Tuesday, October 14, 2008

Internet Explorer title bar changed to selamat_berposo_dari_umt

Since I have posted my chatting transcript with Mr Lee (via Skype) titled PC kena attack oleh Trojan, Satu transkrip, only today I manage to get some time to write how to solve the problem regarding the AutoRun.inf and the "selamat_berposa_dari_umt.js" script.

Autorun.inf often cause problems to pendrive or flash drive user who always used public access computer or a computer that used by many users. Autorun.inf facilitate all kinds of trojans, malware and other infectious or reproduce from one system to a system other. Once this script is scrutinized, it is actually Haha.js scripts that have been modified slightly, and the name was changed to another name.

"selamat_berposa_dari_umt" effect

What will you see if your computer has been infected by "selamat_berposa..." is;



  1. Internet Explorer Title changed from "Windows Internet Explorer" to "selamat_berposa_dari_umt"

  2. Context menu on the disk drives you will have options such as "Scan For Viruses", "Scan with Norton AntiVirus", and "Scan with AVG


  3. "Open" and "Explore" will be taken over by this script also.


  4. If you double click on the drive, it takes quite some time from the appropriate period.

Reproduction Method

This script is spread through the implementation of autorun.inf in every drive. Once it is active, it will copy itself into;

  1. each root directory of all drives either fixed or removable drive.

  2. Windows and System32 folder

Once it is copied, it will change the attribute to the Archive, Readonly, Hidden, System. This causes it can not be seen and removed easily with.

How to Delete?

This script depends on wscript.exe to operate. When it is active, wscript.exe process can be seen in Task Manager. Do this step,

  1. Terminate wscript.exe process using Task Manager, by right-click on the wscript.exe and select "End process".

  2. delete the autorun.inf and selamat_berposa_dari_umt.js files from disk drives, including removable drives (both files are hidden, so you must show this file using "Folder Options".).

  3. To restore the title of Internet Explorer, use Regedit, go to HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main and delete directly "Window title" in the right pane.

  4. Restart your computer.

That's it. good luck.

p/s: be very careful while editing the registy ... I do not take responsibility if other problems arise on your PC.
Posted by at

No comments:

Post a Comment

Put a nice comments.. or kabooommm.!

Subscribe to: Post Comments (Atom)
Google
 
Related Posts Plugin for WordPress, Blogger...
Note: English is not my first language.