How To Clean Doraemon Virus

There is a new virus from Indonesia spreading from the Internet and is known to act as animation film characters such as Doraemon, Sinchan and Tom & Jerry. This virus will stay in your computer with a Real Media Player icon.

Here are some tips on how to clean it:

1. Better to clean it in safe mode.

2. Turn off the active virus process in memory. Use any task manager substitution tools, ie Itty Bitty process manager (download it at http://majorgeeks.com/Itty_Bitty_Process_Manager_d4690.html)

Do Kill process on some active virus files:
* C:\WINDOWS\Help\explorer.exe
* C:\WINDOWS\system32\300403.exe
* C:\WINDOWS\system32\aparaparsaparyangparipircapar.exe
* C:\WINDOWS\system32\HacKid’s.exe

3. Delete string registry that the virus made. To make it easier, you can use this script registry below.
[Version]
Signature=”$Chicago$”
Provider=Vaksincom Oyee

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, SOFTWARE\Classes\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Classes\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Classes\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Classes\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Classes\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, SOFTWARE\Classes\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet003\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden,0×00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0×00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,

UncheckedValue,0×00010001,1
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue,0×00010001,0

[del]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, noboe
HKCU, Control Panel\Desktop, SCRNSAVE.EXE
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKLM, SOFTWARE\Classes\.reg\shell
HKLM, SOFTWARE\Classes\.txt\shell
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, NoDispScrSavPage
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableSR
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableConfig

- Use notepad, then save it with the name “repair.inf”

- Run repair.inf with right click, then choose install.

- It is better to make repair.inf file in a clean computer, so the virus won’t active again.

4. Delete virus files that has these characters:
- “Real Player” icon
- .exe extension
- Size: 129kb

Note:

- It’s better if you show hidden files to help you find virus files.
- To make an easier search process, use “Search Windows” with *.exe filter and size 45kb.
- Delete all the virus files which have the same modified date.

5. For an optimal cleansing and to prevent reinfection, use an updated antivirus that can detect and destroy this virus.

Tags: , , , , , , August 6th, 2008 Posted in computer, tips & tricks
This entry was posted on Wednesday, August 6th, 2008 at 1:42 am and is filed under computer, tips & tricks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “How To Clean Doraemon Virus”

  1. Marketing Deviant Says:

    August 15th, 2008 at 3:58 pm

    Oh man, I love Doraemon! I can’t believe there’s a virus with that name.

    Marketing Deviants last blog post..Make the Host and Guest Exchange Roles



  2. anirban roy Says:

    September 3rd, 2008 at 2:27 pm

    yeah! i cant believe either.
    i wont mind getting attacked by this cute virus :-)
    anirban roys last blog post..free Kaspersky Anti-Virus 2009 subscription for 6 months for Indians



  3. Software Dictionaries Says:

    September 5th, 2008 at 5:52 am

    Thanks for this nice I was not aware of that Doraemon is a virus. Even I have used several virus remover but it become possible with the tips provided in this blog. If you are having a hard time finding the appropriate software terms, this collection of software dictionaries will bring you an extensive collection of computer terms usually written in software manuals. An interesting and enlightening guide for all those involved in software industry.



  4. Some Backup Says:

    September 11th, 2008 at 12:26 pm

    Its amazing how fast they come up with these new viruses. They do however manage to name them well!



  5. surya narayan singh Says:

    September 13th, 2008 at 3:58 pm

    I have written a step by step guide for removing winlogon virus. You may find it helpfull.
    http://snsays.com/26/removing-winlogon-virus/

    surya narayan singhs last blog post..traffic violators.com



  6. Kit Kat Says:

    September 16th, 2008 at 3:10 pm

    Thank you for the information. Will spread it around, so that everyone can prevent from being infected.



Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Powered by WordPress | Blue Weed by Blog Oh! Blog | Entries (RSS) and Comments (RSS).