Tech Buzz

Attack Coutsonif.A virus threatens Yahoo Messenger and Skype should warning. This virus spreads by sending itself to all contacts in the address of the application from the infected computer.

Message at a glance like a message in general. But do not click the link to a given, though sent by your friend. The message was not sent by your colleagues, but by viruses that have infected your computer colleagues.

Well, if already infected, then it will automatically create a random file name with the extension. Tmp and. Exe that will be stored in the directory [C: \ Documents and Settings \% username% \ Local Settings \ Temp] with the name of the different .

Steps to eliminate Coutsonif.A Virus:

1. Disable ‘System Restore’ during the cleaning process.
2. Disable Windows autorun, so the virus can not be activated automatically when the access to the drive / flash disk.
Click the button ’start’
Click ‘run’
Type ‘GPEDIT.MSC’, without quotes. Then the screen will display ‘Group Policy’
On the ‘Computer Configuration and User Configuration,’ click ‘Administrative templates’
Click ‘System’
Right click on ‘Turn On Autoplay’, select ‘Properties’. Then the screen will appear ‘on Tun Autoplay propeties’
Tabulation on ‘Settings’, select’ Enabled ‘
On the ‘Tun off Autoplay on’ select ‘All drives’
Click ‘Ok’

3. Turn off the virus, use the tools’ security task manager ‘and delete the file [sysmgr.exe, vshost.exe, winservices.exe, *. tmp]

Just a note,. Tmp files that have indicated the extension TMP [example: 5755.tmp]. Right-click on the file and select ‘Remove’, select the option ‘Move files to Quarantine.

4. Repair registry that has been modified by the virus. To speed up the process of elimination, please copy the script below on the notepad program and save it with the name repair.inf. Run the file in the following manner: repair.inf Right-click, and select install.

[Version]
Signature=”$Chicago$”
Provider=Vaksincom Oyee

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKCU, SessionInformation, ProgramCount, 0×00010001,3
HKCU, AppEvents\Schemes\Apps\Explorer\BlockedPopup\.current,,,”C:\WINDOWS\media\Windows XP Pop-up Blocked.wav”
HKCU, AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current,,,”C:\Windows\media\Windows XP Recycle.wav”
HKCU, AppEvents\Schemes\Apps\Explorer\Navigating\.Current,,,”C:\Windows\media\Windows XP Start.wav”
HKCU, AppEvents\Schemes\Apps\Explorer\SecurityBand\.current,,,”C:\WINDOWS\media\Windows XP Information Bar.wav”

[del]

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft(R) System Manager
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, bMaxUserPortWindows Service help
HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, MaxUserPort

5. Remove virus file below:

C:\vshost.exe [all drive]

C:\autorun.inf [all drive]

C:\RECYCLER\S-1-5-21-9949614401-9544371273-983011715-7040\winservices.exe

C:\Documents and Settings\%user%\Local Settings\Temp

A415.tmp [acak]

034.exe [acak]

Lady_Eats_Her_Shit–www.youtube.com

C:\WINDOWS\system32\sysmgr.exe

C:\WINDOWS\TEMP\5755.tmp

C:\windows\system32\crypts.dll

C:\windows\system32\msvcrt2.dll

6. For optimal cleaning and prevent reinfection, please use the antivirus can detect and eradicate this virus up to date. You can also download tools in Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe

Related posts:

1. Yahoo Messenger Virus Cleanup Yahoo Messenger virus can update your antivirus like by...
2. How to Remove W32/Smalltroj. VPCG Virus W32/Smalltroj. VPCG Virus is one of malware that popular at...
3. How to Open Folder in New Window As a computer user is often required to work with...
4. How to Clean Virus VBS/Cryf.A How to clean virus vbs / Cryf.A: 1. Turn off...
5. Tricks Removing Autorun.inf Virus Antivirus software you have found the virus before you open...

Related posts brought to you by Yet Another Related Posts Plugin.