How to overcome the 'shortcut' virus

PIF Virus / Starter or better known as a shortcut virus victims angered by many of the shortcuts that are created by the virus. Fuss, if ways of handling the virus is not true then it really will come back again, again and again. Therefore, consider the 7 ways to tell a virus analyst at MG Lat Vaksincom shortcut to halt flooding caused by this virus:
1. Previously turn off system restore process.
2. Turn off the Wscript file located in C: \ Windows \ System32, by using tools such as CProcess, HijackThis or can also use the Windows Task Manager.
3. After the process Wscript, we need to delete or rename the file so it can not be used temporarily by the virus.
By the way, if we want to rename a file Wscript.exe it automatically, it will be copied into the folder again. Therefore, we must find where file Wscript.exe other, typically c:/Windows/$ NtServicePackUninstall $, C: \Windows Components\Terminal ServicePackFiles i386. \ Unlike other viruses, we can change the open with THE .VBS file in Notepad and virus that matters berextensi .MDB Microsoft Access files. So THE DATABASE .MDB Wscript will run the file as if it were THE VBS file.

4. Deleting an existing master file in C: \ Documents and Settings \ \ My Documents \ database.mdb, for every time the computer will not load boot file. And do not forget we are also open MSCONFIG, disable the command is executed. 5. Now we will delete the file autorun.inf. Microsoft.INF and Thumb.db. Way, click the START button, type CMD, and moved to the drive to be cleaned, for example, drive C: \, then we have to do is:

Type C: \ del Microsoft.inf / s, this command will delete all files microsoft.inf all folders on drive C:. In the meantime, if you want to move the drive to live the example drive just changed the name: D: \ del Microsoft.inf / s. For the autorun.inf file, type C: \ autorun.inf del / s / ah / f, the command will delete the autorun.inf file (syntax / ah / f) is used because the file is taking attrib RSHA, as well as files Thumb. db also does the same thing.

6. To remove files older than 4 files, we must find a way to search files with the extension. Lnk size 1 kb. In the 'advanced options', make sure that 'Search system folders' option and 'Search hidden files and folders' are both checked. Please be careful, not all the shortcut files / file size of 1 kb LNK is a virus, we can distinguish it from the size, the icon and type. For the shortcut icons that made the virus always use the 'folder' icon, the size of 1 kb and 'shortcut' type. While the correct folder should not have 'size' and the type is 'File Folder'.

7. Fix the registry has been changed by the virus. To speed up the process of repair registry copy the script below in 'notepad' program and save with 'repair.inf' names. Run the file in the following ways:

- Right click repair.inf
- Click Install

[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
[del]
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Winupdate
HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Run, explorer