November 18, 2011

 How to Remove 81u3f4nt45y Virus



How to Remove 81u3f4nt45y - 24.01.2007 - SURABAYA Virus

81u3f4nt45y - 24.01.2007 - Surabaya It's a virus that often comes up at your booting, just exactly before the Windows Welcome Screen.

It shows this message: " Surabaya in my birthday
Don’t kill me, I’m just send message from your computer………………. '’ is a W32.Drower W32/Drowor.worm.


> First you must Disable System Restore point.

I will explain how to disable system restore :

STEP  1:  

> Click Start button.
Then Right-click the My Computer and then click Properties.
> Click the System Restore tab.
Check the box "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this picture below.
> Click Apply.
When turning off System Restore, the existing restore points will be deleted. Click Yes.
> Click OK button.
When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.


STEP  2:

Disable "Adobe Online.com" and "Adobe Update.com"
How to Disable "Adobe Online.com" and "Adobe Update.com" :
Press Ctrl + Shift + Esc (Windows Task Manager)
Go to "Processes" tab and find “Adobe Online.com" and "Adobe Update.com"
If the file still available on "Processes", try "End Process Tree"


STEP 3:

After that open registry editor click Edit > Find > in the Find bar type Surabaya and click OK.
The location of any file that belong to Surabaya will be displayed for you. Delete any of them by right-clicking on the file on the dropdown menu and delete it.


STEP 4:

Repair Registry
How to Repair :
Open the Notepad
Copy and paste this code into your text editor and save with name "repair.inf" (Note : Select "All Files" not Text Documents)


Source Code

*******************************************************************************************************

[Version]
Signature="$Chicago$"

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWARE\Classes\scrfile,,,"Screen Saver"

[del]
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, LegalNoticeCaptio
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, LegalNoticeText
HKLM, SOFTWARE\Classes\scrfile, InfoTip
HKLM, SOFTWARE\Classes\scrfile, NeverShowExt
HKLM, SOFTWARE\Classes\scrfile, TileInfo
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

*******************************************************************************************************

Right Click the file and then choose "Install"


STEP 5:

Delete the Virus
How to Delete the Virus :
First open Windows Explorer or press (Ctrl + E)
Go to C:\Document and Settings\%username%\Start Menu\Programs\Startup\
Delete Adobe Online.com and Adobe Update.com
Delete folder with size +/- 40Kb, "autorun.inf", "Thumbs.com", and "Thumbs.db" within all drive


STEP 6:

Show Hidden Files
How to Show Hidden Files :
Open Command Prompt
Type:  attrib -s -h /s /d and press enter ( Note : Do it on all drives )
For Example:    C:\attrib -s -h /s /d
                        D:\attrib -s -h /s /d


>> Restart your computer before the changes that you make affect.


Note:
This virus generally reaches to your computer through any USB drive (Pen drive or Hard disc). Whenever you plug your USB drive into any other PC, infected with this virus, the virus will infect this drive and will infect the next computer, in which the drive is plugged in next time. So it’s always advisable not to open the drives directly (USB Pen drive or Hard disk does not open with double click). Instead always right click on the drive and select open option. If at all you see the first option as “autorun”, after you right click on the USB drive, this means that the drive is infected; it means that it is infected with some virus or it was infected with some virus but the autorun.inf is still in the directory of your USB device.

That's all.

Search Terms : How to, Remove SURABAYA-81u3f4nt45y-24-01-2007 Virus, Surabaya (81u3f4nt45y - 24.01.2007, booting virus, Removal 81u3f4nt45y Virus, message "81u3f4nt45y, virus 81u3f4nt45y, Virus surabaya 81u3f4nt45y, W32/VBWorm, Virus BlueFantasy 81u3f4nt45y, Fix "81u3f4nt45y-24-01-2007 surabaya virus", Worm/VB.bdy, W32/Drowor.worm,  [REMOVED]k1m0" Worm, W32.Drower, Surabaya in my birthday


CAUTION! : These tips and tricks are advanced, we can not guarantee that you will be able to solve your problem that result from using tips and tricks incorrectly and is used at your own risk.
Category: Tips & Tricks
Operating System : Windows

1 comments:

Rahman Mudsa said...Best Blogger Tips[Reply to comment]Best Blogger Templates

Wow cool! Thankyou

Post a Comment

Your Ad Here