Memunculkan folder yang disembunyikan Virus
untuk memunculkan kembali folder-folder yang disembunyikan pada flashdisk dan folder system32 Windows harus dilakukan secara manual melalui command prompt dengan perintah attrib.
attrib -r -h -s F:\*.* /s/d
F adalah drive untuk Flashdisk atau
Klik Start > Run
ketik cmd
masuk ke drive flashdisk, mis drive F
ketik F:
trus attrib -s -h /S /D
perintah di atas bakalan munculin lagi folder2 yg di hidden, termasuk sub-sub folder di dalamnya serta file2 yang ada.
Kembalikan file ms.word yang disembunyikan oleh virus Decoy.A
* Klik [Start]
* klik [Run]
* ketik [cmd]
* kemudian tekan tombol [Enter]
Attrib –s –h C:\*.doc /s , kemudian tekan tombol [Enter]
Cataatn: jika ingin mengembalikan data ms.word yang ada didrive lain
[contoh: D atau USB] tulis perintah diatas dengan mengganti lokasi drive ayang akan diperiksa, dengan format Attrib –s –h %lokasi drive%:\*.doc /s
Contoh : Attrib –s –h D:\*.doc /s
RontrokBro
[Version]
Signature="$ Chicago$"
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\ exefile\shell\ open\command, ,,"""%1"" %*"
HKLM, Software\CLASSES\ batfile\shell\ open\command, ,,"""%1"" %*"
HKLM, Software\CLASSES\ comfile\shell\ open\command, ,,"""%1"" %*"
HKLM, Software\CLASSES\ exefile\shell\ open\command, ,,"""%1"" %*"
HKLM, Software\CLASSES\ piffile\shell\ open\command, ,,"""%1"" %*"
HKLM, Software\CLASSES\ regfile\shell\ open\command, ,,"regedit. exe "%1""
HKLM, Software\CLASSES\ scrfile\shell\ open\command, ,,"""%1"" %*"
HKLM, SYSTEM\ControlSet00 1\Control\ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM\ControlSet00 2\Control\ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM\CurrentContr olSet\Control\ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Winlogon, Shell,0, "Explorer.exe"
HKCU, Control Panel\International , s1159,0, "AM"
HKCU, Control Panel\International , s2359,0, "PM"
HKLM, SOFTWARE\Classes\ exefile,, ,"Application"
HKCU, Control Panel\Desktop, SCRNSAVE. EXE ,0,
[del]
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Policies\ System
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Run, 4k51k4
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Run, MSMSGS
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Policies\ Explorer, NoFolderOptions
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Run, System Monitoring
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ Explorer, NoFolderOptions
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ System, DisableRegistryTool s
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ System, DisableTaskMgr
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableSR
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Microsoft\ Windows\CurrentV ersion\Run, System Monitoring
HKLM, SOFTWARE\Microsoft\ Windows\CurrentV ersion\policies\ system, DisableCMD
HKLM, SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Winlogon, LegalNoticeText
HKLM, SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Winlogon, LegalNoticeCaption
HKLM, SOFTWARE\Policies\ Microsoft\ Windows\Installe r, LimitSystemRestoreC heckpointing
HKLM, SOFTWARE\Policies\ Microsoft\ Windows\Installe r, DisableMSI
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableSR
amora
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, winlogon
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoControlPanel
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoSetFolders
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Run, MSMSGS
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Policies\ Explorer, NoFolderOptions
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Run, System Monitoring
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ Explorer, NoFolderOptions
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ System, DisableRegistryTool s
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ System, DisableTaskMgr
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableSR
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Microsoft\ Windows\CurrentV ersion\Run, System Monitoring
HKLM, SOFTWARE\Microsoft\ Windows\CurrentV ersion\policies\ system, DisableCMD
HKLM, SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Winlogon, LegalNoticeText
HKLM, SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Winlogon, LegalNoticeCaption
HKLM, SOFTWARE\Policies\ Microsoft\ Windows\Installe r, LimitSystemRestoreC heckpointing
HKLM, SOFTWARE\Policies\ Microsoft\ Windows\Installe r, DisableMSI
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableSR
attrib -r -h -s F:\*.* /s/d
F adalah drive untuk Flashdisk atau
Klik Start > Run
ketik cmd
masuk ke drive flashdisk, mis drive F
ketik F:
trus attrib -s -h /S /D
perintah di atas bakalan munculin lagi folder2 yg di hidden, termasuk sub-sub folder di dalamnya serta file2 yang ada.
Kembalikan file ms.word yang disembunyikan oleh virus Decoy.A
* Klik [Start]
* klik [Run]
* ketik [cmd]
* kemudian tekan tombol [Enter]
Attrib –s –h C:\*.doc /s , kemudian tekan tombol [Enter]
Cataatn: jika ingin mengembalikan data ms.word yang ada didrive lain
[contoh: D atau USB] tulis perintah diatas dengan mengganti lokasi drive ayang akan diperiksa, dengan format Attrib –s –h %lokasi drive%:\*.doc /s
Contoh : Attrib –s –h D:\*.doc /s
RontrokBro
[Version]
Signature="$ Chicago$"
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\ exefile\shell\ open\command, ,,"""%1"" %*"
HKLM, Software\CLASSES\ batfile\shell\ open\command, ,,"""%1"" %*"
HKLM, Software\CLASSES\ comfile\shell\ open\command, ,,"""%1"" %*"
HKLM, Software\CLASSES\ exefile\shell\ open\command, ,,"""%1"" %*"
HKLM, Software\CLASSES\ piffile\shell\ open\command, ,,"""%1"" %*"
HKLM, Software\CLASSES\ regfile\shell\ open\command, ,,"regedit. exe "%1""
HKLM, Software\CLASSES\ scrfile\shell\ open\command, ,,"""%1"" %*"
HKLM, SYSTEM\ControlSet00 1\Control\ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM\ControlSet00 2\Control\ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SYSTEM\CurrentContr olSet\Control\ SafeBoot, AlternateShell, 0, "cmd.exe"
HKLM, SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Winlogon, Shell,0, "Explorer.exe"
HKCU, Control Panel\International , s1159,0, "AM"
HKCU, Control Panel\International , s2359,0, "PM"
HKLM, SOFTWARE\Classes\ exefile,, ,"Application"
HKCU, Control Panel\Desktop, SCRNSAVE. EXE ,0,
[del]
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Policies\ System
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Run, 4k51k4
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Run, MSMSGS
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Policies\ Explorer, NoFolderOptions
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Run, System Monitoring
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ Explorer, NoFolderOptions
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ System, DisableRegistryTool s
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ System, DisableTaskMgr
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableSR
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Microsoft\ Windows\CurrentV ersion\Run, System Monitoring
HKLM, SOFTWARE\Microsoft\ Windows\CurrentV ersion\policies\ system, DisableCMD
HKLM, SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Winlogon, LegalNoticeText
HKLM, SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Winlogon, LegalNoticeCaption
HKLM, SOFTWARE\Policies\ Microsoft\ Windows\Installe r, LimitSystemRestoreC heckpointing
HKLM, SOFTWARE\Policies\ Microsoft\ Windows\Installe r, DisableMSI
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableSR
amora
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, winlogon
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoControlPanel
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoSetFolders
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Run, MSMSGS
HKCU, Software\Microsoft\ Windows\CurrentV ersion\Policies\ Explorer, NoFolderOptions
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Run, System Monitoring
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ Explorer, NoFolderOptions
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ System, DisableRegistryTool s
HKLM, Software\Microsoft\ Windows\CurrentV ersion\Policies\ System, DisableTaskMgr
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableSR
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Microsoft\ Windows\CurrentV ersion\Run, System Monitoring
HKLM, SOFTWARE\Microsoft\ Windows\CurrentV ersion\policies\ system, DisableCMD
HKLM, SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Winlogon, LegalNoticeText
HKLM, SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Winlogon, LegalNoticeCaption
HKLM, SOFTWARE\Policies\ Microsoft\ Windows\Installe r, LimitSystemRestoreC heckpointing
HKLM, SOFTWARE\Policies\ Microsoft\ Windows\Installe r, DisableMSI
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Policies\ Microsoft\ Windows NT\SystemRestore, DisableSR
Comments