How to Remove 81u3f4nt45y Virus



How to Remove 81u3f4nt45y - 24.01.2007 - SURABAYA Virus

81u3f4nt45y - 24.01.2007 - Surabaya It's a virus that often comes up at your booting, just exactly before the Windows Welcome Screen.

It shows this message: " Surabaya in my birthday
Don’t kill me, I’m just send message from your computer………………. '’ is a W32.Drower W32/Drowor.worm.


> First you must Disable System Restore point.

I will explain how to disable system restore :

STEP  1:  

> Click Start button.
Then Right-click the My Computer and then click Properties.
> Click the System Restore tab.
Check the box "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this picture below.
> Click Apply.
When turning off System Restore, the existing restore points will be deleted. Click Yes.
> Click OK button.
When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.


STEP  2:

Disable "Adobe Online.com" and "Adobe Update.com"
How to Disable "Adobe Online.com" and "Adobe Update.com" :
Press Ctrl + Shift + Esc (Windows Task Manager)
Go to "Processes" tab and find “Adobe Online.com" and "Adobe Update.com"
If the file still available on "Processes", try "End Process Tree"


STEP 3:

After that open registry editor click Edit > Find > in the Find bar type Surabaya and click OK.
The location of any file that belong to Surabaya will be displayed for you. Delete any of them by right-clicking on the file on the dropdown menu and delete it.


STEP 4:

Repair Registry
How to Repair :
Open the Notepad
Copy and paste this code into your text editor and save with name "repair.inf" (Note : Select "All Files" not Text Documents)


Source Code

*******************************************************************************************************

[Version]
Signature="$Chicago$"

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWARE\Classes\scrfile,,,"Screen Saver"

[del]
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, LegalNoticeCaptio
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, LegalNoticeText
HKLM, SOFTWARE\Classes\scrfile, InfoTip
HKLM, SOFTWARE\Classes\scrfile, NeverShowExt
HKLM, SOFTWARE\Classes\scrfile, TileInfo
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

*******************************************************************************************************

Right Click the file and then choose "Install"


STEP 5:

Delete the Virus
How to Delete the Virus :
First open Windows Explorer or press (Ctrl + E)
Go to C:\Document and Settings\%username%\Start Menu\Programs\Startup\
Delete Adobe Online.com and Adobe Update.com
Delete folder with size +/- 40Kb, "autorun.inf", "Thumbs.com", and "Thumbs.db" within all drive


STEP 6:

Show Hidden Files
How to Show Hidden Files :
Open Command Prompt
Type:  attrib -s -h /s /d and press enter ( Note : Do it on all drives )
For Example:    C:\attrib -s -h /s /d
                        D:\attrib -s -h /s /d


>> Restart your computer before the changes that you make affect.


Note:
This virus generally reaches to your computer through any USB drive (Pen drive or Hard disc). Whenever you plug your USB drive into any other PC, infected with this virus, the virus will infect this drive and will infect the next computer, in which the drive is plugged in next time. So it’s always advisable not to open the drives directly (USB Pen drive or Hard disk does not open with double click). Instead always right click on the drive and select open option. If at all you see the first option as “autorun”, after you right click on the USB drive, this means that the drive is infected; it means that it is infected with some virus or it was infected with some virus but the autorun.inf is still in the directory of your USB device.

That's all.

Search Terms : How to, Remove SURABAYA-81u3f4nt45y-24-01-2007 Virus, Surabaya (81u3f4nt45y - 24.01.2007, booting virus, Removal 81u3f4nt45y Virus, message "81u3f4nt45y, virus 81u3f4nt45y, Virus surabaya 81u3f4nt45y, W32/VBWorm, Virus BlueFantasy 81u3f4nt45y, Fix "81u3f4nt45y-24-01-2007 surabaya virus", Worm/VB.bdy, W32/Drowor.worm,  [REMOVED]k1m0" Worm, W32.Drower, Surabaya in my birthday


CAUTION! : These tips and tricks are advanced, we can not guarantee that you will be able to solve your problem that result from using tips and tricks incorrectly and is used at your own risk.
Category: Tips & Tricks
Operating System : Windows

6 comments:

  1. Anonymous12/23/2014

    Good day! I know this is kinda off topic however I'd figured I'd ask.
    Would you be interested in exchanging links or maybe guest writing a blog post or vice-versa?

    My blog goes over a lot of the same topics as yours and I think we could
    greatly benefit from each other. If you happen to be interested feel free
    to send me an e-mail. I look forward to hearing from you!
    Fantastic blog by the way!

    Here is my blog post ... click

    ReplyDelete
  2. Anonymous12/23/2014

    I savour, cause I found just what I used to be having a look
    for. You have ended my four day lengthy hunt!
    God Bless you man. Have a nice day. Bye

    my blog; Blogger: Easyway2pcs ()

    ReplyDelete
  3. Anonymous12/24/2014

    Fastidious response in return of this difficulty with genuine arguments
    and explaining all on the topic of that.

    Take a look at my weblog :: Www.Suteraskin.Com

    ReplyDelete
  4. Anonymous12/24/2014

    If you are going for finest contents like I do, simply go to see this web site every day as it gives quality contents,
    thanks

    Take a look at my website; Blogger: Easyway2pcs ()

    ReplyDelete
  5. Anonymous12/25/2014

    It's hard to find knowledgeable people on this topic, however, you sound like you know what you're talking about!
    Thanks

    my web blog :: Blogger: Easyway2pcs

    ReplyDelete
  6. Anonymous1/15/2015

    look at this site awesome ..................keep it up.........

    ReplyDelete

Recommended Articles

 
Contact Form