Remove Gadis Desa Wayrip.A W32 virus
Remove Gadis Desa W32/Wayrip.A . This virus is categorized as low class because actually this virus is not really hard to be removed and not really annoyed. Be Careful when you receive this messages/pop up:
1 nikmatnya_gadis_desa
2 saat pertama berkenalan dengannya aku merasa senang
3 dia hanya seorang gadis desa
4 dengan cahaya pada bola matanya
5 yang mampu membawaku terbang
6 dengan keluguannya
7 yang selalu membuatku membimbingnya
8 dia adalam matahariku
9 yang mencairkan kebekuan hatiku
10 dari :rieysha
To know if your computer is infected by this virus, you will see many multimedia files with size around 148KB This virus will generate lot of this files type so it will take enough your disk-space.
Norman antivirus can detect this virus as W32/Wayrip.A
Virus Master
After success to active this virus will creating his master file and also copied it into another drive like d: e: etc.
3gp.exe
dari_rieysha_anak_jogja.exe
dokumenPenting.exe
film.exe
gambar.exe
musik.exe
puisi.txt
Virus will change registry value in HKLM to make it active each time computer reboot:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nikmatnya_gadis_desa = C:\nikmatnya_gadis_desa.exe
To protect himself, this Virus will try to block some windows function like:
- Folder Option
- Run
- Find
- Menu Shutdown
- Drive C:\
- Registry Editor
- Task Manager
- CMD
Virus will change your browser start page redirected to http://h1.ripway.com/anharku (Account already deleted by ripway company) This is the virus creator`s homepage. He tries to get lot of visitos to his webpage.
Virus will change system time AM / PM value into riesyha
Virus will change windows information
Virus will hide the drive C:
The best part of this virus will try to kill all security/antivirus programs with caption:
Virus
Trend
procexp.exe
Remove
Panda
mmc.exe
Kill
Kaspersky
cmd.exe
Rontok
Aladdin
Windows
Rontox
Sysinter
Setup
Machine
brontokwasher.exe
ansav
Norton
hijackthis.exe
anti
Symantec
killbox.exe
kill
Norman
Movzx
scan
Bitdef
Ertanto
remov
Avast
Washer
security
Mcaf
Killbox
config
Grisoft
Registry
patrol
Cillin
Utility
hijack
Process
Master
pcmav
This is the best part of this virus because it might make some people confused this virus also still active on windows mode “safe mode with command prompt” and the last lame autorun.inf file for spreading himself using flash disk media.
How to manually remove this virus!
1. Turn off “system restore” service when in cleaning process.
2. Kill virus process using 3rd party tools killVB, Download it on here
3. Delete registry changed by Virus using FixRegistry download from here
4. Delete all master virus with specification:
Size 148KB
Icon Multimedia
File extension .exe
File type Application
Before you do this set folder option to show hidden files.
5. Delete also this file list on root drive (c:\, d:\, etc)
pesene_seng_gawe.htm (size 22 KB)
xx pesene_seng_gawe.htm (size 1 KB), xx = Random
Autorun.inf
C:\Puisi.txt
C:\Windows\Taskman.com
6. At Last, scan your system usinga good antivirus program to make sure your system is clean.
Remove Gadis Desa W32/Wayrip.A . This virus is categorized as low class because actually this virus is not really hard to be removed and not really annoyed. Be Careful when you receive this messages/pop up:
1 nikmatnya_gadis_desa
2 saat pertama berkenalan dengannya aku merasa senang
3 dia hanya seorang gadis desa
4 dengan cahaya pada bola matanya
5 yang mampu membawaku terbang
6 dengan keluguannya
7 yang selalu membuatku membimbingnya
8 dia adalam matahariku
9 yang mencairkan kebekuan hatiku
10 dari :rieysha
To know if your computer is infected by this virus, you will see many multimedia files with size around 148KB This virus will generate lot of this files type so it will take enough your disk-space.
Norman antivirus can detect this virus as W32/Wayrip.A
Virus Master
After success to active this virus will creating his master file and also copied it into another drive like d: e: etc.
3gp.exe
dari_rieysha_anak_jogja.exe
dokumenPenting.exe
film.exe
gambar.exe
musik.exe
puisi.txt
Virus will change registry value in HKLM to make it active each time computer reboot:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nikmatnya_gadis_desa = C:\nikmatnya_gadis_desa.exe
To protect himself, this Virus will try to block some windows function like:
- Folder Option
- Run
- Find
- Menu Shutdown
- Drive C:\
- Registry Editor
- Task Manager
- CMD
Virus will change your browser start page redirected to http://h1.ripway.com/anharku (Account already deleted by ripway company) This is the virus creator`s homepage. He tries to get lot of visitos to his webpage.
Virus will change system time AM / PM value into riesyha
Virus will change windows information
Virus will hide the drive C:
The best part of this virus will try to kill all security/antivirus programs with caption:
Virus
Trend
procexp.exe
Remove
Panda
mmc.exe
Kill
Kaspersky
cmd.exe
Rontok
Aladdin
Windows
Rontox
Sysinter
Setup
Machine
brontokwasher.exe
ansav
Norton
hijackthis.exe
anti
Symantec
killbox.exe
kill
Norman
Movzx
scan
Bitdef
Ertanto
remov
Avast
Washer
security
Mcaf
Killbox
config
Grisoft
Registry
patrol
Cillin
Utility
hijack
Process
Master
pcmav
This is the best part of this virus because it might make some people confused this virus also still active on windows mode “safe mode with command prompt” and the last lame autorun.inf file for spreading himself using flash disk media.
How to manually remove this virus!
1. Turn off “system restore” service when in cleaning process.
2. Kill virus process using 3rd party tools killVB, Download it on here
3. Delete registry changed by Virus using FixRegistry download from here
4. Delete all master virus with specification:
Size 148KB
Icon Multimedia
File extension .exe
File type Application
Before you do this set folder option to show hidden files.
5. Delete also this file list on root drive (c:\, d:\, etc)
pesene_seng_gawe.htm (size 22 KB)
xx pesene_seng_gawe.htm (size 1 KB), xx = Random
Autorun.inf
C:\Puisi.txt
C:\Windows\Taskman.com
6. At Last, scan your system usinga good antivirus program to make sure your system is clean.
No comments:
Post a Comment