How To Clean Facebook Virus?

A computer virus is utilizing the popularity of Facebook to attack the victim. Consider the ways to clean Virus aka W32/Obfuscated.D2 Facebook! Genr and Antispyware Security Tools - antispyware fake - that accompany the article Vaksincom following:

1.Disable system restore during the cleaning process
2.Disconect computer from the network / internet
Do cleaning 3.Sebaiknya mode "safe mode"
4.Install software "Unlocker" (download at FileHippo)
5.Matikan process dimemory active virus, use the tools "Security Task Manager", please download these tools in Neuber.com

Turn off the virus with "security task manager"

6.Fix registry, to accelerate the process of repair registry please copy this script in notepad and save it with the name [repair.inf]. Execute the following manner:

right a.Klik [repair.inf]
b.Klik [install]

[Version]
Signature = "$ Chicago $"
Provider = Vaksincom

[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del

[UnhookRegKey]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKCU, Software \ Microsoft \ Internet Explorer \ Main, tart Page, 0, 'about: blank "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, userinit, 0, "userinit.exe"

[del]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, reader_s
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, 47543326
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, PromoReg
HKCU, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, reader_s
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, EnableProfileQuota
HKEY_LOCAL_MACHINE \ SOFTWARE \ AGProtect
HKEY_LOCAL_MACHINE \ SOFTWARE \ 47543326
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Network, UID
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion, Rlist
HKU,. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ (43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6)
HKU,. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ (8FFA689D-2C2B-2B2E-D865-74C04CA4EF06)

7. Remove files created by the virus by first showing tersebunyi files. Then delete the following files::

C: \ Documents and Settings \ All Users \ Application Data \ 47543326
C: \ Documents and Settings \ Elvina \ Start Menu \ Programs \ Security Tools.lnk
C: \ Documents and Settings \ Elvina \ Desktop \ Security Tools.lnk
C: \ Documents and Settings \ Elvina \ Application Data \ wiaservg.log
C: \ Documents and Settings \ Elvina \ Local Settings \ Temp \ *. tmp
C: \ WINDOWS \ Temp \ wpv311256600826.exe
C: \ WINDOWS \ Temp \ wpv411256806849.exe
C: \ Documents and Settings \% user% \ reader_s.exe
C: \ Documents and Settings \% user% \ Start Menu \ Programs \ Startup \ isqsys32.exe
C: \ WINDOWS \ system32 \ reader_s.exe
C: \ Windows \ system32 \ wbem \ proquota.exe
C: \ windows \ system32 \ sdra64.exe
C: \ Windows \ system32 \ lowsec
local.ds
user.ds
user.ds.lll

Note:
To remove the folder [C: \ Windows \ system32 \ lowsec] and [C: \ windows \ system32 \ sdra64.exe], use the tools "Unlocker" to separate the process system process windows (explorer.exe and svchost.exe), because the file will inject file [explorer.exe and svchost.exe] how:

* Right click on the file [C: \ windows \ system32 \ sdra64.exe] or the [C: \ Windows \ system32 \ lowsec]
* Then click menu "Unlocker"
* On Unlocker screen, select the option [delete]
* Then click the [OK]
* If the error message, in disregard it (click ok)


8.Hapus temporary files and temporary interet files, use the tools ATF-Cleaner.

9.Untuk optimal cleaning and prevent re-infection, anti-virus scan with up-to-date. You can also use tools to clean with Norman Malware Cleaner or Malwarebytes Anti-Malware.