Well this is one of the most destructive Worm that destruct Windows operational system, in this post I would not tell how to make one of that things but how to clean this Worm without any Anti-virus application....
Ok here we go
- First make sure that your computer is infected by this worm, just open the Windows official site... if it can not open you should worry about it
- Second open Anti virus website... if it also were not open, surely you are infected by this worm
well that condition will force you to use your own imagination how to clean the computer from this worm... here's the trick
1. Worm Conficker and all the variant of it will create an Recycle directory in every removable disc which contain file jwgkvsq.vmx, this file will counter Microsoft Windows thumbnail to execute it
2. Conficker will create a worm parent in the directory of
%SYSTEMROOTS%\System32\ with the name "kfmww.exe"
3. Conficker also make a root on registry editor key HKLM\SYSTEM\CurrentControlSet\Services\xtxghne, that will constantly create other worm when system is operated
Then how to clean this worm
- Remove the supper hidden attribute in your operational system by using folder option and un check the "hidden files and folders" and also "hide protected system files (Recommended)"as you can see like the picture below
so the folder option will be look like this one
and then click ok
or you can used command prompt to un check the supper hidden option by write down this key
attrib C:\*.* -h -r -s -a /s /d
for knowing the meaning of this key you can add "/?" after the key
after that we well able to see the Autoexecute.bat file, which normally hidden by the system
- Write this key down using notepad.exe and add it within autoexec.bat
erase %SYSTEMROOTS%\System32\kfmww.exe
reg del HKLM\SYSTEM\CurrentControlSet\Services\xtxghne
like the one you ca see below
- un check the System restore like this one below
Ok
here's the explanation
- We are known that the application like Worm cannot be kill using task manager.exe
- Worm usually using system restore to restore all deleted parent of their own as their own protection
- Worm only stop when the system is shut down
- the autoexec.bat files are used by windows to delete all unused temporary files that stored too long
" so when we disable the system restore, attributing the files within the system drive, and delete the key along with the Worm executable files we are stopping the worm from annoying our job
that's the tip that I used to clean the Confiker Worm in my own computer hope it will done as same as I do
0 comments:
Posting Komentar