Forum Smadav

Smadav Center => Konsultasi Virus => Topik dimulai oleh: ichwan555 pada April 15, 2012, 11:08:13 AM

Judul: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: ichwan555 pada April 15, 2012, 11:08:13 AM
(http://a4.sphotos.ak.fbcdn.net/hphotos-ak-snc7/389360_417213371639514_100000525635781_1551849_1003481561_n.jpg)
(http://)
(http://a4.sphotos.ak.fbcdn.net/hphotos-ak-snc7/s720x720/389360_417213371639514_100000525635781_1551849_1003481561_n.jpg)

MOHON CARA NGILANGINNYA GIMANA  ^:)^ setiap colok flashdsk pasti ke detect tuh virus
log dari SMADAV



==============================
Log File of Smadav 2012 Rev. 8.9
==============================

Scanning Results :
=> Time & Date : 10:04:10, on 04-15-2012
=> Finishing Time : 15 seconds
=> Folder Scanned :3
=> File Scanned : 20
=> File Detected : 1
=> File Cleaned : 0
=> Value Scanned : 1155
=> Value Detected: 0
=> Value Fixed: 0
=> Path Scanned: 3
=> Path Hidden: 1
=> Path Unhidden: 0

==============================
Before Scanning
==============================
Suspected Paths :
=> Fine(Level 2) as  : 2 Process, 1 Startup
   -C:\Program Files\USB Disk Security\USBGuard.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avira\AntiVir Desktop\sched.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\WINDOWS\RTHDCPL.EXE
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files\Synaptics\SynTP\SynTPStart.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\WINDOWS\BisonCam\BisonHK.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files\Internet Download Manager\IDMan.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Documents and Settings\user\ziowih.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files\HotKey_Driver\HotKeyDriver.exe
=> Fine(Level 1) as  : 1 Process
   -C:\WINDOWS\system32\wbem\wmiprvse.exe
=> Fine(Level 2) as  : 1 Process, 2 Startup
   -C:\WINDOWS\system32\sistray.exe
=> Fine(Level 1) as  : 1 Process
   -C:\WINDOWS\system32\wbem\unsecapp.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avira\AntiVir Desktop\avguard.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Bonjour\mDNSResponder.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Canon\IJPLM\ijplmsvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Java\jre6\bin\jqs.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
=> Fine(Level 1) as  : 1 Process
   -C:\Documents and Settings\All Users\Application Data\Mobile Partner\OnlineUpdate\ouc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Mobile Partner\Mobile Partner.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Mozilla Firefox\firefox.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Mozilla Firefox\plugin-container.exe
=> Fine(Level 1) as  : 2 Startup
   -C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
=> Fine(Level 1) as  : 1 Startup
   -D:\data c\Downloads\Programs\HarvestMoonBacktoNaturePrim-dm.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\WINDOWS\ALCMTR.EXE
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE
=> Fine(Level 1) as  : 2 Startup
   -c:\program files\common files\Adobe\calibration\adobe gamma loader.exe
=> Fine(Level 2) as  : 1 Startup
   -c:\WINDOWS\system32\kyzcevxp.dll
=> Fine(Level 2) as  : 1 Startup
   -c:\program files\Ask.com\updatetask.exe

Running Processes :
=> N/A
=> N/A
=> C:\WINDOWS\system32\smss.exe
=> C:\WINDOWS\system32\csrss.exe
=> C:\WINDOWS\system32\winlogon.exe
=> C:\WINDOWS\system32\services.exe
=> C:\WINDOWS\system32\lsass.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\WINDOWS\system32\spoolsv.exe
=> C:\Program Files\Avira\AntiVir Desktop\sched.exe
=> C:\WINDOWS\RTHDCPL.EXE
=> C:\Program Files\Synaptics\SynTP\SynTPStart.exe
=> C:\WINDOWS\BisonCam\BisonHK.exe
=> C:\WINDOWS\system32\rundll32.exe
=> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
=> C:\Program Files\Smadav\SMΔRTP.exe
=> C:\Program Files\USB Disk Security\USBGuard.exe
=> C:\Program Files\USB Disk Security\USBGuard.exe
=> C:\WINDOWS\system32\ctfmon.exe
=> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
=> C:\Program Files\Internet Download Manager\IDMan.exe
=> C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
=> C:\Documents and Settings\user\ziowih.exe
=> C:\Program Files\HotKey_Driver\HotKeyDriver.exe
=> C:\WINDOWS\system32\wbem\wmiprvse.exe
=> C:\WINDOWS\system32\sistray.exe
=> C:\WINDOWS\system32\wbem\unsecapp.exe
=> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
=> C:\Program Files\Avira\AntiVir Desktop\avguard.exe
=> C:\Program Files\Bonjour\mDNSResponder.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
=> C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
=> C:\Program Files\Canon\IJPLM\ijplmsvc.exe
=> C:\Program Files\Java\jre6\bin\jqs.exe
=> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
=> C:\Documents and Settings\All Users\Application Data\Mobile Partner\OnlineUpdate\ouc.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
=> C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
=> C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
=> C:\WINDOWS\system32\alg.exe
=> C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
=> C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
=> C:\WINDOWS\system32\ping.exe
=> C:\Program Files\Mobile Partner\Mobile Partner.exe
=> C:\Program Files\Mozilla Firefox\firefox.exe
=> C:\WINDOWS\explorer.exe
=> C:\WINDOWS\system32\taskmgr.exe
=> C:\Program Files\Mozilla Firefox\plugin-container.exe
=> C:\Program Files\Smadav\SMΔRTP.exe

==============================
After Scanning
==============================
Suspected Paths :
=> Fine(Level 2) as  : 2 Process, 1 Startup
   -C:\Program Files\USB Disk Security\USBGuard.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avira\AntiVir Desktop\sched.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\WINDOWS\RTHDCPL.EXE
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files\Synaptics\SynTP\SynTPStart.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\WINDOWS\BisonCam\BisonHK.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files\Internet Download Manager\IDMan.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Documents and Settings\user\ziowih.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files\HotKey_Driver\HotKeyDriver.exe
=> Fine(Level 1) as  : 1 Process
   -C:\WINDOWS\system32\wbem\wmiprvse.exe
=> Fine(Level 2) as  : 1 Process, 2 Startup
   -C:\WINDOWS\system32\sistray.exe
=> Fine(Level 1) as  : 1 Process
   -C:\WINDOWS\system32\wbem\unsecapp.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avira\AntiVir Desktop\avguard.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Bonjour\mDNSResponder.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Canon\IJPLM\ijplmsvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Java\jre6\bin\jqs.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
=> Fine(Level 1) as  : 1 Process
   -C:\Documents and Settings\All Users\Application Data\Mobile Partner\OnlineUpdate\ouc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Mobile Partner\Mobile Partner.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Mozilla Firefox\firefox.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Mozilla Firefox\plugin-container.exe
=> Fine(Level 1) as  : 2 Startup
   -C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
=> Fine(Level 1) as  : 1 Startup
   -D:\data c\Downloads\Programs\HarvestMoonBacktoNaturePrim-dm.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\WINDOWS\ALCMTR.EXE
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE
=> Fine(Level 1) as  : 2 Startup
   -c:\program files\common files\Adobe\calibration\adobe gamma loader.exe
=> Fine(Level 2) as  : 1 Startup
   -c:\WINDOWS\system32\kyzcevxp.dll
=> Fine(Level 2) as  : 1 Startup
   -c:\program files\Ask.com\updatetask.exe

Running Processes :
=> N/A
=> N/A
=> C:\WINDOWS\system32\smss.exe
=> C:\WINDOWS\system32\csrss.exe
=> C:\WINDOWS\system32\winlogon.exe
=> C:\WINDOWS\system32\services.exe
=> C:\WINDOWS\system32\lsass.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\WINDOWS\system32\spoolsv.exe
=> C:\Program Files\Avira\AntiVir Desktop\sched.exe
=> C:\WINDOWS\RTHDCPL.EXE
=> C:\Program Files\Synaptics\SynTP\SynTPStart.exe
=> C:\WINDOWS\BisonCam\BisonHK.exe
=> C:\WINDOWS\system32\rundll32.exe
=> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
=> C:\Program Files\Smadav\SMΔRTP.exe
=> C:\Program Files\USB Disk Security\USBGuard.exe
=> C:\Program Files\USB Disk Security\USBGuard.exe
=> C:\WINDOWS\system32\ctfmon.exe
=> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
=> C:\Program Files\Internet Download Manager\IDMan.exe
=> C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
=> C:\Documents and Settings\user\ziowih.exe
=> C:\Program Files\HotKey_Driver\HotKeyDriver.exe
=> C:\WINDOWS\system32\wbem\wmiprvse.exe
=> C:\WINDOWS\system32\sistray.exe
=> C:\WINDOWS\system32\wbem\unsecapp.exe
=> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
=> C:\Program Files\Avira\AntiVir Desktop\avguard.exe
=> C:\Program Files\Bonjour\mDNSResponder.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
=> C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
=> C:\Program Files\Canon\IJPLM\ijplmsvc.exe
=> C:\Program Files\Java\jre6\bin\jqs.exe
=> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
=> C:\Documents and Settings\All Users\Application Data\Mobile Partner\OnlineUpdate\ouc.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
=> C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
=> C:\WINDOWS\system32\svchost.exe
=> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
=> C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
=> C:\WINDOWS\system32\alg.exe
=> C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
=> C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
=> C:\WINDOWS\system32\ping.exe
=> C:\Program Files\Mobile Partner\Mobile Partner.exe
=> C:\Program Files\Mozilla Firefox\firefox.exe
=> C:\WINDOWS\explorer.exe
=> C:\WINDOWS\system32\taskmgr.exe
=> C:\Program Files\Mozilla Firefox\plugin-container.exe
=> C:\Program Files\Smadav\SMΔRTP.exe

Detected Virus :
=> New Heur.FFD(FakeDir)
   -Infected File
   -J:\.demovideo.exe

Hidden Files/Folders
=> J:\.demovideo
   -Folder, Hidden, System
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: ichwan555 pada April 15, 2012, 11:11:45 AM
Tambahan
(http://a4.sphotos.ak.fbcdn.net/hphotos-ak-ash4/392373_417210751639776_100000525635781_1551837_238558106_n.jpg)
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: ichwan555 pada April 15, 2012, 11:14:49 AM
MAaf Kalo misal dopost , ane bener lagi kebingungan.  :'( :'( :'(

Agan TOLONG ANE !!! help help , FLASH DISK ane kena virus New Heur.FFD (FakeDir). Setiap colokin FLASHDISK ke detect trus sma SMADAV trus udah ane delete tetep aja muncul pas ane colokin ke kompi....
Trus setiap folder/file yang ane paste ke flash disk. File/folder ane pasti ngilang dan digantiin sma ini virus dengan nama file yang ane copyditambah .exe (Misal ane paste folder smadav. pasti ntar file aslinya ngilang dan folder berubah menjadi smadav.exe)  Shocked Shocked Shocked
Gimana cara menghilangkannya, Mohon pencerahan Huh?  Huh? Huh?       help help help
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: Uko_Corleone pada April 15, 2012, 04:19:04 PM
emang virusnya dapet dari mana?
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: MAbdanMulia pada April 15, 2012, 10:04:00 PM
boleh minta tolong uploadkan sample" virusnya kah ?   :-\
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: M. Ridzky pada April 16, 2012, 02:26:47 AM

Coba ikutin cara berikut

Buka SMADAV, kemudian klik TAB Tools > One Virus By User, di situ akan terlihat file virus yg mencurigakan, seperti ikon folder, ikon video (namanya acak), klo udh ketemu kemudian klik kanan pilih Add As Virus. Lihat contohnya seperti gambar dibawah ini. (Ini cuma contoh dari kasus virus yg berbeda)

(http://www.viruslokal.com/wp-content/uploads/2012/04/AutoitCamera-OneVirusByUser.jpg)

Kemudian menuju ke TAB Scanner  pilih Full Scan.  Jika sudah tinggal klik tombol SCAN >>

(http://www.viruslokal.com/wp-content/uploads/2012/04/AutoitCamera-Scan-Smadav.jpg)

Tunggu sampe proses selesai, klo virusnya ada biasanya langsung terdeteksi..

Klo ada virus yg belum terdeteksi oleh Smadav, gunakan Fitur One Virus By User  :-bd

jgn lupa kunjungin Portal Informasi Virus dan pembersihanya menggunakan smadav berikut : http://www.viruslokal.com (http://www.viruslokal.com)
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: ichwan555 pada April 17, 2012, 05:01:49 AM
@GreyHat-EliteHacker : Mungkin dapet dari warnet, tapi anehnya flashdisk yang pertama kedetect, Trus gak taunya microsd yang ada di modem juga kena padahal gak sya pake diwarnet dan belum bersentuhan dengan flashdisk yang terkena virus..  :'( :'(
@abdanmulia : Upload kemana gan, ane masih belum kelar ngurusin nie virus.... sedih ==> mohon bantuan

@ M. Ridzky : sya coba dulu ya gan.... makasih infonya..  :-bd :-bd   
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: Muhibbudin pada Juni 23, 2013, 11:03:09 AM
Bang tolong ane,, :'( :'( :'(
ane dapet virus yang lumayan mengganggu namanya NEW HEUR .FFD (LINK),,,
setiap ane masukin removable disk selalu diubah ama tuh virus datanya jadi ngelink/ shortcut ke flashdisk asli, ya jadinya kalo MMC jadi ga keDETECT ama HP... :-\
Mau cari caranya d.Google tapi ga ada cuma ada NEW HEUR .FDD (Hidden-root) sama temen"nya (kecuali new heur .ffd (link))....
Minta jawabanya gan.. 8)
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: Demetrios Manella pada Juni 23, 2013, 01:04:55 PM
Wih,, kayaknya seru tuh... Minta donk.... :D
Judul: How to remove VIRUS NEW HEUR.ffd (FAKEDIR) -Answer
Ditulis oleh: matkomputer76 pada Oktober 17, 2013, 07:24:09 PM
 Remove New Heur Virus
1. Open new notepad

2. Type

@echo off
echo press any key
echo. & pause
del /f /s /q \*.pif
del /f /s /q \autorun.ini
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %systemdrive%\Thumbs.dbrem —————————In this part just need one excecute
del /f /s /q %windir%\system.ini
del /f /s /q %windir%\ODBCINST.INI
del /f /s /q %windir%\msdfmap.ini
del /f /s /q %windir%\desktop.ini
del /f /s /q %windir%\control.ini
del /f /s /q %windir%\clock.avi
del /f /s /q %windir%\bootstat.dat
rem ——————————-limit delete command
del /f /s /q %windir%\_default
del /f /s /q %windir%\*.bmp
del /f /s /q %windir%\*.txt
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
rd /s /q %windir%\temp & md %windir%\temp

del /f /q %userprofile%\cookies\*.*
del /f /q %userprofile%\recent\*.*
del /f /s /q “%userprofile%\Local Settings\Temporary Internet Files\*.*”
del /f /s /q “%userprofile%\Local Settings\Temp\*.*”
del /f /s /q “%userprofile%\recent\*.*”
echo your computer now clean from virus
echo. & pause


3 Save as fix.bat

4. Open data in drive that you want to fix (if Drive c and you open it in drive c)

5. And finish
Posted by matkomputer76 at 08:22 PM
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: matkomputer76 pada Oktober 17, 2013, 07:32:48 PM
 Remove New Heur Virus
1. Open new notepad

2. Type

@echo off
echo press any key
echo. & pause
del /f /s /q \*.pif
del /f /s /q \autorun.ini
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %systemdrive%\Thumbs.dbrem —————————In this part just need one excecute
del /f /s /q %windir%\system.ini
del /f /s /q %windir%\ODBCINST.INI
del /f /s /q %windir%\msdfmap.ini
del /f /s /q %windir%\desktop.ini
del /f /s /q %windir%\control.ini
del /f /s /q %windir%\clock.avi
del /f /s /q %windir%\bootstat.dat
rem ——————————-limit delete command
del /f /s /q %windir%\_default
del /f /s /q %windir%\*.bmp
del /f /s /q %windir%\*.txt
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
rd /s /q %windir%\temp & md %windir%\temp

del /f /q %userprofile%\cookies\*.*
del /f /q %userprofile%\recent\*.*
del /f /s /q “%userprofile%\Local Settings\Temporary Internet Files\*.*”
del /f /s /q “%userprofile%\Local Settings\Temp\*.*”
del /f /s /q “%userprofile%\recent\*.*”
echo your computer now clean from virus
echo. & pause


3 Save as fix.bat

4. Open data in drive that you want to fix (if Drive c and you open it in drive c)

5. And finish
Posted by matkomputer76 at 08:32 PM
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: raiko pada November 06, 2013, 03:14:42 PM
please new heur
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: Arin Eddoel pada Desember 21, 2013, 10:54:04 PM
@ ichwan555 : Sepertinya bukan flash disknya yg terinfeksi tapi system PCnya yg sdh kena.... Coba scan menyeluruh dulu gan...
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: kakaimey pada Desember 25, 2013, 05:31:42 AM
kayanya komputernya sudah keserang virusnya tuh,...
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: masaris pada Januari 16, 2014, 08:39:38 AM
Komputernya sudah di scan total. tp tetep aja nongol virus sialan itu... beberapa kali gw oprek komputer ane untuk ngilangin virus tsb, hanya berhasil 1 kali, cz lupa caranya hehe
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: alfi fauzi pada Januari 24, 2014, 09:08:11 AM
min ane juga kayak gituh min tapi nama type nya rundll32.exe tapi bukan system tapi aplication
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: aryadillah pada Juli 25, 2015, 03:28:09 PM
iya nih.. baru temen ada yang nyolok flashdisk terus pc ane kayanya ke infeksi.
gimana ya cara?
udah full scan tapi ga kedeteksi, terus pas setiap ada flashdisk yang nyolok otomatis ke infeksi.
Judul: Re: TOLONG ANE VIRUS NEW HEUR.ffd (FAKEDIR)
Ditulis oleh: Ryan BeKaBe pada Juli 28, 2015, 06:00:21 PM
@ ^ up:
Sebaiknya lampirkan file yang diduga virus tersebut ke forum ini.
Agar lebih spesifik, sehingga mudah diperiksa teman-teman di sini. :-)