How To Cope With The Video File-Eating Virus

Virus eaters video file, W32/
Agent.QEYJ, would be a threat to bully those who use the computer as storage facilities,
video / film. Therefore, this virus could eat up everything.
Here are eight steps to silence the 'greedy mouths' of the virus, according to analysts Vaksincom virus Adang Jauhar Taufik :

1. Turn off " System Restore " during the cleaning process.


2. Turn off the active virus in memory. You can use the tools " Security Task Manager " by
   downloading the http://www.neuber.com/taskmanager/download.html address.
   Turn off the virus that has the name " svchost.exe " and " Multimedia Video File ", or files that point to the directory ". \ Program Files \ Windows Media Player \".


3. Fix Windows registry that has been modified by a virus. To expedite the repair process copy
   the script below on notepad, then save with the name " repainr.inf ". Run the file by the way, right - click " repair.inf " and click " install ".
   
   [Version]
   Signature = "$ Chicago $"
   
   Provider = Vaksincom Oyee
   
   [DefaultInstall]
   AddReg = UnhookRegKey
   
   DelReg = del
   
   [UnhookRegKey]
   HKLM, Software\CLASSES\batfile\shell\open\command ,,,"""% 1 ""% * "
   
   HKLM, Software\CLASSES\comfile\shell\open\command ,,,"""% 1 ""% * "
   
   HKLM, Software\CLASSES\exefile\shell\open\command ,,,"""% 1 ""% * "
   
   HKLM, Software\CLASSES\piffile\shell\open\command ,,,"""% 1 ""% * "
   
   HKLM, Software\CLASSES\regfile\shell\open\command,,, "regedit.exe"% 1 ""
   
   HKLM, Software\CLASSES\scrfile\shell\open\command ,,,"""% 1 ""% * "
   
   HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell, 0, " Explorer.exe "
   
   HKLM, SYSTEM\ControlSet001\Control, WaitToKillServiceTimeout, 0, " 2000 "
   
   HKLM, SYSTEM\CurrentControlSet\Control, WaitToKillServiceTimeout, 0, " 2000 "
   
   HKCU, Software\Microsoft\Internet Explorer\Extensions\CmdMapping, NextId, 0, "8194"
   
   HKCU, Software\Microsoft\Internet Explorer\Extensions\CmdMapping,
   (92780B25-18CC-41C8-B9BE-3C9C571A8263), 0 " 8194 "
   
   HKLM, SOFTWARE\Classes\lnkfile,,, " Shortcut "
   
   HKLM, SOFTWARE\Microsoft\Security Center, AntiVirusDisableNotify, 0x00010001, 0
   
   HKLM, SOFTWARE\Microsoft\Security Center, FirewallDisableNotify, 0x00010001, 0
   
   HKLM, SOFTWARE\Microsoft\Security Center, UpdatesDisableNotify, 0x00010001, 0
   
   HKLM, SOFTWARE\Microsoft\Security Center, AntiVirusOverride, 0x00010001, 0
   
   HKLM, SOFTWARE\Microsoft\Security Center, FirewallOverride, 0x00010001, 0
   
   HKLM, SOFTWARE\Microsoft\Security Center, UacDisableNotify, 0x00010001, 0
   
   [Del]
   HKCU, Software\Microsoft\Windows\
   CurrentVersion\Run, Windows Media Player
   
   HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system, EnableLUA
   
   HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, defaultValue
   
   HKLM, SOFTWARE\Microsoft\Security Center\SVC
   
   HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\PropSummary
   
   HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32


4. Remove files created by the parent virus with the first show hidden files first, and how:
   
   Open Windows Explorer
   
   • Click the " Tools " menu
   
   
   • Click " View " menu
   
   
   • Click " Folder Options "
   
   
   • Click the tab " View "
   
   
   • Check the option " Show hidden files and folders "
   
   
   • Remove the checkmark on the option " Hide extensions for Known files types "
   
   
   • Remove the checkmark on the option " Hide protected operating system files (Recommended)
   
   
   • Click " OK "
   
   
   Then delete the following files :
   § C: \Program Files\Windows Media Player
   · Svchost.exe
   · Wmplayerc.exe
   
   § C: \Documents and Settings\client\MyDocuments\Recycler
   
   § Recycler (remove the faithful drives including Flash Disk)


5. Remove the shortcut files created by the virus in each drive including flash disk with the
   characteristics :
   
   • Size 2 KB (shortcut file)
   
   
   • Icon 'Folder' (shortcut file)


6. Remove duplicate file is also created by the virus with the characteristics :
   
   • Size of 66 KB and 575 KB
   
   
   • Icon " Windows Media Player Classic "
   
   
   • The file type " Application "
   
   
   The location of this file at random depending on where you store files film/video, because this duplicate file will be created in the same directory as the file storage film/video. For that to accelerate the search process and the elimination
   would recommend that you use the function " Windows Search ".


7. Show folders/subfolders are hidden by the way :
   
   • Click " Start "
   
   
   • Click " Run "
   
   
   • Type in CMD, then click the " OK "
   
   
   • Move cursor position to the
     location of the drive that will be
     checked, then type the command
     attrib-S-H-R / S / D


8. For optimal cleaning and prevent infection and re-install the antivirus scan using an up-to-date.
   You can also mendwnload Norman Malware Cleaner at the following address : http://www.norman.com/support/support_tools/58732/en

Category: Computer, Tips and tricks