prevent to enter it worm from flashdisk to computer
recently so much person is attacked worm computer, the mortally that all come from flashdisk curse that tulari worm previous. macam2 lah name worm, there thumbs. db. com, there smss. exe, alman, ah many deh, make us hysterics aja if hit tu worm. worm that make file autorun. inf the function ”membuat or contents increase from context menu in click right drive like auto, open, explorer, etc that command meng-eksekusi file worm exist in flashdisk”. well. . next tips to prevent the mentioned happen;
1. accustom to open flashdisk via explorer, click right start, then choose explore. then to open contents flashdisk, click drive flashdisk, for example in place you driveletter flasdisk font e, so click left drive e: in windows left part (what yes the name? ? , existing + - he), at the same moment will come up contents from drive we shall click left a while ago at windows starboard.
2. don't occasionally open flashdisk by click 2 times flashdisk
3. open flashdisk by click kanan>open, now not safe again, command open and explorer can be replaced by several kinds worm. so, use step 1 to open flasdisk.
4. search file with extension. exe; . scr; . com in flashdisk.
stage seacrhing:
- click start
- click search
- click all files and folders
- (in textbox first contents with. exe; . scr; . com while to textbox second let empty)
- arrange look in he is to driveletter flasdisk you, for example e:
- click more advanced options, then ceklist in part search system folders, search subfolders, search hidden files and folders
- preparation search finished, but before that must show extension from itself file (his default is extension must not appear). the mentioned useful later at the (time) of analysis. langkah2:
click tools (in pothouse menu part explorer), choose folder options, take tab view. .
click option [b]show hidden files and folders, eliminate ceklist in part; 1. hide ekstension for known file types 2. hide protected operating system files
note: all files later be seen the extension, picture file for example will be seen nama_file_gambar. jpg, if hide his extension is our ceklist again, so picture file will be seen the name nama_file_gambar
click apply and ok.
- preparation for analysis completed, now is clicking search.
- if meet, now we are enterring analysis stage. ^
analysis stage:
- after spring up files bertipe stage consequence application searching a while ago, so now we are that application analysis is whatting him worm or not.
- look at file icon, if icon yes formed folder, text document, jpeg (picture file), explorer, or another windows default icon, so file suitable suspected as worm.
- the file nameds: smss. exe, msconfig. exe, lsass. exe, winlogon. exe, svchost. exe, userinit. exe, csrss. exe, services. exe why membilang suspicious looking? ? because file2 be file should reside in merectory c: \windows\system32, strange kan kok in flashdisk? . besides usually worm use name that challenge to at click, for example don't click me, click here, photo xxx, video miyabi new sexy, scandal, jekel, krack, technique whom they use in here the name social engineering. they make use human original character, that is taste wants tau. well file that belong category above suitable suspected.
- little relative file size, worm usually measure little (even less virus, can size byte), usually worm measure under 250 kb, if bigger the size, mean one who make worm that is new coba2 in the case of make worm (still cupu, hahahaha, but kalo his size is until 2 giga, whew respect dah same that make it, hehehe), size worm too big can evoke possibility bug big also. then sort kan lah file that we can pass searching a while ago by: click right > arrange icons by size. then give all mind to you in file that measure between 20 kb up to 250 kb. classify file based on suitable file was suspected a while ago. until this stage actually you can mendelete suitable file be suspected a while ago. if we like to your confidence increase is this worm or not, continue your reading. ^
- suitable file is suspected has double extension (sometimes also kok caw, this only in addition aja). file for example jekel in school. 3gp. exe well. . file jekel in school clear use technique social engineering, the maker worm make use human original character, that is taste wants tau. besides, necessary we look at here, file whom we consider 3gp (fake ekstension) has addition extension at the hind, that is exe(real ekstension).
[i]note: here's the to it you cause the loss of ceklist in hide ekstension for known, so that extension truthfully that appear, if you don't cause the loss of ceklist in hide ekstension for known, so that seen jekel in school. 3gp, augmenting also worm he is ber-icon 3gp your confidence increase that this not worm, watch formerly ah. . . just like. . . like gini ne soft target worm
but, there but it ne, sometimes worm shake make fake ekstension, so him direct aja pake extension exe without there addition fake ekstension, so caw takes care until this stage also father caw. you can delete suitable file be suspected at previous step.
- latest step, look for file by the name of autorun. inf (this file is that causess us may not origin click 2 times in flashdisk). if meet direct delete, ga take care courtesy.
5. now is opening notepad, contents with words whom you like, for example" ardall sharp-looking deh. . . . ^, so virus don't step into flashdisk this yes! ! plzzzz (caw there the connection kale)" , then save file by the name of autorun. inf, then change save axis types he soes all files. save this file is at flashdisk you, membagian front (in short not in folder).
then change attribut his file is system, read-only, hidden. its way? ? ?
open command prompt. . . . its way? ? ?
oh my is god. . .
- click start, click run, type cmd, so command prompt will appear.
- direct type vigorously cd /d huruf_flashdisk: kalo flashdisk you is on font f, so:
cd /d f:
- type again fully be careful (remember. . . be careful)
attrib r s h autorun. inf
- selesai#
6. edit registry so that windows memblock application execution by the name of certain. (names usually mempake worm, don't contents by the name of like smss. exe, coz that is kan original windows program)
virus general names or worm: new folder. exe, bird influenza. exe, miss. exe, poetry. exe, myheart. exe, add data nama2 this virus every you are hitted virus and worm. then open regedit:
- click start, click run, type regedit
- look for key next: hkey_current_user\software\microsoft\windows\curre ntversion\policies\
- after meet, make key new, click right in key policies, then choose new > key
- rename be explorer
- make key new again be explorer, click right in explorer, click new > key
- rename be menyallowrun
- move to starboard, click right there, then choose new > string value
- rename be 1, click 2 times, then change value the data is virus general names or worm that mentioned on (remember don't contents by the name of windows original application, like smss. exe, winlogon. exe, system. exe, svchost. exe)
- contents with miss. exe (one data, 1 value, so to make string value again to put into other names, but on condition that the name is 2,3,4,5 and further.
7. latest matter necessary is done to prevent worm that made from vb road at our computer (very effective loh), with merename file msvbvm60. etc located in:
c: \windows\system32\msvbvm60. etc
up to want at rename by the name of what, if i am sih by the name of msvbvm60. dllx
(this file will not -rename kalo there application/program that made from vb road, is soing if you infection worm that are made with vb rata-rata sih worm local make from vb*, so don't hope this file can -rename, even msvbvm60. etc that -ilanginnya)
then gimana? ? ? ? ? ? calm. . . this is kan article about prevention. . . hehehe. . . read my article about the eradication. . . .
nah… with follow steps, likely you are unnecessary again antivirus, yak denunciated? ? ? i am aja caw pake antivirus, make heavy computer aja, even less time maen warcraft, but kalo want pake antivirus also pake aja mcafee. follow cave again here;
1. karspersky counter virus
surplus: top abis, the best antivirus, can clean file exe infection worm (not worm sih, but half worm half virus) or virus
deficit: eat resource computer too much, heavy, his update is difficult, must pake aktivasi2, ribet dah…
2. pcmav (good also, love product in country)
surplus: effective to worm or worm local, can clean file exe infection worm (although ga all)
deficit: still there bug, heavy if rtp (real time protector) he is alive, still pake caption in window he, so easy at kill ma virus kalo pcmav again road.
3. mcafee
surplus: good to worm local and long distance (loh kok long distance? ? )
deficit: if wrong update, mcafee he ga can mempake again loh, although menstal repeatedly
4. avg
surplus: light, hurry
deficit: maen delete ja. . . (unfortunate ne av, not berprikemanusian). . cave application that hit worm not at heal, but -delete.
5 nortons
surplus: good. . baguss. . . and baguss. . . . easy updatenya…
deficit: heavy. . heavy. . and berat….
1. accustom to open flashdisk via explorer, click right start, then choose explore. then to open contents flashdisk, click drive flashdisk, for example in place you driveletter flasdisk font e, so click left drive e: in windows left part (what yes the name? ? , existing + - he), at the same moment will come up contents from drive we shall click left a while ago at windows starboard.
2. don't occasionally open flashdisk by click 2 times flashdisk
3. open flashdisk by click kanan>open, now not safe again, command open and explorer can be replaced by several kinds worm. so, use step 1 to open flasdisk.
4. search file with extension. exe; . scr; . com in flashdisk.
stage seacrhing:
- click start
- click search
- click all files and folders
- (in textbox first contents with. exe; . scr; . com while to textbox second let empty)
- arrange look in he is to driveletter flasdisk you, for example e:
- click more advanced options, then ceklist in part search system folders, search subfolders, search hidden files and folders
- preparation search finished, but before that must show extension from itself file (his default is extension must not appear). the mentioned useful later at the (time) of analysis. langkah2:
click tools (in pothouse menu part explorer), choose folder options, take tab view. .
click option [b]show hidden files and folders, eliminate ceklist in part; 1. hide ekstension for known file types 2. hide protected operating system files
note: all files later be seen the extension, picture file for example will be seen nama_file_gambar. jpg, if hide his extension is our ceklist again, so picture file will be seen the name nama_file_gambar
click apply and ok.
- preparation for analysis completed, now is clicking search.
- if meet, now we are enterring analysis stage. ^
analysis stage:
- after spring up files bertipe stage consequence application searching a while ago, so now we are that application analysis is whatting him worm or not.
- look at file icon, if icon yes formed folder, text document, jpeg (picture file), explorer, or another windows default icon, so file suitable suspected as worm.
- the file nameds: smss. exe, msconfig. exe, lsass. exe, winlogon. exe, svchost. exe, userinit. exe, csrss. exe, services. exe why membilang suspicious looking? ? because file2 be file should reside in merectory c: \windows\system32, strange kan kok in flashdisk? . besides usually worm use name that challenge to at click, for example don't click me, click here, photo xxx, video miyabi new sexy, scandal, jekel, krack, technique whom they use in here the name social engineering. they make use human original character, that is taste wants tau. well file that belong category above suitable suspected.
- little relative file size, worm usually measure little (even less virus, can size byte), usually worm measure under 250 kb, if bigger the size, mean one who make worm that is new coba2 in the case of make worm (still cupu, hahahaha, but kalo his size is until 2 giga, whew respect dah same that make it, hehehe), size worm too big can evoke possibility bug big also. then sort kan lah file that we can pass searching a while ago by: click right > arrange icons by size. then give all mind to you in file that measure between 20 kb up to 250 kb. classify file based on suitable file was suspected a while ago. until this stage actually you can mendelete suitable file be suspected a while ago. if we like to your confidence increase is this worm or not, continue your reading. ^
- suitable file is suspected has double extension (sometimes also kok caw, this only in addition aja). file for example jekel in school. 3gp. exe well. . file jekel in school clear use technique social engineering, the maker worm make use human original character, that is taste wants tau. besides, necessary we look at here, file whom we consider 3gp (fake ekstension) has addition extension at the hind, that is exe(real ekstension).
[i]note: here's the to it you cause the loss of ceklist in hide ekstension for known, so that extension truthfully that appear, if you don't cause the loss of ceklist in hide ekstension for known, so that seen jekel in school. 3gp, augmenting also worm he is ber-icon 3gp your confidence increase that this not worm, watch formerly ah. . . just like. . . like gini ne soft target worm
but, there but it ne, sometimes worm shake make fake ekstension, so him direct aja pake extension exe without there addition fake ekstension, so caw takes care until this stage also father caw. you can delete suitable file be suspected at previous step.
- latest step, look for file by the name of autorun. inf (this file is that causess us may not origin click 2 times in flashdisk). if meet direct delete, ga take care courtesy.
5. now is opening notepad, contents with words whom you like, for example" ardall sharp-looking deh. . . . ^, so virus don't step into flashdisk this yes! ! plzzzz (caw there the connection kale)" , then save file by the name of autorun. inf, then change save axis types he soes all files. save this file is at flashdisk you, membagian front (in short not in folder).
then change attribut his file is system, read-only, hidden. its way? ? ?
open command prompt. . . . its way? ? ?
oh my is god. . .
- click start, click run, type cmd, so command prompt will appear.
- direct type vigorously cd /d huruf_flashdisk: kalo flashdisk you is on font f, so:
cd /d f:
- type again fully be careful (remember. . . be careful)
attrib r s h autorun. inf
- selesai#
6. edit registry so that windows memblock application execution by the name of certain. (names usually mempake worm, don't contents by the name of like smss. exe, coz that is kan original windows program)
virus general names or worm: new folder. exe, bird influenza. exe, miss. exe, poetry. exe, myheart. exe, add data nama2 this virus every you are hitted virus and worm. then open regedit:
- click start, click run, type regedit
- look for key next: hkey_current_user\software\microsoft\windows\curre ntversion\policies\
- after meet, make key new, click right in key policies, then choose new > key
- rename be explorer
- make key new again be explorer, click right in explorer, click new > key
- rename be menyallowrun
- move to starboard, click right there, then choose new > string value
- rename be 1, click 2 times, then change value the data is virus general names or worm that mentioned on (remember don't contents by the name of windows original application, like smss. exe, winlogon. exe, system. exe, svchost. exe)
- contents with miss. exe (one data, 1 value, so to make string value again to put into other names, but on condition that the name is 2,3,4,5 and further.
7. latest matter necessary is done to prevent worm that made from vb road at our computer (very effective loh), with merename file msvbvm60. etc located in:
c: \windows\system32\msvbvm60. etc
up to want at rename by the name of what, if i am sih by the name of msvbvm60. dllx
(this file will not -rename kalo there application/program that made from vb road, is soing if you infection worm that are made with vb rata-rata sih worm local make from vb*, so don't hope this file can -rename, even msvbvm60. etc that -ilanginnya)
then gimana? ? ? ? ? ? calm. . . this is kan article about prevention. . . hehehe. . . read my article about the eradication. . . .
nah… with follow steps, likely you are unnecessary again antivirus, yak denunciated? ? ? i am aja caw pake antivirus, make heavy computer aja, even less time maen warcraft, but kalo want pake antivirus also pake aja mcafee. follow cave again here;
1. karspersky counter virus
surplus: top abis, the best antivirus, can clean file exe infection worm (not worm sih, but half worm half virus) or virus
deficit: eat resource computer too much, heavy, his update is difficult, must pake aktivasi2, ribet dah…
2. pcmav (good also, love product in country)
surplus: effective to worm or worm local, can clean file exe infection worm (although ga all)
deficit: still there bug, heavy if rtp (real time protector) he is alive, still pake caption in window he, so easy at kill ma virus kalo pcmav again road.
3. mcafee
surplus: good to worm local and long distance (loh kok long distance? ? )
deficit: if wrong update, mcafee he ga can mempake again loh, although menstal repeatedly
4. avg
surplus: light, hurry
deficit: maen delete ja. . . (unfortunate ne av, not berprikemanusian). . cave application that hit worm not at heal, but -delete.
5 nortons
surplus: good. . baguss. . . and baguss. . . . easy updatenya…
deficit: heavy. . heavy. . and berat….
Comments