7 Tips Discontinue Virus Floods Shortcut 

Virus PIF / Starter or better known as the virusshortcut make victims of sorts with many shortcut created by the virus. Its fuss, if virus handle trick this imprecise, then it will come back

Lets we go to stopping the virus with 7 steps.

1. Turn off system restore on your computer
2. Turn off the process of Wscript file located in C: \ Windows \ System32, with how to use tools such as CProcess, HijackThis or can also use the Task Manager of Windows.
3. After switch off process from Wscript. We must delete or renaming of the file, so that's not to be used by the virus.

 

For notes, If we will rename of  the Wscript.Exe with automatic. Therefore copied again at the folder, therefore, we must scan where is another Wscript.exe exist, eventually at  C:\Windows\$NtservicepackUninstall$, C:\windows\ServicePackFiles\i386.

 

As not as another VBS’s , we can subtitute Open with from VBS file become Notepad, this virus having extention MDB its mean is access’s Microsoft file. So Wscript will carry on DATABASE.mdb file pretend its VBS’s File.

 

4. Delete parented file at C:\my document and setting\my documents\database.mdb, that everytime Computer on not loading this file. And don’t forgeted also to open Msconfig, and Disable command to run it.
5. Now we will to delete Autorun.INF, Microsoft INF file and thumb.db its trick is “ Click start button,open run then type CMD, move to drive wich will cleared, e.g Drive c:\ therefore we must doing is:

 

Type C:\del Microsoft.inf/s, this instruction will deleted all file Microsoft.inf at folder in drive c:. while if want’s move to drive stay to substituted by name of the drive exp: D:\del Microsoft.inf/s.

 

For autorun.inf file “ type c:\del autorun.inf/s/ah/f. instruction will be to deleted autorun.inf file, ( syntax /ah/f ) utilized because that file uses attribute RSHA, also to file thumb.db do it same as.

6. To deleted file besides 4 former files, we must scan by search file with ext .lnk its measure 1 kb. On “more advanced option” ensure option “ search system folder” and “ search hidden files and folders” both have to centang.

Be Carefully, not of all shortcut lnk file with size 1 kb is virus. We can differentiate it from icon , size and type file. For shortcut created by virus its icon always utilizes folder icon , fairish 1 kb and get type shortcut, whereas that right folder is no have size and its type is foder file.

7. Fix registry already being changed by virus. To fasting registry’s repair process, please copied script bellow above on Notepad and then save as with name Repair.inf start the file by:

 

-     Right click repair.inf

-          Install's click

 

this is script to copied

Signature="$Chicago$"

Provider=Vaksincom Oyee

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""

HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"

HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"

[del]

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Winupdate

HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Run, explorer