patrick PT Mods
Number of posts : 2827 Age : 50 Location : Makati Bike : KOT MS2 I ride a : Stock Registration date : 2008-02-25
| Subject: How to remove Long Live Sowar Fri Aug 15, 2008 11:54 pm | |
| Nahirapan ako tangalin ito kasi ang kulit pero madali lang pala. Nakukuha ito sapagsaksak ng flash disk sa ibat ibang pc na infected. Bale di ma solve ng reformat unless lahat lahat i reformat mo pati flash drive mo, problema pagsaksak ng flash mo yari na pc mo. dito ko nakuha yung effective http://www.bleepingcomputer.com/forums/topic163055.html - Quote :
- After the above, continue as follows:
Reboot your computer in "Safe Mode" or "Safe Mode With Command Prompt" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode With Command Prompt".
Go to Start > Run and type: cmd
* press Ok. * At the command prompt, type in your primay drive location, usually C: * You may need to change the directory. If so type: cd \ * Hit Enter. * Type: attrib -s -h -r -a autorun.inf * Hit Enter. * Type: dir * Hit Enter. This will allow you to see and confirm the Autorun files. * Type: del autorun.inf * Hit Enter. * Repeat the above commands for each drive on your computer including your flash/usb drive.
Now search for and remove sowar.vbs, SysRes.vbs, Cool USEP Scandal.vbs if still present
* At the command prompt, type in your primay drive location, usually C: * Hit Enter. * Type: attrib sowar.vbs.* -s -h -r -a * Hit Enter. * Type: dir /s sowar.vbs * Hit Enter. * If the file is present, type: del sowar.vbs * Hit Enter. * Repeat the above commands for each drive on your computer including your flash/usb drive. * Then repeat these instructions to search for and delete SysRes.vbs, Cool USEP Scandal.vbs on each drive if present. * Exit the command prompt and reboot normally.
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. * The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well. Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present. * Wait until it has finished scanning and then exit the program. * Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
When done, check for and remove any Startup RUN values by downloading and using Autoruns. May nakalimutan sya, yung sysres.vbs sa c:\windows\ kailangan din burahin. Para ma restore ang pc mo DL ka ng Hijack This ng Trendmicro tapos para ma enable ang regedit at taskmanager mo punta ka gpedit.msc by running it from the startmenu>run Notes koito btw hehe kodigo ba | |
|
zteg43 Torero
Number of posts : 3067 Age : 49 Location : UPdiliman QC Bike : echolite 07 I ride a : mod Registration date : 2008-03-30
| Subject: Re: How to remove Long Live Sowar Sat Aug 16, 2008 3:20 pm | |
| sa NOD 32, di makakalusot ang mga ganyan. lahat ng trojan at virus, sure tanggal. | |
|