AntiVirus, Virus "Jengkol"| Ayo basmi Virus "Jengkol"

Satu lagi Virus yang bikin heboh, meresahkan dan mengusik para pengguna komputer, Virus itu adalah Virus "Jengkol" untung bukan Virus Brokoli yach...klo virus brokoli bisa kriting nanti kita hehehhe :)). Salah satu ciri komputer terinfeksi virus JeNGKol adalah komputer akan log off jika user menjalankan file .INF dan saat user mengedit file VBS. Virus ini akan menyembunyikan file berekstensi .DOC, dengan cara membuat file duplikat sesuai dengan nama file yang disembunyikan untuk mengelabui user. Bingung cara Membasminya? mari ikuti langkah membasmi Virus Jengkol.... Virus ini mencapai puncak ketenarannya sekitar Bulan November 2009

1. Cabut Kabel Jaringan dari Komputer anda.
2. off kan "System Restore" selama proses pembersihan (untuk Windows XP).
3. Matikan proses virus. Untuk mematikan proses virus ini dapat menggunakan tools pengganti task manager seperti "Process explorer". Silahkan downlod tools tersebut di: http://download.sysinternals.com/Files/ProcessExplorer.zip.

4.. Silahkan salin script di bawah ini pada program notepad kemudian simpan dengan nama repair.vbs, kemudian Jalankan file tersebut (klik 2x)untuk menghapus registri yang dibuat oleh virus

Dim oWSH: Set oWSH = CreateObject("WScript.Shell")
on error resume Next
oWSH.Regwrite "HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command\","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command\","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command\","""%1"" %*"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell","cmd.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell","cmd.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell","cmd.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","Explorer.exe"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command\","C:\Windows\System32\notepad.exe %1"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\DefaultIcon\","C:\Windows\System32\WScript.exe,2"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command\","C:\windows\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1"
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLegacyLogonScripts")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideLogoffScripts")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\HideStartupScripts")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunStartupScriptSync")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run\JeNGKoL")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\NeverShowExt")
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\","VBScript Script File"
oWSH.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\FriendlyTypeName","VBScript Script File"
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistriTools")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\RunLogonScriptSync")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NOFind")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NORun")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\debugger")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\DisallowRun\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\")

5. Hapus file duplikat yang dibuat oleh virus dengan ciri-ciri:

Menggunakan icon JPEG atau VBS
Ukuran 14 KB
Type file JPEG Image atau VbScript Script File

Gunakan Search Windows untuk mencari File Diatas

6. Untuk pembersihan optimal dan mencegah infeksi ulang, lindungi komputer Anda dengan anti virus yang sudah dapat mendeteksi dan membasmi virus ini.
Selamat Mencoba
Klo masih belum bisa ya... diinstal ulang aja dech.....hehehehhe