step 1.
Start your PC in safe Mode
Press CTRL + ALT + DELETE
then Go to Processes, and select WSCRIPT.EXE and End Process
Go to Start then Run then type CMD
2. type cd\ if does not work type cd.. then cd.. until it becomes c:\ only
3. type cd windows\system32
4. type attrib kernel.dll.vbs -s -h -r
5. type del kernel.dll.vbs
6. type del antz.html
7. go to any drive that is infected, eg.) C:
8. type attrib to see if there is an antz.vbs
9. if found.. type attrib antz.vbs -s -h -r then type del antz.vbs
10. Next is to delete the autorun.inf (This is the one that appear in your hard drive once you right click) to delete this type attrib autorun.inf -s -h -r, then del autorun.inf -s -h -r
Next is to delete the html page that always appear in start up.
go to registry editor
to go to registry editor in the run application type regedit then enter
locate this one.
HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/WINDOWS/CURRENT VERSION/RUN
and delete the antz key.
next is to find the one that runs the antz.html heres how to do it.
hkey_LOCAL_MACHINE/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENT VERSION/WINLOGON
locate the shell key, you will notice that there is another text after the explorer.exe and this should be deleted.
C:\windows\system32\kernel.dll.vbs
to delete just right click then modify.
delete the text after the explorer.exe. * don't delete the explorer.exe
the default value of shell is explorer.exe
after that restart your PC.
Have Fun!!!!
Comments (0)
Post a Comment