Adopted from Ahmad Syahruddin's blog
Trick to remove trojan.win32.vb.kcd
The name was trojan.win32.vb.kcd. It has been made using VB 6.0. Some effects resulted of this virus are move all of your original .doc and .xls file to the C:\Windows\system32\MB and replace them with the file as your original file name but have the .exe extension.Step by step to remove it is as follow:
- Remove file C:\Windows\system32\MB\WORD.scr
- Hit the (Win Button+R) and type regedit.exe to go to the registry editor
- Point to the "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" see the right side on the value named WORD.scr
- Terminate process named rstrui.exe through task manager. You can right click on the taskbar and select Task Manager
- Remove file C:\Windows\system32\MB\rstrui.exe
- Find the file which have extension .exe and 140 KB on capacity. That file have the Word icon. Remember to find the file that have hidden attribute by check the "find the hidden file" radio button on search criteria
- If the file found, you should to delete them.
Thnks to Ahmad Syahruddin
hm.. cara ini efektif g?
ReplyDeletedan ada efek samping g?
mohon jawabannya disampaikan di blog saya.
I just use my patched kaspersky 7.0
ReplyDeleteeverything is stable...