Wednesday, December 31, 2008

Tuesday, December 30, 2008

Remove trojans that uses autorun.inf file

These trojans uses autorun.inf file for infects systems. Once infected with autorun.inf trojan your computer will display many popups, Internet Explorer start page can to be change. Also autorun.inf trojan configures itself to run automatically every time, when you start your computer. In addition the autorun.inf trojan creates a files with strange names, some examples:

ncyrf.bat, rcukd.cmd, 2u.com, q.com, RavMon.exe, x6.bat, rqq2v.bat, t.com, xp19.com, x0.cmd, yg.cmd, ntde1ect.com, tio8×6.cmd, d6fagcs8.cmd, gbiehbsb.dll, tio8×6.cmd, fooool.exe, 8ng8w.com, x.com, xn1i9x.com, invwft2h.com, selamat_berposa_dari_umt.js, ktnquo.exe, NewVirusRemoval.vbs, kinza.exe, rs.cmd, yssjnngm.cmd, h3.bat, 6fnlpetp.exe, boot.exe, winde32.exe, 6j2j.com, kjibu.com, fun.xls.exe, iqe68o.bat, boot.exe

The trojans may drastically slow the performance of your computer.

Step1: Remove autorun.inf files from all your drives, include any usb/flash drives.

1. Manually:

  • Reboot your PC in Safe mode.

    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.

  • Click Start -> Run.
  • In the type box enter: del /a:h /f c:\autorun.*
  • Repeat previous step to all drives, make replacing “c” with the appropriate drive letter.

2. Automatically.

  • Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
  • Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Step 2: Remove autorun.inf trojan from the windows registry.

Download and install HijackThis.
Run HijackThis and scan, put a checkmark next to the following items (if exists):

O4 - HKLM\..\Run: [SystemDrive] c:\windows\system32\SVCH0ST.EXE
O4 - HKCU\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [TaskMonitor] C:\WINDOWS\system32\TaskMonitor.exe
O4 - HKCU\..\Run: [Realshade] C:\WINDOWS\system32\realshade.exe
O4 - HKCU\..\Run: [cftmonn] C:\WINDOWS\system32\cftmonn.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\j3ewro.exe
O4 - HKCU\..\Run: [ckvo] c:\windows\system32\ckvo.exe

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Step 3: Remove autorun.inf trojans files.

Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:

Files to delete:
C:\WINDOWS\system32\avp.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\kxvo.exe
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\tavo.exe
c:\windows\system32\Bitkv0.dll
c:\windows\system32\Bitkv1.dll
c:\windows\system32\kavo0.dll
c:\windows\system32\kavo1.dll
c:\windows\system32\tavo0.dll
c:\windows\system32\tavo1.dll
C:\WINDOWS\system32\SCVVHSOT.exe
C:\WINDOWS\system32\TaskMonitor.exe
C:\WINDOWS\system32\RavMon.exe
C:\WINDOWS\system32\realshade.exe
C:\WINDOWS\system32\cftmonn.exe
C:\WINDOWS\system32\wincab.sys
c:\windows\system32\ckvo.exe
c:\windows\system32\ckvo0.dll
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\vbsdfe1.dll
c:\windows\system32\vbsdfe0.dll
c:\windows\system32\vamsoft.exe
c:\windows\system32\j3ewro.exe
c:\windows\system32\jwedsfdo0.dll
c:\resycled\boot.com
C:\kjibu.com
C:\6fnlpetp.exe
C:\rcukd.cmd
C:\rqq2v.bat
C:\t.com
C:\xp19.com
C:\x0.cmd
C:\yg.cmd
C:\ntde1ect.com
C:\tio8×6.cmd
C:\d6fagcs8.cmd
C:\gbiehbsb.dll
C:\tio8×6.cmd
C:\fooool.exe
C:\8ng8w.com
C:\x.com
C:\xn1i9x.com
c:\invwft2h.com
c:\AutoRun\AutoStart.exe
c:\ktnquo.exe
c:\NewVirusRemoval.vbs
c:\kinza.exe
c:\rs.cmd
c:\yssjnngm.cmd
c:\h3.bat
c:\6fnlpetp.exe
c:\boot.exe
C:\6j2j.com
c:\0jbnlnu8.exe
c:\1q8p0y.com
c:\2g.com
c:\39ysi89.com
c:\3jkka91.com
c:\92j11sm.com
c:\a.exe
c:\cjrp8.com
c:\dp.exe
c:\jg6w3yx.com
c:\ntnq.exe
c:\nw0t1l0d.exe
c:\q0rppr.exe
c:\tj8odymw.exe
c:\uh31.exe
c:\vnkucvv.com
c:\xpq63xl.exe
c:\xwpehlv.com
c:\fun.xls.exe
c:\iqe68o.bat

Then click on ‘Execute’.
Your computer will be reloaded.

source: http://www.myantispyware.com/2008/05/26/how-to-remove-trojans-that-uses-autoruninf-file/

My new year banner for msuans.org and triskelions.info




The MSU ILS Cavaliers Banner.


Hi Brods and Sis in Cavaliers. USe this banner..


Wednesday, December 24, 2008

The Banko Sentral Exchange Rate.

http://www.bsp.gov.ph/statistics/sdds/exchrate.htm

mas ok ito kasi sa BSP talga

Tuesday, December 23, 2008

Our new Triskelion Online Tambayan




Only Triskelion or a member of a Tau Gamma PHI / SIGMA is allowed to join this site. Its the triskelions.info or the Triskelion Online Tambayan. capital Letter I about this website.

Live and let Live and Capital Letter E.


MSUans.org - MSUans Online Hangout Network


You are very welcome to join us at msuans.org ! The hangout of all MSUans. Support the MSUans.org by inviting more people.

Bank Codes for your paypal.

click here for the paypal Bank codes