How to Remove Virus Stuxnet the explosive Harddrive

Virus Stuxnet the explosive Harddrive

For those of you Internet users, should be quite cautious when visiting the website address that indicates pornographic content or users who download software crack, because it could have turned out the file is actually a trojan script "Stuxnet".

If you've already run the file, then "Stuxnet" has managed to infect a computer, and will make some files as follows:

ü C: WINDOWSsystem32winsta.exe
ü C: WINDOWSsystem32driversmrxcls.sys
ü C: WINDOWSsystem32driversmrxnet.sys

File "winsta.exe" made to swell for the rest of the existing hard disk space, causing the hard drive becomes full (usually the C drive or system of the OS). While the file mrxcls.sys and mrxnet.sys an active file is used to infect other computers and devices that are connected (like a USB flash / removable drive).

Winsta.exe was actually a native Windows file useful. WinStation Monitor, which is one of the tools from Microsoft that is used on Windows 2000 to monitor Terminal Services client session. Location of these files should also be located in C: Program FilesResourceswinsta.exe.

Further details on the following article: http://support.microsoft.com/kb/320190

Some of the symptoms and effects that occur if you are infected with trojan "Stuxnet" is as follows:

- Harddisk computers on the network full and compact suddenly get a warning "Low Disk Space". File winsta.exe which grew to adjust the remaining hard drive space you have (the C drive or system OS).

File Winsta bigger, adjust the remaining hard drive space available

- Due to an empty hard drive space remaining, will certainly lead to a notification from the windows system which informs you that the remaining hard drive space was empty.

Low Disk Space warning caused by swelling of Winsta so spend the rest of hard drive space.

- Due to an empty hard disk space, then you can not store data or run certain programs that require the remaining hard drive space / use the cache.

- The computer will seem to hang / slow and even if you are connected to the network will be disconnected, this is because "Stuxnet" that infect computers and a file system. Some Windows system files that are victims of infection are:

1. Svchost: files associated with a network connection, by infecting this file then the network will be disconnected.
2. Lsass: make the computer hangs and slow and restarts itself, performed by infecting files.
3. Spoolsv: can not print the data through the printer, this is done by infecting files.

METHOD OF SPREAD OF VIRUS

Trojan "Stuxnet" make the most use usb or network share the full access. Trojans will make the computer automatically infection, because by creating two files that would happen with a good execution, namely:

Ø ~ WTR [angka_acak]. Tmp
Ø ~ WTR [angka_acak]. Tmp

WINDOWS REGISTRY MODIFICATIONS

Some registry modifications made by the virus "Bekol" are as follows:

- Adding a Registry

o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMRxCls
o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMRxNet
o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesMRxNet
o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesMRxCls
o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_MRXCLS
o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_MRXNET
o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MRXCLS
o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MRXNET

VIRUS CLEANING

Steps should be taken to conduct clearing the virus "Bekol" is as follows:
- Clean virus removal tools with Dr.Web CureIt. You can download the following link:

www.freedrweb.com/download+ CureIt /

Use Dr. Web CureIt to detect and eradicate Stuxnet

- Fix the windows registry that has been modified by a virus with the following steps:

o Copy the script below using WordPad. Click the [Start] ïƒ [All Programs] ïƒ [Accessoris] ïƒ [Wordpad].

[Version]

Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del

[UnhookRegKey]

HKCU, SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced, ShowSuperHidden, 0x00010001, 1
HKCU, SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced, SuperHidden, 0x00010001, 1
HKCU, SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced, HideFileExt, 0x00010001, 0
HKLM, SOFTWARECLASSESbatfileshellopencommand ,,,"""% 1 ""% * "
HKLM, SOFTWARECLASSEScomfileshellopencommand ,,,"""% 1 ""% * "
HKLM, SOFTWARECLASSESexefileshellopencommand ,,,"""% 1 ""% *
HKLM, SOFTWARECLASSESpiffileshellopencommand ,,,"""% 1 ""% * "
HKLM, SOFTWARECLASSESregfileshellopencommand,,, "regedit.exe"% 1 ""
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionWinlogon, Shell, 0, "Explorer.exe"

[Del]
HKLM, SYSTEMCurrentControlSetServicesMRxCls
HKLM, SYSTEMCurrentControlSetServicesMRxNet
HKLM, SYSTEMControlSet001ServicesMRxCls
HKLM, SYSTEMControlSet002ServicesMRxNet
HKLM, SYSTEMCurrentControlSetServicesEnumRootLEGACY_MRXClS
HKLM, SYSTEMCurrentControlSetServicesEnumRootLEGACY_MRXNET
HKLM, SYSTEMControlSet001ServicesEnumRootLEGACY_MRXClS
HKLM, SYSTEMControlSet002ServicesEnumRootLEGACY_MRXNET

Save the file with the name "repair.inf". Use the Save as type option to Text Document in order to avoid mistakes.
Right-click the file "repair.inf" then select "Install". Restart the computer.

- Clean temporary files, this in order to prevent the rest of the trojan is trying to be active again. Use tools like "ATF Cleaner" or use the windows feature is "Disk Clean-Up".

Emergency solution to overcome Winsta:

To prevent it from re-infecting, you can use the following script:

@ Echo off

del / f c: windowssystem32winsta.exe
brake rd c: windowssystem32winsta.exe
md c: windowssystem32winsta.exe
del / f c: windowssystem32driversmrxnet.sys
brake rd c: windowssystem32driversmrxnet.sys
md c: windowssystem32driversmrxnet.sys
del / f c: windowssystem32driversmrxcls.sys
brake rd c: windowssystem32driversmrxcls.sys
md c: windowssystem32driversmrxcls.sys
attrib + r + h + s c: windowssystem32winsta.exe
attrib + r + h + sc: windowssystem32driversmrxnet.sys
attrib + r + h + sc: windowssystem32driversmrxnet.sys

Save the file with the name "winsta.bat". Use the Save as type option to Text Document in order to avoid mistakes.

2x click the file.

- For optimal cleaning and prevent re-infection, re-scan using an updated antivirus and recognize this virus very well.

How to Remove Virus Stuxnet the explosive Harddrive

RELATED POST:

Articles

• Digital Projector Lamp Replacement Overview
• How To Restore LG 710E CRT Monitor With Energy Blink Drawback
• Monitor Shade Drawback - How To Restore LG710E CRT Monitor With Blue Colour Lacking
• Fast Analysis of a Lifeless Laptop computer LCD Show
• How To Troubleshoot And Restore DELL E151FP LCD Monitor With No Energy Drawback
• Procedures in Changing the Battery of Polar Heart Rate Monitor
• Projector Lamps and Replacement Components
• Learn how to Select TFT LCD Monitor for Gaming?
• The Distinction Between LEDs, LCDs, Plasmas, 3D TVs and Rear Projections
• How To Save Money On Printer Ink Cartridges
• How To Restore A 17" Monitor CRT Image Tube
• Troubleshooting your Cable Field
• TV Tuners Can Do The Trick - TV on Your Computer
• How To Repair Your Credit
• Undelete a File - Get well Misplaced Knowledge With The Greatest Undelete Software
• Hacking Cable TV - Is That The Only Way To Watch Free Cable TV?
• Photoshop - All About RBG - CMYK
• Photoshop - Using a Layer Mask to Blend Two Photographs
• HDTV As a Pc PC Monitor - What You Have to Know
• Laugh Answer Feature "Siri" in Samsung iPhone 4S
• Make it Easy Attack On the PC, with a Hacking Tool
• How To Make Your Own Portable Applications
• Changing the Logon Background (Welcome Screen) in Windows 7
• Controlling another computer with Remote Desktop Connection
• avoid virus attacks on computer without Antivirus

Computer And Tips

• Using Winbox Mikrotik Configuration
• Virtual Desktops - Real Financial savings
• Citrix Xendesktop 4.0 Introduces Flexcast and Per Consumer-Gadget Licensing
• Advantages of Zero Client Over Thin Shopper
• The Many Advantages Of Remote Desktop Services
• Virtualization is the New Actuality
• Remote Entry to Another Laptop Using Microsoft Terminal Companies Console
• What Is the Position of Utility Virtualization in DV?
• The A to Z of Healthcare for IT
• IT Infrastructure Necessities
• Doing a Manufacturing unit Reset on Your Dell 3000 Sequence PC
• Top Pc Diagnostic Tools Reviewed
• Details About Benchmarking CPU Speeds
• 5 Tips to Speed-Up Computer Efficiency
• Speed Up a Slow Computer - How to Fix All the Errors Slowing Down Your Computer Fast
• Windows Partition Restoration Answer in Case of the Error - 'Load Wanted DLLs for Kernel'
• Tricks to Resolve "Invalid Or Damaged Bootable Partition" Error
• WDR - Partition Restoration Article - Incautious Use of DiskPart Resulting Data Loss & Restoration Options
• Extending Windows Partition Using DiskPart Exe Causes Quantity Information Loss
• How To Get Past the Black Display screen Displaying 'Boot Failure, System Halted' Error in Home windows XP
• NTFS Knowledge Restoration - How one can Get Knowledge Back for NTFS
• File Recovery From Windows 2003 Quorum Disk
• Tips For Using Data Restoration Software program That's Free to Download
• Carry out Disk Error Checking With Chkdsk-Exe Program
• Overcoming Partition Corruption Due To 'BAD_POOL_HEADER' Error In Windows 7

Tutorials

• RV Tv and Reception Selections
• How To Get Past the Black Display screen Displaying 'Boot Failure, System Halted' Error in Home windows XP
• Tips For Using Data Restoration Software program That's Free to Download
• Forensic Data Restoration Software
• Carry out Disk Error Checking With Chkdsk-Exe Program
• Overcoming Partition Corruption Due To 'BAD_POOL_HEADER' Error In Windows 7
• How to Overcome Registry Corruption and Recover Inaccessible Knowledge in Windows 7
• Find out how to Recuperate Information From Windows XP When The 'C_1252.Nls' File Is Lacking
• Undelete a File - Get well Misplaced Knowledge With The Greatest Undelete Software
• Rectifying "Machine Check Exception" Error Message in Windows XP
• IOS Vulnerability Allows Hackers Into Mobile Devices
• What Is Hacking, Easy Tips to Save Your Laptop From Hacking
• Photoshop - Using a Layer Mask to Blend Two Photographs
• How to Change the Custom Shape Tool Being Brush
• Precisely What Is Remote PC Clean Up?
• The right way to Monitor Another Computer - All About Keyloggers
• Laptop Maintenance
• How to Lock Personal Folder Using the Script
• Creating Application Components Using COBRA Temperature Converter
• How to Change the Content Files Simultaneously In Website
• Types of Cracker Attacks and its Prevention
• Best Tricks to Protect Important Files From VIRUS
• Knowing Kiddie Script in Detail in the World of Hacking
• Build a Natural Blog Liked by Google from 0