<VintageLounge>

[fiqicoolz]

ea... UCHighest udah di depan mata gw... nemu chiit cuma ga taw cara ngecilin filenya...T_T Gede banget pas di upload T__T

Edited
______________________________

AAAAAAAA Rekamannya ilanggg.... huhuhuhu T_T
Hunting lagi dah .....

[fiqicoolz]

huah lama banged perasaan Maintenence nyaaa..... bosen gw nih...
___________________________________

Bused ni maintenence lama banget....tumben banget >..<
nunggu"DoTa akhh...~
______________________________________
ea ternyata patching....Bah mana pake Ujan lagi...huhuhuhuhU T_T

[fiqicoolz]

Dicari perempiwi2 cantik nan sexY,..,.,.,

tuk bergabung with Vintage member

esc, blader & wizard,.,.,sexy booo


CHEMENGAAAAAAAAAAAAAAAAAAT,......................


archernya mana neeeh,.,.,.,bzz

hah bukannya klo cwek blader/Wizard pake daster?wkowkowkwo

[banksatz]

hoaaaaaaaaam

[eris]

tes ah

[fiqicoolz]

sepi euy....

[aniv_gallagher]

up up upp upup up....wkkwkkw

[Bluebell]

ASikkkk..
My Best Combo.. N My Recor Combo..

[Bluebell]

Cape deh.. katany udah 3x post..
Boong Mlu nie.. koq ga ada??..

[fiqicoolz]

wow 41 combo...

[banksatz]

NIH AUTO SCRIPT NYA

Preventing and Removing Autorun.inf Virus
Posted by Felix in Tuesday, July 1st 2008
Topics: Featured, Some TipsTags: autorun.inf virus
(7 votes, average: 4.14 out of 5)

Introduction

AUTORUN.INF Viruses are virus that uses the Autorun feature of Windows to spread itself on computers. This virus makes a copy of the autorun.inf file to the root or main directory of all the drives on your PC, internal and / or external disks, to make the virus runs every time the external disks like pendrives or USB drives were inserted or every time you double-click the drives through the Windows Explorer.

A lot of this infections were found on Bolivia,Viet Nam, Ecuador, Pakistan, Philippines, India, Indonesia, Malaysia, Colombia and Mexico (this list of countries were based on the Google Trends results for the AUTORUN.INF VIRUS keyword search: http://www.google.com/trends?q=autorun.inf+virus). Based on the same source, late of 2007 was the peak of this kind of computer virus infections but it also shows that in year 2008 the autorun.inf virus are still prevalent and keep on spreading. That’s why I decided to write an article about this autorun.inf virus.

Known virus variants of this kind are the YahLover (which uses scvhost.exe and killer.exe), Bacalid (which uses ctfmon.exe), IMGKULOT and FAIZAL.JS virus.
Prevention of Autorun.INF Virus

I still believe that prevention is better than cure so I have prepared here several points on how to prevent this kind of infection.

1. First method is you can disable the AUTORUN feature of Windows by applying a registry modification on the Windows’ Registry Editor. To do this:

Download: DISABLE-AUTORUN.REG and save this file on your computer.
After downloading the file, open the folder where you download it and double-click the file. You will be confirmed by Registry Editor if you want to proceed, just click Yes button to continue. (If a different message was seen such as “Registry Editing has been disabled by your administrator.”, possibly your PC is infected already by a virus that prevents registry access. To correct this read the section on Removing Autorun.INF virus.)
Restart your computer to apply these changes.

2. Another method is to create an AUTORUN.INF folder on the root directories (main directory usually represented by backslash symbol \ ) . You can do this via Windows Explorer or Command Prompt but I will recommend the method via Command Prompt.
To run command prompt, click Start then Run or press the key combination: Winkey + R
Type CMD then press enter. This will open the black and white environment.
On the prompt, type MD C:\AUTORUN.INF then press enter key.
Repeat this procedure to other hard drives and USB drives. Just replace the C letter from the command with the appropriate drive letter of each storage device.
If this fails, maybe your computer is infected already by the virus so read the next section for the solution of this problem.
Removing AUTORUN.INF virus manually

Manual removal procedure of the autorun.inf virus will vary depending on the attachment of the virus on the system. Actually this kind of infection is very easy to remove. Simple DOS commands can easily remove this kind of infection.

The following are just generic instructions and some of the steps might not be applicable to some virus infections that uses autorun.inf.

1. First, boot your system in Safe Mode Command Prompt Only. This can be done by restarting your computer and pressing F8 before the Windows Logo displays. It is important that you start the computer in this mode because all start-up programs are not started on this mode.

2. When you see the black and white environment, type the following commands (commands in BOLD). This commands will be used for analysis of the infection only:
CD \ - This change the current folder to the main directory of drive C
DIR /AH - Displays all files that are hidden. Usually virus hides their files by changing its attributes to Hidden and System attributes. If you find a file: AUTORUN.INF, it confirms the infection of the virus.
TYPE AUTORUN.INF - This shows the content of the file autorun.inf. From the picture below you will see that the name of the virus is SAMPLE-VIRUS.EXE, which the name will usually comes with the line Open or Explore or Shell line of the autorun.inf. This shows that the virus carrier is the file SAMPLE-VIRUS.EXE


Command Prompt window after dir/ah and type autorun.inf

3. To remove the infection based on the analysis above type the following command:
ATTRIB -H -R -S C:\AUTORUN.INF - unhides the hidden file autorun.inf
DEL C:\AUTORUN.INF
Repeat this step to other drives by replacing C:\ with other letters

4. To make sure that the carrier will not run during start-up, you need to make sure that it is disabled. Do this using the MSCONFIG tool of windows.
On the same Safemode Command Prompt Mode, type MSCONFIG
This will run the System Configuration Utility.
As shown below, uncheck the suspected file. This will disable it from start-up and will not run again. To see other places where programs were place to run on start-up, see my previous posts: How to Determine the Windows Startup Programs?

System Configuration Utility window

Note: This manual removal is only recommended when your installed anti-virus is not working due to the said autorun.inf virus infection. My advice is that when the virus is already removed manually, try reinstalling or installing an antivirus and update your virus definition file and scan your system to ensure a virus-free PC.

If these steps specified here does not work for you, use TrendMicro Hijackthis (this is free and downloadable). Use it to analyze the system and produce a file called HIJACKTHIS.LOG. Send hijackthis.log produced to my email address so that I could analyze it and suggest an appropriate solution for it.

[banksatz]

NI yg KEDUA


How to remove trojans that uses autorun.inf file

These trojans uses autorun.inf file for infects systems. If your computer was infected, you can to get many popups, Internet Explorer start page can to be change, new files with strange names on the your disks. (for example: selamat_berposa_dari_umt.js)

Step1: removing autorun.inf files from all your drives, include any usb/flash drives.

1. Manually:Reboot your PC in Safe mode.

1. Restart your computer2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3. Instead of Windows loading as normal, a menu should appear4. Select the first option, to run Windows in Safe Mode.

Click Start -> RunIn the type box enter: del /a:h /f c:\autorun.*Repeat this step to all drives, make replacing “c” with the appropriate drive letter.

2. Automatically.Download Combofix.Run, follow the prompts.If combofix have removed autorun.inf, you have found message in the output log.For example:

((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). C:\Autorun.inf

Step 2: removing trojans autorun points in the windows registry.Download and install HijackThis.Run HijackThis and scan, put a checkmark next to the following items (if exists):

O4 - HKCU\..\Run: [avp] C:\WINDOWS\system32\avp.exeO4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exeO4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exeO4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exeO4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exeO4 - HKCU\..\Run: [TaskMonitor] C:\WINDOWS\system32\TaskMonitor.exeO4 - HKCU\..\Run: [Realshade] C:\WINDOWS\system32\realshade.exeO4 - HKCU\..\Run: [cftmonn] C:\WINDOWS\system32\cftmonn.exe

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Step 3: deleting trojans files.Download Avenger and unzip to your desktop.Run Avenger, copy,then paste the following text in Input script Box:

Files to delete:C:\WINDOWS\system32\avp.exeC:\WINDOWS\syste m32\amvo.exeC:\WINDOWS\system32\kxvo.exeC:\WINDOWS \system32\kavo.exeC:\WINDOWS\system32\tavo.exeC:\W INDOWS\system32\SCVVHSOT.exeC:\WINDOWS\system32\Ta skMonitor.exeC:\WINDOWS\system32\realshade.exeC:\W INDOWS\system32\cftmonn.exeC:\WINDOWS\system32\win cab.sys

Then click on ‘Execute’.

Your computer will be reloaded.

Step 4: disinfecting and protecting any flash drives connected to the system.Please download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.

Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning and then exit the program. Reboot your computer when done.

Note1: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder. It will help protect your drives from future infection.

Note2: if you are still having problems with your PC, I would recommend that you follow the instructions - how to use Spyware Removal Forum.

Note3: Read more: How to disable the autorun feature to prevent malware from spreading.

[banksatz]

fila bat.exe nya menyusul

Ads by Google
Catch Downloader Trojanand other worms or Trojans at mailserver level! Free downloadwww.gfi.com/mailsecurity
Try Google ChromeClear all your browsing historyand protect your privacy.www.google.com/chrome




Lately we discover a new Trojan/virus that uses autorun.inf to infect other drive. Most of the time it infect any removable media (external HDD or Flash Drive) that is connected to the infected unit. You will not notice it since the script runs at startup.

Note: This procedure is applicable to all Trojan/virus that uses a .inf file, but will use “hbq.exe” for this example:

Here is how you can get rid of them:

- Open Task Manager and in Processes tab end explorer.exe and wscript.exe process

- Open up File –> New Task (Run) in the Task manager

- Type cmd and hit Enter

Typedel /a:h /f c:\autorun.*

if you have multiple drive/partition, repeat this step to all drive/partition, make replacing “C:” with the appropriate drive letter.

- Go to your Windows\System32 directory by typing cd c:\windows\system32

Type dir /a:h /f hbq*.*

- If you see any files named hbq0.dll or hbq0.exe or hbo.exe, use the

Del /a:h /f avp*.exeDel /a:h /f avp*.dll

to delete.

- Open up File –> New Task (Run) in the Task manager, Type regedit

- Navigate to:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run

If there are any entries for kxvo.exe, delete them. Also delete all suspicious items

- Do a complete search of your registry for ntdelect.com or hbq.exe or kxvo.exe and delete any entries you find.

- To Restore Folder Options (“Show hidden files & folders”) Settings, Navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ Explorer\Advanced\Folder\Hidden\SHOWALL

- Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1. The “Show hidden files & folders” check box should now work normally.

NOTE: I Also included a “Script Killer” in my download section for those very hard kill autoruns & vbs script. You need WinRar to extract these files

[banksatz]

its me in Seal Of Darkness

[banksatz]