7 Steps For Eradicate OjanBlank Virus

Local virus OjanBlank quite disturbing and potentially dangerous. This virus infiltrate from an external device that connects via USB port, like USB flash or portable hard drive.

When infecting a computer, this virus will do various things. These include monitoring whether the victim komoputer connected to the internet, turn off Windows Firewall, and send the data from the victim's computer to the virus creator. Here are the steps as outlined by the analyst for delete antivirus from Vaksincom:

1. Disconnect the network connection / internet.

2. Turn off System Restore
* Right-click My Computer, select Properties.
* Select the System Restore tab, give the checklist option Turn off System restore
* Click Apply, click OK.

3. Turn off the virus (with Command Prompt).

* Click Menu [Start] à [All Programs] à [Accessories] à [Command Prompt]
• In Command Prompt, type the command "tasklist (this is to see the process of active virus that is" WinGUI.exe or junx.exe)
* Once the process determines the active virus, turn off the virus by running / type taskkill command as follows:
Taskill o / f / im WinGUI.exe, or
Taskill o / f / im junx.exe


4. Windows Registry Repair

Fix Windows Registry that has been in the modification of the virus with the following steps:
a. Copy the script below using notepad:

[Version]

Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKLM, SYSTEM \ ControlSet001 \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM \ CurrentControlSet \ Control \ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SOFTWARE \ Classes \ exefile \ DefaultIcon ,,,""% a "%"
[Del]

HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Microsoft Word Agents
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Microsoft Office Agents

b. Save the file with the name repair.inf. Use the Save As Type option to All Files to avoid mistakes.
c. Right-click the file repair.inf, then select Install
d. Restart the computer.

5. Remove the parent file and duplicate files created by virus OjanBLANK, where the file has the following characteristics:

* File Size 224 KB
* Extension exe
* Having a MS Word icon
* Type the application file.

6. Delete the trojan file and companion files virus, which is as follows:
* C: \ WINDOWS \ system32 \ MSWINSCK.OCX
* C: \ WINDOWS \ system32 \ ijl11.dll
* C: \ WINDOWS \ system32 \ ms.exe
* C: \ WINDOWS \ system32 \ b.doc

7. For optimal cleaning and prevent reinfection, which should use an updated antivirus and recognize this virus very well.

1 komentar:

Ashi said...

Use Duplicate File Finder to find and remove duplicate files.