• Aria\’s Blog

  • 7 Simple Step to Remove Virus “Conficker” W32/Conficker.DV

19th September 2010

7 Simple Step to Remove Virus “Conficker” W32/Conficker.DV

Hello world! Are your network attacking by Conficker? hahaha.. don’t get mad this virus can be removed using 7 simple step only. Anyway this virus  make some people mad because it’s attacking network (they might have more trouble when try to clean it) and of course your protection P , If we look more deeply this virus using mostly lame virus technique included all in one packet *lol*…. but in advanced the virus maker understand and really know hows really weak windows protection so he make you all mad P

How to detect if your computer infected by conficker? There many sign like…. Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com,  www.symantec.com,  www.norman.com,  www.clamav.com,  www.grisoft.com,  www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.

This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s (again) using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will starts download some images files and created temporary files then building himself (again) LAME! *lol*

Once virus build completed it will starts to disabled some windows services, Virus will blocking any string he found on each active application, here is the list:


wow, they all killed by one shoot hahaha *lol* lame technique (again) virus will try download and executed some images files from some website, I want to giving site list in here but I think you will get bored when read it so let’s skip this! Virus will make firewall rule that can make your computer attacked from outside and totally control your computer (scary…. some people know this as botnet).

Virus Spreading:

  1. Brute force default share administrator account (There is dictionary).
  2. Lame autorun.inf and hidden file on recycler folder (mostly on each drive with hidden attributes)
  3. SVCHOST.exe exploited (that’s why there is microsoft update).

Alright enough, before you guy’s really get mad here is the 7 simple steps to remove conficker:

1. Unplug every computers from network.

2. Deactivated system restore service (XP/Vista)

3. Kill active virus in background service, you can use Norman Malware Cleaner. (Since this virus using UPX compression, the easiest way to detect it is by using Ansav Utility and killed any UPX packet in background)

4. Delete fake SVSHOST.exe in registry.


5. Delete “Schedule Task” that virus created (%systemrot%\WINDOWS\Tasks)

6. Repair your registry using code below or download repair.inf



HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0×00000001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden, 0×00000001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00000001,1
HKLM, SYSTEM\CurrentControlSet\Services\BITS, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\ERSvc, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\wscsvc, Start, 0×00000002,2
HKLM, SYSTEM\CurrentControlSet\Services\wuauserv, Start, 0×00000002,2

HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, dl
HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, ds
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, dl
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, ds
HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, TcpNumConnections

*NOTE: For files active on startup you can disabled it from msconfig or using hijackthis or deleted it manually in registry “HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

7. Scan with your best and updated antivirus to stop virus coming back in the future, and update your computer with this patch http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

posted in Virus Removal | 0 Comments

17th June 2010

Mengaktifkan Kembali Task Manager [akibat virus]

Selain mengunci registry editor dan mendisable folder options, virus juga mengunci sebuah tool windows yang lain, yaitu Task Manager. Hal ini disebabkan oleh karena fungsi task manager yaitu untuk mengelola program dan process yang berjalan di komputer. Jika task manager masih bisa digunakan, kemungkinan besar user akan bisa membunuh proses dari virus tersebut. Agar kita bisa membunuh process virus yang berjalan di komputer maka kita harus mengaktifkan task manager yang di-disable oleh virus. Caranya pun tidak susah, mirip dengan cara membuka folder options yang di kunci virus.
Untuk membuka task manager yang dikunci oleh virus, ikuti langkah-langkah berikut:

  1. Klik Start »» Run. Ketik “regedit” (tanpa tanda kutip) pada jendela Run dan tekan Enter untuk membuka Registry editor. Jika Registry Editor tidak bisa dibuka, baca cara membuka registry editor yang dikunci oleh virus terlebih dahulu.
  2. Pada  Jendela  Registry  Editor  cari  path                                                                                                         “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System”

  3. Pada sisi sebelah kanan jendela, carilah value yang bernama “DisableTaskMgr” (tanpa tanda kutip). Hapus key tersebut.

  4. Anda juga bisa merubah valuenya dengan melakukan double klik. Pada jendela edit value, rubah value dari 1 menjadi 0.

  5. Tutup jendela Registry Editor dan restart komputer anda.
    Semuanya telah selesai. Sekarang coba mengakses task manager dengan menekan tombol kombinasi keyboard Ctrl + Alt + Delete. Jika task manager tidak terbuka juga, coba ulangi langkah-langkah tadi. Pastikan Anda sudah menghapus value “DisbaleTaskMgr” atau merubah nilainya menjadi 0.

posted in Information Technology, Virus Removal | 0 Comments

4th November 2009

Mengatasi Print Spooler Service not Running

Mungkin beberapa diantara kita pernah mengalami trouble saat akan mencetak dengan sebuah Printer. Salah satu yang mungkin terjadi adalah printer spooler service tidak jalan. Salah satu penyebab dari masalah tersebut adalah sebuah virus yang bekerja dengan cara menghapus beberapa file penting yang diperlukan untuk menjalankan printer spooler. Driver printer tidak mengalami gangguan hanya saja aplilkasi print spooler ternyata dihentikan oleh virus tersebut. Hal itu membuat fungsi add printer tidak jalan. Saat membuka word processing juga tidak bisa dipreview dan juga tidak bisa diprint. Tidak ada reaksi apapun saat dipencet perintah print. Permasalahan ini tidak bisa diatasi dengan menginstal ulang driver printer karena memang tidak terjadi error apapun di driver printer.

Untuk mengatasi permasalahan tersebut, coba lakukan langkah berikut:
1. klik start>run> ketik services.msc
2. Cari Print Spooler klik kanan dan pilih properties
3. pada startup type pilih automatic, kemudian klik start

Seharusnya setelah langkah ketiga, fungsi add printer dan fungsi printer pada berbagai aplikasi sudah jalan.
Akan tetapi tidak dengan komputer yang telah terkena dampak “perbuatan” virus karena ternyata si komputer tidak menemukan dimana harus mengeksekusi file exe yang dimaksud.

Virus tersebut pada background process menghapus 5 file penting yang dibutuhkan untuk menjalankan layanan printer. :

- winspool.drv
- winspool.exe
- spoolss.dll
- folder spool
- spoolsrv.exe

Untuk itu perlu kita copykan kelima file tersebut ke folder windows kecuali file kelima ke folder windows/system32. Setelah kelima file tersebut tercopy maka restart komputer. Dengan mengulangi langkah membuka services.msc dan mengaktifkan print spooler masalah teratasi. Akhirnya fungsi add printer dan fungsi printer pada word processing, internet browser dan aplikasi lainnya jalan dengan mulus.

Pesan error Print Spooler Service not Running memang menjengkelkan. Tapi setelah ketemu ternyata sangat mudah mengatasinya.he..he..he…

posted in Information Technology, Virus Removal | 0 Comments

4th November 2009

Cara Membersihkan Virus Sality

Virus Sality / Alman bekerja dengan menginfeksi file execution atau berekstensi .exe, efek dari virus ini pada sebagian program membuat program tidak bisa jalan sama sekali, namun pada sebagian program virus ini tidak terasa pengaruhnya, program berjalan seperti biasa, meskipun file exenya sudah terinfeksi. dan windows system tidak bisa masuk ke safe mode. Read the rest of this entry »

posted in Virus Removal | 0 Comments

4th November 2009

How to Remove Conficker virus

The conficker computer worm, also known as downup, downandup and Kido first surfaced in 2008 but as of January 17,IBN Live reports that 6.5 million computers have already been infected by this virus. The Register also reports that 3 in 10 windows PC are vulnerable to conficker attacks.This article is about removing the conficker/ downadup virus Read the rest of this entry »

posted in Virus Removal | 0 Comments

29th July 2009

NOD32 login password

updated August, 19th, 2009

Username: EAV-19733679
Password: 488hh4xf2u

Username: EAV-19739513
Password: vhdbuh23xf

Username: EAV-19537770
Password: rdujsa8xp2

Username: EAV-19732826
Password: ua5snseux7

Username: EAV-20306584
Password: r6×76sau8x

Username: EAV-18458300
Password: 886uhctbm8

NOD32 IDs Update Time:August 10th,2009 09:02:21 [U.S. time]
ThreatSense Update:v.4312 (20090806)


UserName: TRIAL-19623486
PassWord: v6n8pv5dfm

UserName: TRIAL-19553168
PassWord: pa6txk6dk6

UserName: TRIAL-19553167
PassWord: 4fd2vc6jck

UserName: TRIAL-19553190
PassWord: jha5hucaeu

UserName: TRIAL-19553195
PassWord: abmrpn328r

updated : July, 29th, 2009

UserName: TRIAL-19250141
PassWord: 5vm5rnpe3r
Version: ESS, EAV, 2.*

UserName: TRIAL-19215497
PassWord: 7hx5hrcp73
Version: ESS, EAV, 2.*

UserName: EAV-19123958
PassWord: ta7f5df8t6
Version: ESS, EAV, 2.*

UserName: EAV-18775921
PassWord: bpfevenrrc
Nod32 v4 bussines edition valid until Oct,26th,2009

UserName: EAV-19325665
PassWord: bpncs2jjtr
Version: EAV, 2.*

posted in Virus Removal | 0 Comments

25th July 2009

TrojanHunter 5.1 Build 973

TrojanHunter is an advanced trojan scanner and toolbox, that searches for and removes trojans from your system. It uses several proven methods to find a wide variety of trojans such as file scanning, port scanning, memory scanning and registry scanning. The difference to many other trojan scanners is that TrojanHunter also allows you to add custom trojan definitions and detection rules using the easy to understand dialogs. It includes several additional tools, including a NetStat viewer, Memory String Extractor, Process Viewer, Auto-Start Explorer and various plug-ins for advanced users. TrojanHunter comes with a Live Update features that keeps the Trojan signatures current.

TrojanHunter is a powerful application designed to detect and remove trojans. With its unique scan engine capable of searching every hiding spot on your computer for trojans, you can be assured of having the most advanced trojan protection available. Featuring an intuitive user interface and a scanner capable of thoroughly examining your files, system registry, open ports and running processes it gives you all-round protection against trojans. With an easy-to-use Scanner and a Guard that scans in the background TrojanHunter is a must-have complement to your virus scanner.

TrojanHunter is a highly engineered program capable of searching your system thoroughly for any sign of a trojan horse. Unlike other trojan scanners, TrojanHunter will not only scan files, but will penetrate into every conceivable place where it is possible to detect a trojan:
• File scanning scans files for trojans, including Zip files, Rar files and binded executables.
• The extremely powerful memory scanning technology of TrojanHunter scans your computer’s main memory for running trojans. Using this technique, TrojanHunter is able to find any packed variation of a trojan.
• Registry scanning searches through the Windows registry for any autostart or configuration entry belonging to a trojan.
• The port scan alerts you if any port that is open on the system matches one known to be used by a trojan.
• Inifile scanning checks .ini-files for configuration or autostart entries created by trojans.
• Script scanning for finding trojans in BAT files, VBS scripts, active HTML content and more… In addition to the above main detection methods, the plug-in framework of TrojanHunter provides additional ways of detecting trojans; the extension checker plug-in, for example, will alert you to any executable files with double extensions, a method commonly used to sneak trojans onto a system.

• High-speed file scan engine capable of detecting modified trojans
• Memory scanning for detecting any modified variant of a particular build of a trojan
• Registry scanning for detecting traces of trojans in the registry
• Inifile scanning for detecting traces of trojans in configuration files
• Port scanning for detecting open trojan ports
• The Advanced Trojan Analyzer, an exclusive feature of TrojanHunter, is able to find whole classes of trojans using advanced scanning techniques
• TrojanHunter Guard for resident memory scanning - detect any trojans if they manage to start up
• LiveUpdate utility for effortless ruleset updating via the Internet
• Add custom trojan definitions and detection rules
• Process list giving details about every running process on the system, including the path to the actual executable file
• Accurate removal of all detected trojans - even if they are running or if the trojan has injected itself into another process
• Built-in netstat viewer
• Extensive help files
• Free technical support via e-mail

Windows Software | TrojanHunter 5.1 Build 973 | 20.2 MB

posted in Virus Removal | 0 Comments

23rd July 2009

ArcaVir 2009 System Protection (Eng/Pol)

ArcaVir System Protection 2009 Complex system protection in small, medium and large companies. The package constantly protects system against threats, burglary and theft of confidential data. It allows to safely use of e-banking. The new system tools are: backup, system audit, patch finder. Thanks to the new system tools an computer Network Administrator can remotely prepare backup, system audit and patch finder. The package provides protection of sending data through communicators, Wi-Fi networks and bluetooth.

The main modules of the package: antivirus, firewall, anti-spam, http scanner, Parental Control, registry monitor, anti-banner, ArcaVir Administrator* and others. you can free download ArcaVir System Protection 2009 now.

ArcaVir 2009 System Protection (Eng/Pol) | 44.04 Mb

posted in Virus Removal | 0 Comments

22nd July 2009

ESET Cumulative Offline Updates 4259

Executing this archive unpacks ESET NOD32 Antivirus and ESET Smart Security 3.0.x and 4.0.x update definitions (for the application modules as well as for the virus signatures) to folder C:\eset_upd. (Already existing files will be overwritten.) Then C:\eset_upd is set as default update server and an Internet shortcut for daily new update definitions is placed on your desktop. You may then start updating your ESET product manually our wait until scheduled task starts.

ESET Cumulative Offline Updates 4259
Major updates for ESET NOD32 & ESET Smart Security 3.0.x / 4.0.x (32 & 64-bit)
Definitions date: July 19, 2009 | Size: 20.3 MiB

Homepage: ESET

Virus Signature Changelog: ESET (Changelog)

Download: Rapidshare

posted in Virus Removal | 0 Comments

22nd July 2009

Loaris Trojan remover

Loaris Trojan Remover | 9,20 Mb | Winapp

Are you bombarded with popup ads, seeing new toolbars in your browser, is your home page changing to unwanted destinations or are you bombarded with irritating spam? Perhaps strange software loads on startup or your favorites have new entries that YOU DONT WANT.

If So.. Your PC is most likely infected with adware, spyware, spybot, trojans or another internet parasite.
These programs have the ability to track your browsing habits and even steal such personal information as bank account numbers and passwords. Spyware has the power to install more parasites on your computer without your consent. Everything you do and everything you type is being recorded right now! Companies know what your interests are! Hackers will access your PC and do anything they wish. They can even steal your Identity and You would never be the wiser!
The Solution: Download the latest version of Loaris Trojan Remover right now. You will be able to completely clean your computer of all these invasive threats! Your computer will be clean and will run alot faster - Your Privacy will be Protected!
Trojan Remover aids in the removal of Malware - Trojan Horses, Worms, Adware, Spyware - when standard anti-virus software either fails to detect them or fails to effectively eliminate them. Standard antivirus programs are good at detecting this Malware, but not always good at effectively removing it.

download from rapidshare

posted in Virus Removal | 0 Comments