEGroup, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Netlogon, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-NetMan, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Network, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-NetworkProvider, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-NtLmSsp, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-PCI Configuration, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-PlugPlay, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-PNP Filter, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-PNP_TDI, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Primary disk, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-rdpcdd.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-rdpdd.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-rdpwd.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-rdsessmgr, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-RpcSs, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-SCSI Class, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-sermouse.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-SharedAccess, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-sr.sys, (default), "FSFilter System Recovery"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-SRService, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Streams Drivers, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-System Bus Extender, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-Tcpip, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-TDI, (default), "Driver Group"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-tdpipe.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-tdtcp.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-termservice, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-vga.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-vgasave.sys, (default), "Driver"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-WinMgmt, (default), "Service"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot-Network-WZCSVC, (default), "Service"

[del]
HKCU, Software-Microsoft-Windows-CurrentVersion-RunMRU, a
HKCU, Software-Microsoft-Internet Explorer-Main, Window Title
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Run, Ageia
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Run, Systemdir
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Policies-system, EnableLUA
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-Winlogon

Copy paste script tersebut ke dalam notepad kemudian simpan dengan nama "repair.inf" (gunakan pilihan Save As Type menjadi All Files agar tidak terjadi kesalahan).

5. Buka file repair.inf kemudian jalankan dengan cara klik kanan file tersebut kemudian pilih install.

Sumber: Vaksincom