JambanMu.com & Flash.10.exe
4 posters
Page 1 of 1
ooo..virus ni!
Ehm...ader terbaca pasal virus ni...ni adalah malware yang bernama Jambanmu version 2 yg terdapat dlm fail Flash.10.exe dan Macromedia.10.exe. dia dengan jahatnya menukar registry sistem Windows ..so segala komponen tidak dapat dicam oleh sistem komputer.
Ehm bleh guna cara ni gak selain as suggested oleh shahril tu...download ComboFix di http://download.bleepingcomputer.com/sUBs/ComboFix.exe .kemudian diikuti run SDFix yg boleh didapati di http://download.andmanchesta.com/removalTools/SDFix.exe. dan seterusnya run Virus Removal tool yg bleh didapati di http:/free.grisoft.com/doc/29223/us/frt/0/ndi/67799....insyaallah bleh kot...
Ehm bleh guna cara ni gak selain as suggested oleh shahril tu...download ComboFix di http://download.bleepingcomputer.com/sUBs/ComboFix.exe .kemudian diikuti run SDFix yg boleh didapati di http://download.andmanchesta.com/removalTools/SDFix.exe. dan seterusnya run Virus Removal tool yg bleh didapati di http:/free.grisoft.com/doc/29223/us/frt/0/ndi/67799....insyaallah bleh kot...
Jamban oh Jamban
Kalau virus jamban nih, aku ade heal dia. one or two click heal / solve everything. Kalau perlu sgt heal dia sile hubungi saya melalui hphone. InsyaAllah bule je kasi. Dulu pernah kena sekali virus nih.. bukak je laptop atau PC terus je dia pop up. Malu la jugak, nanti org kata masuk web porn ke... keh keh keh..
2 cents- Posts : 142
Join date : 2008-10-21
Age : 47
Location : Kedah
weee
I was expecting to see a jamban or something...ahaah turn out, virus jamban...crazy jambans! aight , dis look interesting...might be useful later....i'll keep it! Tanks!!
JambanMu.com & Flash.10.exe
Salam semua. Ini adalah kaedah untuk menyahhancurkan virus yang byk menyusahkan diri kita selaku pengguna tegar pengguna Microsoft.
Aku dapat dari GITN....Virus ini telah menyusahkan sekolah aku sehingga merosakkan semua fail database bilik peperiksaan. Jahat ooo virus ni.
Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following[/list] :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). < I will ask for it later.
*/*
Please change the location of HijackThis.exe.
Create a new folder in your C: Drive
Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
This way you can undo any changes if something goes wrong and will prevent the tool placing shortcuts on your Desktop.
Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
* Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
* Click on Tools, General Settings.
* Under Real-time protection options, unselect the Turn on real-time protection check box
* Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.
Close all programs leaving only HijackThis running. Place a check against each of the following if found, making sure you get them all and not any others by mistake:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\system32\JambanMu.com"
F3 - REG:win.ini: load=Flash.10.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A114D52B-870C-4F15-8021-B6D7F91A054B} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Windows MSN] C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn
Click on Fix Checked when finished and exit HijackThis.
Delete these files in bold if found.
Flash.10.exe <- locate and delete.
C:\WINDOWS\system32\JambanMu.com
C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn
Restart the computer normally to reset the registry.
Enable Windows Defender.
i get this somewhere on the net and amazingly it fixes my jambanmu.com and flash10.exe trojan..so credits to...umm i forgot..but will find back A.S.A.P
credit to SWI forum
download SDfix at http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
download HiJackthis at (type aje kat Google. Mesti jumpa punya!, dan ianya percuma)
Sekian, diharap dapat membantu serba sedikit.
Aku dapat dari GITN....Virus ini telah menyusahkan sekolah aku sehingga merosakkan semua fail database bilik peperiksaan. Jahat ooo virus ni.
Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following[/list] :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). < I will ask for it later.
*/*
Please change the location of HijackThis.exe.
Create a new folder in your C: Drive
Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
This way you can undo any changes if something goes wrong and will prevent the tool placing shortcuts on your Desktop.
Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
* Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
* Click on Tools, General Settings.
* Under Real-time protection options, unselect the Turn on real-time protection check box
* Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.
Close all programs leaving only HijackThis running. Place a check against each of the following if found, making sure you get them all and not any others by mistake:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\system32\JambanMu.com"
F3 - REG:win.ini: load=Flash.10.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A114D52B-870C-4F15-8021-B6D7F91A054B} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Windows MSN] C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn
Click on Fix Checked when finished and exit HijackThis.
Delete these files in bold if found.
Flash.10.exe <- locate and delete.
C:\WINDOWS\system32\JambanMu.com
C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn
Restart the computer normally to reset the registry.
Enable Windows Defender.
i get this somewhere on the net and amazingly it fixes my jambanmu.com and flash10.exe trojan..so credits to...umm i forgot..but will find back A.S.A.P
credit to SWI forum
download SDfix at http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
download HiJackthis at (type aje kat Google. Mesti jumpa punya!, dan ianya percuma)
Sekian, diharap dapat membantu serba sedikit.
syahrirtalib- Posts : 78
Join date : 2008-10-29
Age : 45
Location : Bandar Sunway
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum