Virus vbs / Cryf.A, Can Damage the CD / ROM DV

New virus has been detected from the observation Norman Security Suite, which detects the virus vbs / Cryf.A. According Vaksin.com, this virus has a lot of sophistication, such as sending the code, and the CD / DVD ROM drive and continue to open if closed will open again. Some cirri of the virus according to Vaksin.com:


In the IE browser will display her horrific.
HomepageIE akan changed with the message contains the "My World, Welcome, Shemale."
There is a folder "Album Bokep" on each hard disk drive and the icon file in the form of Windows Media Player
Change the file type shortcut [. Ink] to be a "Movie Clip"
Has a file name [drvconfg.drv] or device driver that is encrypted with a file size of 218KB, so can not be read
Hide file regedit.exe, tskmgr.exe. cmd.exe and MSConfig.exe, and form [. exe.lnk] with the same icon with the original file.
Block the function of Windows, as well as tools such as antivirus PCMAV local or ANSAV
Change the file type from "VBScript Script File" to "Application"
On the Normal mode, mode "safe mode" and "safe mode with command prompt"
Links [ANTIVIRUS.exe] to download the removal tools to clean the computer that is infected, and will go to the website [http://www.dinamikasolusi.co.nr], which contains' campaign book using Visual Basic ', which link created in a file that is stored in the directory [C: \ Windows \ help.htm]
How to clean virus vbs / Cryf.A:
1. Turn off the process that have a product name "Microsoft (r) Windows Script Host" with the way the process of select products that have a name "Microsoft (r) Windows Script Host", right click on the processes already in the block, select [Kill Processes Selected]
2. Block viruses use "Software Restriction Policies" (for Windows XP/2003/Vista/2008) with the type in the dialog box [Run] -> SECPOL.MSC-> Enter. Then the screen [Local Security Policy], select [Software Restriction policies], right click and select Create new policies], right-click [Additional Rule] -> [New Hash Rule].
3. The columns in the [File Hash], click [Browse] and select the file that will be blocked.
Fix Registry to run the file [FixRegistry.exe], download the 4shared.com/file/117095567/3ea8e8ce/_4__FixRegistry. Html
4. Delete files with the parent virus using a tool such as "Explorer XP (explorerxp.com / explorerxpsetup.exe)
Delete the following files:
•% drive%: \ Recycled \ S-1-5-21-343818398-18970151121-842a92511246-500 \ Thumbs.db

svchost.vbs
desktop.ini
drvco nfg.drv
SHELL32.dll
•% drive%: \ Album Bokep \ Naughty America
• C: \ windows

appsys.exe
Winupdt.scx
appopen.scx
Windowsopen.mht
Windows.html
R egedit.exe.lnk
Help.htm
• & n bsp; C: \ Windows \ system \ svchost.exe
• C: \ WINDOWS \ system32

Taskmgr.exe.lnk
CMD.exe.lnk
S vchost.dls
Corelsetup.scx
Appsys.dls
Kernel32.dls
Winupdtsys.exe
ssmarque.scr
& Bull; C: \ Program Files \ FarStone \ qbtask.exe
• C: \ Program Files \ ACDsee \ Launcher.exe
• C: \ Program Files \ Common Files \ NeroChkup.exe
• C: \ Program Files \ ExeLauncher
•% ProgramFiles% \ drivers \ VGA \ VGAdrv.lnk
• C: \ Documents and Settings \% username% \ Desktop \ Local Disk (C). Dls
• Flash Disk%: \> Dataku Important Do not Dihapus.lnk


5. Show file [TaskMgr.exe/Regedt32.exe/Regedit.exe/CMD.exe/Logoff.ex e] is hidden by the virus, I typed in the dialog box [Run] -> type CMD-> Enter. Then, type attrib-s-h-r-regedit.exe> Enter. With the same command can be used to display the file Taskmgr.exe, cmd.exe and Logoff.exe


6. For optimal cleaning and prevent infection, please re-install and scan with the antivirus is up-to-date. If you have clean, clear and delete rule block file [WSCript.exe] which was created in step no. (2), with the type SECPOL.MSC in the box [Run] from the [Start], then press Enter. On the screen [Local Security Policy], click 2x [Software Restriction policies] -> Additional Rule] -> delete the rule that has been made.


>