Tuesday, May 25, 2010

overcome the virus W32


 













W32/GNURBULF.B is the most troublesome virus in 2006. How it works is to make Windows XP operating system is locked from the inside. Just imagine if we had a house, but we could not enter the house because it was locked from inside. So also the workings of this virus that makes Windows XP can not login or have been rejected when logged in (login so immediately logged off automatically). It's very inconvenient because we're not given the opportunity to clean the virus from the operating system.
Maybe people who would not prefer to reinstall dizziness windows, but those who have the necessary data to choose how to get into the operating system through a variety of ways. Reinstall the operating system is tantamount to dismantling the house as a whole, therefore I chose to try to get into the system as suggested by the article entitled W32/Gnurbulf.B vaksin.com Solutions can not log on Windows.
You can read the complete article to deal with this virus. The following is a summary of my experience in facing this virus and its variants.
The symptoms caused by the bird flu virus and modifications:

    
Windows can not log on or always logged off automatically despite entering the correct password.

    
Desktop is locked, can only display a blue screen and the like. (Like W32/Gnurbulf.A)

    
The printer function is interrupted, or often fails in the printing process without any apparent reason.

    
It comes a lot of files. Scr in various directories.

    
Appeared many foreign files. Exe in the directory c: / windows / (as W32/Gnurbulf.A)

    
Some of Microsoft Word files can not be copied or just disappear after copied to the UFD (USB Flash Disk).
Ways of handling on Windows XPadalah briefly as follows:
1. Read the first article in W32/Gnurbulf.B Solutions can not be logged on Windows, then prepare and copy the following files in a floppy disk or cd: ntfs4dos, fix.reg, fix.bat.
2. Make sure your BIOS settings to boot from CD ROM priorities or Floppy Disk.
3. Enter the Boot CD as a CD from Chip magazine or the like, or use the DOS Windows 98 on Floppy Disk / USB disk. When you do not have a boot CD can also download various ISO Dos to boot here.
4. View files in the directory C: / by typing DIR C: / windows directory If appears that you are using FAT32 on the Windows partition. Continue to step 6.
5. If you do not find the windows directory, call ntfs4dos.exe applications. Then if there is a question of personal use, type YES. Once logged in using the DOS NTFS immediately check all the partitions. Pastisi windows directory that contains an operating system partition. May be read at D: / or F: / not C: / (!!!)
6. Copy files FIX.REG to the directory C: \ and FIX.BAT kedirektori C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup. Orders such as this, such as F: \ is the directory containing the files fix.reg et al. :

    
c: \> copies f.: \ fix.reg
    
c: \> cd docume ~ 1 \ alluse ~ 1 \ startm ~ 1 \ programs, \ startup
    
c: \ cd docume ~ 1 \ .. \ .. \ .. \> copy f: \ fix.bat
7. Change name Spoolsv.exe become another name, for example SPOOLSV.OLD with the command:

    
c: \ windows \ system32> ren spoolsv.exe spoolsv.old
Maybe it is better not to replace but to move to another directory, or create and delete this file backupnya. Sometimes files hidden or read-only status so it can not be abolished. Therefore, use the command attrib prior to spoolsv.old spoolsv.exe rename or delete them. Example: attrib-R-S-H SPOOLSV.EXE
8. Rename the userinit.exe to Spoolsv.exe

    
c: \ windows \ system32> ren userinit.exe spoolsv.exe
Common mistake often made is still there SPOOLSV.EXE file name has not been changed or abolished so that USERINIT.EXE not yet turned into SPOOLSV.EXE.
9. Restart the computer, and try to go through the login. If it works then go to step 9. If not check back and fix.reg fix.bat file placement or step 6 and step 7.
10. If successful entry windows, delete the file immediately and fix.bat fix.reg in the previous position and then right click and select install repair.inf file.
11. Restart the computer again. If it is running normally, you can restore through dos SPOOLSV.EXE SPOOLSV.OLD into the printer so that the function can be run again.
12. Update anti-virus and do the scanning process. Can also manually delete the files. Scr is not needed, especially in the data directory.
Note: I tried using a Linux Live CD version that can run to replace the relevant files in the windows but did not succeed because the file protection system and are not allowed to access to the root. Whereas with KDE or Gnome as windows, I think the task of replacing the files and delete files easily become easy in linux. It turns out otherwise, quite hard too.
Actually the virus makers and developers can add to the complexity of the virus by blocking fix.bat, fix.reg and replacement spoolsv.exe. Easy way to place the first few files to the respective position, and then attribute changed to hidden and system. Layperson would be difficult mengkopikan-files above, but for those who know the working principle I think the virus will not be a problem to overcome this virus ....

Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

0 comments: on "overcome the virus W32"

Post a Comment