Skip to content

herss.exe

22052_n.jpg

got many infected computers in my office.

automatically create autorun.inf in drives, C:, D:, even on your removable drives like USB, pendrive, MMC, SDCard, etc. also creat many hidden exe files on that drives.

on your system, modified hidden folder/files so you cant unhide hidden folder(s)/file(s) by set it on registry into zero.

create item on your startup list to call herss file in your temp folder.

also create many dlls files in your temp.

how to fix,  login on safe mode,

delete this :
HCU\software\microsoft\windows\currentversion\run “cdoosoft”=%temp%\herss.exe

change value to 1
HKLM\software\microsfot\windows\currentversion\explorer\advanced\folder\hidden\showall “checkedvalue”=dword:00000000

unhide all hiden file(s) and folder(s), also system file(s) and folder(s).

delete any of these file(s) :
- %temp%\herss.exe
- %temp%\cvasds0.dll   could be 1, 2, 3, etc…
- C:\*.bat except AUTOEXEC.BAT or your own batch file (its also in other drives include removable drives)
- C:\autorun.inf (its also in other drives include removable drives)

attention;

DO NOT open any (infected) removable drive by double click on its own folder, but use folder tree on the left side of your explorer to open and clean it up by delete it manually. this is the most caused of your computer infected. ;p

got any problem to fix, just leave comment or im me. :)

Post a comment Trackback URI RSS 2.0 feed for these comments This entry (permalink) was posted on Monday, December 28, 2009, at 3:25 pmby afumado and categorized in Software / Application, Tutorial / Workshop.

One Comment

  1. vraynoe2 wrote:

    Wah ini mah brontok v.2

    afumado reply :
    virus yang ini nggak sepinter brontox ;d

    Posted on 28-Dec-09 at 3:32 pm | Permalink

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*