A virus is an annoying and latest local levels in Indonesia by the name luna maya virus began to spread. The virus is detected as Suspicious_Gen2.LBTU by Norman Security Suite.
The following are six steps to evict this virus:
1. Perform cleaning of viruses on the mode “safe mode”.
* To enter the mode “safe mode”, press the F8 key on the keyboard when the computer starts.
* On the Windows Advanced Options menu, you can choose the mode “safe mode” or can also mode “safe mode with networking” and “command prompt”. In order to more easily select just fashion “safe mode.”
* Keep windows running until the confirmation window pops up use of “safe mode”.
* Click the “Yes”, to use the mode “safe mode” on the confirmation window.
2. Turn off the active virus in memory.
* Use the Task Manager replacement tool in this case the use CurProcess. Download tools CurrProcess on the following link: http://www.nirsoft.net/utils/cprocess.zip
* Run CurrProcess, then locate the file viruses “Amoumain.exe”. Left-click the virus file, then select the “Kill Selected Processes.” If a virus file is missing, then close the window CurrProcess.
3. Fix windows registry is already in the modification of the virus with the following steps:
a. Copy this script to use WordPad. Click [Start] à [All Programs] à [Accessoris] à [WordPad].
[Version]
Signature = “$ Chicago $”
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, ShowSuperHidden, 0×00010001, 1
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, SuperHidden, 0×00010001, 1
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, HideFileExt, 0×00010001, 0
HKLM, SOFTWARE \ CLASSES \ batfile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKLM, SOFTWARE \ CLASSES \ comfile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKLM, SOFTWARE \ CLASSES \ exefile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKLM, SOFTWARE \ CLASSES \ piffile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKLM, SOFTWARE \ CLASSES \ regfile \ shell \ open \ command,,, “regedit.exe”% 1 “”
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, “Explorer.exe”
[Del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableTaskMgr
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ explorer, NoRun
b. Save the file with the name “repair.inf”. Use the Save as type option to Text Document in order to avoid mistakes.
c. Right-click the file “repair.inf” then select “Install”.
4. Remove virus file “Luna Maya” with the following characteristics:
* Has the file type “Application”
* It has a file size of “37 kb”
* Having a MS Word file icon
Note:
* To facilitate the search should use the Search function of Windows by using the filter files *. exe and *. inf and size 37 kb.
* Delete virus files which usually have the same modified date.
* Be sure to remove the main virus file like: Amoumain.exe, Luna Maya.exe, Love.exe, and nt.bat
* Log-off computers, then log in again.
5. For optimal cleaning and prevent re-infection, re-use antivirus software that scans an updated and properly recognize this virus.
6. For USB flash drives or removable already damaged by a virus or format, should use recovery software to recover lost data.
