STEPS TO GETTING RID OF VIRUS “LUNA MAYA”
Posted on July 8, 2010
Filed Under BIZ' KING | Leave a Comment
A virus that is quite irritating namely “Luna Maya” has spread in Indonesia. The virus displays a message that seems to poke fun at fans of porn videos in Indonesia, with displays Pop Up saying “dasar!! otak bokep..” The virus also caused considerable impacts annoying. For instance, CD drive/ DVD ROM drive will be kept open even though it was closed manually by the user.
The nickname “Luna Maya” was given to this virus because one file has a name spreading “LunaMaya.exe”. The virus is detected as Suspicious_Gen2.LBTU by Norman Security Suite. Well, here are six steps to evict this virus as submitted by Adi Saputra, antivirus analyst from Vaksincom:
1. Perform cleaning of virus on the “safe mode”.
* To enter the “safe mode”, press F8 on the keyboard when the computer starts.
* On the Windows Advanced Options menu, you can choose the “safe mode” or can also choose “safe mode with networking” and “command prompt”. In order to more easily select only “safe mode”.
* Keep windows running until the confirmation from window’s pop up usage of “safe mode”.
* Click “Yes” to use the “safe mode” on the confirmation of window.
2. Turn off the active virus in memory.
* Use replacement tool of Task Manager. In this case, use CurrProcess. Download tools of CurrProcess on the following link: http://www.nirsoft.net/utils/cprocess.zip
* Run CurrProcess, then locate the virus file “Amoumain.exe”. Left-click the virus file, then select “Kill Selected Processes”. If a virus file is missing, then close the window CurrProcess.
3. Fix windows’ registry that is already in the modification of the virus with the following steps:
a. Copy this script to use WordPad. Click [Start] à [All Programs] à [Accessoris] à [WordPad].
[Version]
Signature = “$Chicago$”
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0×00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0×00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0×00010001,0
HKLM, SOFTWARE\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\system, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\explorer, NoRun
b. Save the file with the name “repair.inf”. Use “Save” option as type to Text Document in order to avoid mistake.
c. Right-click the file “repair.inf” then select “Install”.
4. Remove virus file “Luna Maya” with the following characteristics:
* has the file type “Application”
* has a file size of “37 kb”
* has a MS Word file icon
Note:
* To facilitate the search, it should use the Search function of Windows by using the filter of files *. exe and *. inf and size 37 kb.
* Delete virus files which usually have the same modified date.
* Be sure to remove the main virus file like: Amoumain.exe, Luna Maya.exe, Love.exe, and nt.bat
* Log-off computers then log in again.
5. For optimal cleaning and prevent re-infection, re-use antivirus software that scan an updated and properly recognize this virus.
6. For USB flash or removable drive that has already been damaged or formatted by a virus, it should use recovery software to recover lost data.
(source: detik.com)
Comments
Leave a Reply