Here are some tips that can be done to find the source of viruses or suspicious files are regarded as a virus:
1. Check that there is Autorun Entry (list of programs) that we feel have never installed it. For example I've seen no such thing as FFD
show.exe by location (Path Image) C: \ Program Files \ K-Lite Codec Pack \, when the computer is never installed the program K-Lite Codec Pack.
Then it is likely that one source of the virus. This often happens, for example, there are applications with the folder Corel Draw, but we never install Corel Draw.
2. Remove the check from the Autorun Entry suspicious, then click the Refresh icon (F5). If the check is re-active or a list of similar new entry and accompanied the check, chances are it is the source of the virus. This method sometimes have to wait a while, or Autoruns application at first closed, then opened again after a long time to check it out.
3. From the Programs list of Windows MUST be ACTIVE before, will check the existence of other programs at the three places that I gave the red line. In Windows XP, it should only have 3 files above, namely rdpclip, userinit.exe and explorer.exe with the location of Image Path exactly as above. Another shows the additional possible source of the virus. Check with the point of the 2nd
4. Source of virus is usually not just one, so it is necessary to find a list of other suspicious Autorun, either by means such as point 1 or 2. For example in the location:
* HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
* C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup
* HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
* And others, who were under the Programs list of Windows MUST BE ACTIVE above.
Having obtained the list of suspicious files or unknown, write the name and location for the file that can be seen from the description of Image Path (Autoruns program) on paper or text file (eg with Notepad). For those not familiar dafarnya may be many. But this is not a problem
Delete a list of the Autoruns only delete the reference only, so the file (the location mentioned in the "Image Path") are not deleted
Deadly Virus Resources
Having obtained a list of files that were suspicious, the next step is to rename the file extension (not to be removed first). To rename the windows usually will not work, or sometimes we do not know the file extension and can not be displayed
The way that usually always works is through another medium. Operating system instance running directly from CD, DVD, or flash. For example Linux CD, Windows CD MiniPE, UBCD4Win and others. Or can we also remove our hard drive and installed on another computer (which bebeas virus) as a second hard drive (secondary). The point that we can access (open) files and folders from the list that we write without activating Windows in hard drive, so the virus can not be active.
Once we can boot the computer from other media, or install the hard drive on another computer, then we look for the files from the list we have created. Previously enable the option to display all file extensions if not already visible. After that, rename all the file extensions that we get. For example nama_file.exe be nama_file.exe.vir, viruz.dll be viruz.dll.vir.
After completion of all, it's time to try the computer (re-activate windows). Check again with Autoruns program. If we write the list back up and accompanied by a check mark, or still emerging signs of a virus infected computer, there may be some other programs miss. Sometimes we have to try several times. If the computer is not running, there may be a wrong file list to which we include. Try to rename the file back to its origin (omit the extension *. vir)
After a successful and there are no signs of the virus runs, keep in mind that we just turn off the sources of the virus and probably still a lot of viruses on the computer. The next step can be done by doing a scan with antivirus + latest update to search for viruses that still exists on the computer. And this may have to wait until the antivirus can detect the virus.
Way above the ordinary when I use the antivirus can not detect the virus and is usually successful. And the experience also helped the success of finding the source of this virus. If you are still confused or not sure of the existing autorun list, please write in comments, so we can help each other and complement.
No comments:
Post a Comment