موضوع: ویروس (Virus)
نمايش پست تنها
قديمي February 8th, 2009, 02:01   #38
mtk_63_iran
Junior Member
 
mtk_63_iran's Avatar
 
تاريخ عضويت: Nov 2008
محل سكونت: مشهد مقدس
ارسالها: 26
تشکر: 51
تشکر از ايشان: 183 بار در 39 پست
mtk_63_iran (سطح 2)mtk_63_iran (سطح 2)mtk_63_iran (سطح 2)mtk_63_iran (سطح 2)mtk_63_iran (سطح 2)mtk_63_iran (سطح 2)
ارسال پيغام بوسیله Yahoo به mtk_63_iran
0

نقل قول:
نوشته اصلي بوسيله Extacy نمايش نوشته ها
سلام دوستان.

یک مدتی هست که کامپیوترم به ویروس sxs.exe و autorun.inf آلوده شده.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ممنون میشم کمکم کنید...... هم اکنون نیازمند یاری سبزتان هستیم
شاد باشید.
Removing sxs.exe worm
Removing sxs.exe worm

Man.. this virus is running wild… jumping from pc to pc via usb drive… here is a quick guide to remove it.

How do you know you have this virus?
1. Your browser will open some porn site from china everytime you start it. BAD
2. In your task manager, you have this SVOHOST.EXE running… BAD

First thing. Follow the instruction below. Follow it precisely or you can’t continue to the second step.

0. Press Ctr-Alt-Delete > Processes > locate “SVOHOST.EXE” and click End Process.

Removing Autostart Entry from the Registry
Removing the autostart entry from the registry prevents the malware from executing at startup.
If the registry entry below is not found, the malware may not have executed as of detection. If so, proceed to the succeeding solution set.

1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>Curr entVersion>Run
3. In the right panel, locate and delete the entry: SoundMam = “%System%\SVOHOST.exe”
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP and Server 2003.)

Restoring Modified Entries from the Registry or you can skip these steps by restoring the registery value from this file (The file only available for 90 days. Email me if the link fail). Just unzip it and double click all file.
1. Still in Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>Curr entVersion>Explorer>
Advanced>Folder>Hidden>SHOWALL
2. In the right panel, locate the entry:CheckedValue = “0″
3. Right-click on the value name and choose Modify. Change the value data to: 1
4. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Servic es>srservice
5. In the right panel, locate the entry: Start = “dword:00000004″
6. Right-click on the value name and choose Modify. Change the value data to: 2
7. In the left panel, double-click the following: HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Servic es>wscsvc
8. In the right panel, locate the entry: Start = “dword:00000004″
9. Right-click on the value name and choose Modify. Change the value data to: 2
10. Close Registry Editor.

The second step. Now you should be able to unhide your files.

Go to My Computer.
Locate the toolbar, click: Tools>Folder Option>View
>check “Show hidden files and folder”
>unchecked “Hide protected operating system files (Recommended)”

Click Apply.

And you are ready to delete the sxs.exe and autorun.inf in your USB drive, external hardisk, floppy disk or any other infected removal drive.

Step 3: Deleting the winscok.dll file.

1. Go to My computer.
2. Paste the following into the Address bar (without the quotation mark) “C:\WINDOWS\system32”
3. Locate the file winscok.dll in that folder.
4. Delete it use Shift+Delete.

Step 4: Deleting sxs.exe and autorun.inf safely

1. Open My Computer.
2. Locate the infected drive. Let say drive K:. DO NOT DOUBLE-CLICK IT .
3. Right-click and choose Open
4. You should able to view your drive K: root directories now.
5. Locate sxs.exe and autorun.inf.
6. Delete them without mercy. Use Shift+Delete

That damn worm should not bother you anymore.

Cheers…

Disclaimer: This method works for me but I don’t know whether it will work for you.


اما در مورد ورود این ویروس باید بگم حتما فلش -سی دی یا دی وی دی های خودتونو کاملا چک کنین - شاید هم توی رم موبایلتون یا رم دوربین عکاسی باشه که به محض اتصال به کامپیوتر اتوران اجرا و مقیم می شود.
__________________
در نگاه انسانهایی که پرواز را نمی فهمند هرچه بیشتر اوج بگیری کوچکتر می شوی.
mtk_63_iran آفلاين است پاسخ با نقل قول