cara membasmi virus lokal

Biasanya virus lokal dibuat dengan VB, coba Anda gunakan tools KillVB untuk mematikan semua proses file VB (http://www.compactbyte.com/brontok/killvb.zip). Kemudian cek ulang dengan mengggunakan tools proceexp (http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx) untuk memastikan apakah proses virus tersebut sudah berhasil dimatikan.

Kemudian jalankan file repair.inf (untuk mengaktifkan fungsi Windows seperti folder options/regedit/task manager dll).

[Version]
Signature="$Chicago$"
Provider=Vaksincom

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1



[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NOFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NORun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe, debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe, debugger

Hapus file yang duplikat yang dibuat oleh virus. Untuk menghapus file ini Anda harus mengetahui jenis icon yang digunakan dan ukuran file tersebut baru menghapusnya. Untuk mempermudah proses penghapusan Anda dapat mengggunakan "Search" (jika tidak diblok). Sebelum mencari file virus sebaiknya tampilkan semua file yang disembunyikan dengan centang "show hidden files and folders" dan menonaktifkan opsi "hide extention for known file types" dan "hide protected operating system (recommanded)" pada Folder Options"

Scan dengan antivirus yang up-to-date

Untuk analisa lebih jauh, silahkan kirimkan contoh virusnya. klik link berikut untuk lebih jelasnya.

http://vaksin.com/hall_of_fame.htm

Semoga membantu