W32.Sality.AE Manually Repair & Removal

The virus is often detected by antivirus Sality name or W32Sality.AE is a lot of viruses spread through a network that uses the default share windows or share a folder with full access. Sality virus will attack and inject much berekstensi *. exe files, disable the task manager, disable regedit and make your windows can not be done in save mode. And worse, it could damage Sality some *. exe files to berekstensi can not be used again.

To Remove it automatically, you can update your antivirus and use of scanning and repair thoroughly. But if your antivirus did not resolve this sality virus attack, then you can manually Removal. How to remove the virus W32Sality.AE or more often known by the name of this virus sality manually from your computer? I offer the following tips and how to remove the virus without mercy and guarantees 99% success :)

1. Disconnect your computer from any network, whether LAN or the Internet.

2. Turn off your system restore feature during the process of clearing the virus sality

3. Download Sality Repair here

4. Extract the file and right click SalityRepair repair.inf files then right click and click Install

5. Turn off all active applications and you are viewing

6. Download Norman Malware Cleaner here or download directly here

7. Change the extension of Norman Malware Cleaner. Exe to. Cmd application to Norman Malware Cleaner is not infected by the virus sality

8. Perform Norman Malware scanning using Cleaner.cmd (extension. Exe you have a fox. Cmd)

9. Restart your computer after the cleaning process is complete

10. Download FixReg here

11. extrack FixReg.rar and run the registry in a folder FixReg according to the windows you use.

12. Restart your computer.

13. Check regedit etc. managerm task to make sure your computer has recovered. You can also scan in safe mode to make sure your computer is correct - really clean from the virus sality.

Actually, almost all antivirus can detect and remove this virus sality. You can update your antivirus and do the scanning and repair using the antivirus you use. If your antivirus was not able to remove it, then remove the virus sality tips manually above can be a powerful solution free from attack W32Sality.AE

Continue Reading >>

Scan Virus in DOS using McAfee Antivirus

McAfee offers antivirus for use in the DOS environment. This tool is suitable for computer technicians because without the installation process, but it has proved a powerful antivirus.

This antivirus should not be used directly on a computer that contracted the virus since many files that can not be opened, the file is being used by Windows. So put on your hard drive off another computer or most practical way, booting using Hiren Boot CD select Mini Windows XP.

The following steps should be taken:

1. McAfee SuperDAT download here

2. select the file sdatXXXX.exe, XXXX indicates updated version (more or less the size of 110MB, a very large measure due to the virus definition database)

3. Save the file in the folder c: \ sdat (optional, adjust to your needs)

4. Sign in MS-DOS prompt (Start - Run - type cmd - Enter)

5. Type: cd \ sdat (Enter)

6. Do extract the file with the command: sdatXXXX.exe / e (Enter) - extract command was slow because of the large size of the file.

7. To scan, there are various command line include:

- Scan all local drives and sub-directory, all files: scan / all / adl / sub clean

- Scan the drive c: only all files: scan c: / all / sub / clean

- Scan the drive c: and d: all files in the log: scan c: d: / all / sub / clean / report c: \ log.txt

8. In the end scans, will appear Summary Scan results

If you want to update the virus definitions, then the following steps:
1. Download update the definition (DAT) here
2. Select file dat-XXXX.zip (Select the Windows & Netware File size approximately 65MB)
3. Extract the files in the folder where you extract the SuperDAT, example: c: \ sdat, Overwrite the file if its have questions..

Continue Reading >>

How to fix generic host process error

If you get a message Generic Host Process Error then connection to the Internet and LAN network is lost, maybe your computer has been infected with Conficker. The ability of the virus spread Conficker really aggressive.

Not limited to portable storage media like USB or memory card Flashdisk it but this virus can spread through a LAN network using bug (security holes) RPC DCOM service 3 which is an existing network operating system based on Windows 2000 or XP.

Conficker able to disable System Restore to reset the way "Restore Point" To prevent the victim eradicate this virus with the return path Restore Point. At the infected computer, Conficker will perform the function as a web server (HTTP server) to the local network. If any computer on a local network vulnerable DCOM RPC 3, then he will attack and if successful the victim's computer will download to the HTTP server had to then download and run the virus file.

 

Solution :

• You may download the patch for RPC DCOM bug from Microsoft here :http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
• Download Removal Tools from Antivirus Update here : http://free-antivirus-updates.blogspot.com/2009/12/w32conficker-and-w32downadup-removal.html

Continue Reading >>

How To Remove autorun.inf on Usb Flashdrive automatically?

The autorun.inf on USB Flashdrive or CD-ROM drive is file that contains primary instruction that associated with the Autorun function. Autorun.inf is a configuration file that tells the operating system which application to start, which icon to use, and which additional menu commands to make available. In other words, autorun.inf tells Windows how to deal open the presentation and treat the contents of the USB Flashdrive, CD-ROM or other Removable drive.

Unfortunately, Many worms and viruses these days uses autorun.inf file on USB and other removable media as their best medium of prorogation. Since autorun.inf instruct the system about the order of actions to be performed , the reverted autorun file executes the virus files then Infected the operating system.

The software called Autorun Eater is a tool made by Old McDonald to easily and automatically monitor and remove suspicious autorun.inf files found in the USB drive or root directory of drives C-Z. Yes, even before you access the drive.

Autorun Eater can:

• Detect and remove suspicious 'autorun.inf' files in real-time
• 'Refresh' your drive to its original state
• Prevent accidental execution of malicious files by 'autorun.inf' files
• Help you fix 3 common registry changes made by malicious files

 

Autorun Eater is Freeware and you can find the latest version from the autor website here : Autorun Eater is Freeware and you can find the latest version from the autor website here : http://oldmcdonald.wordpress.com

Continue Reading >>

W32.Conficker and W32.Downadup Removal Tools

Win32/Conficker has ranked the most extensive global threat was towards the end of the past year.Compared with previous variants, the latest variant is even more aggressive thanks to its ability to block the antivirus signature. To increase the destructive power even further, the creators have added functionality to spread by way of letting the USB key.

USB Key spreading functionality allows to infiltrate into the system via a USB key plays an important role in the success of its spread, because it often happens that an antivirus fails to detect these viruses, the only way to remove it is to update antivirus or use the removal tools.

Some antivirus developers have released an definition update and virus removal tools for w32.conficker, the following list :

• Microsoft : Windows Malicious Software Removal Tool
• ESET : Conficker Remover
• Sophos : Conficker Cleanup Tool

Continue Reading >>

Net-Worm.Win32.Kido.ih Removal

This worm spreads via local area networks and removable storage media. When Net-Worm.Win32.Kido.ih copies itself to remote computers, the worm creates a temporary file with a random extension. The worm itself is a Windows DLL Library file. The worm components vary in size from 155KB to 165KB and packed with UPX.

Once the Net-Worm.Win32.Kido.ih worm infected, it creates a system service which launches the worm’s executable file each time Windows is booted. The following registry key will be created :

[HKLM\SYSTEM\CurrentControlSet\Services\netsvcs]

And then modifies the following windows registry key value:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs" = "<original value> %System%\<rnd>.dll".

The Net-Worm.Win32.Kido.ih worm then launches an HTTP server on a random port, then used to download the worm's executable file to other computers in the same network as the victim machine and attacks via a buffer overrun vulnerability (MS08-067) in the Server service.

The Net-Worm.Win32.Kido.ih worm copies its executable file to removable media under the following name:

<Drive>:\RECYCLER\S-<%d%>-<%d%>-%d%>-%d%>-%d%>-%d%>-%d%>\<rnd>.vmx,

In addition to its executable file, the worm also creates file shown below in the root of every disk:

<Drive>:\autorun.inf

This file will launch the worm's executable file each time Explorer is used to open the infected removable drive.

Download Net-Worm.Win32.Kido.ih Removal Tools here

Continue Reading >>