skull

Beberapa hari yang lalu seorang sahabat saya meminta saya menyelesaikan masalah beliau iaitu laptop beliau dijangkiti dengan virus HBKiller.js. Di sini ingin saya kongsikan bersama langkah – langkah bagi memadam masalah virus ini secara manual.

1. Finding potential processes running- Press CTRL, ALT and DELETE key together. You will open the Windows Task Manager.- Click the Processes tab, and comb through the list and see whether there is a program called wscript.exe is running. If you find it, click on it and click End Process.- After that you can close the Task Manager window.

2. Finding the virus (for those who were not detected by the antivirus – for Microsoft Windows)- Go to My Computer- Click Tools at the top bar –> Folder Options- When you come to the Folder Options window, click on the View tab- Look for Hidden files and folders- Tick Show hidden files and folders- Tick Show system files- Press OK- Once the window is closed, click on your C drive once.- Go to C:\WINDOWS\system32. Once you are in there, look for whether there is a filename called HBKiller.js- If you can’t find it in C (like I did), look in C:\Windows- If you still can’t find it, don’t worry, press F3 at the top row of your keyboard (in case you don’t know) and the search bar will be on your left. Click on All files and folders, and type in the file name HBKiller.jsIf you don’t find any file in there, congratulations, you are one step out of it.You can jump to step (4)

3. You found the virus- Click on the file you found and press SHIFT key and DELETE key- It will ask you “Are you sure you want to delete (the file name)”. Click Yes- If you find more than one location that has HBKiller.js, then you need to repeat the steps in (3)

4. Editing the Windows Register (do it with full of caution!)- Click Start –> Run- Type regedit and press ENTER- You will come to the Registry Editor window- On your left there will be the registry directories. Look for:HKEY_LOCAL_MACHINE –> Software –> Microsoft –> Windows –> Current Version –> Run- If there is a HBKiller.js in there, delete the entry.- Then you need to look for:HKEY_CURRENT_USER –> Software –> Microsoft –> Internet Explorer –> Main- If you see the Window Title has “HBKiller In The House!!!” you should delete that entry.- You can now close the Registry Editor window.

5. Stop all auto runs in future (recommended move)- Click on Start –> Run- Type gpedit.msc and press ENTER- You will come to the Group Policy window- Go to User Configuration –> Administrative Templates –> System- Look for Turn off Autoplay and double click it. You will come to Turn Off Autoplay Properties window.- Click Enable and select All drives from the drop-down combo box.(It is suggested to turn it off to avoid further potential virus infections in future)- You can now close the Group Policy window.

6. Stopping auto run virus programs (if have)- Click on Start –> Run – Type msconfig and press ENTER. You will come to the System Configuration Utility window- Click on the Startup tab, and look for any programs that runs under HBKiller.js- If you find then, uncheck the checkbox on the left of the file- Click Apply- Click Close- When you close the window it will ask you whether to restart or not. Click on Exit without Restart.


7. Start > Run > RegeditThen go toHKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Explorer > MountPoints2 >Then you will see a list of random numbers and jargon looking a little like “{07852ef4-9baf-11db-a10c-806d6172696f}” – This refers to your hard drives. The more you have the more random things you will have in this list. A partition counts as a seperate drive.Now go in these “drives” toShell > AutoRun > commandYou will see a file called “default” with some code next to it saying ”C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .HBKiller.js”. or similar. Open the file and delete all the “wscript.exe .HBKiller.js” part. I dunno if you need the rest but this will kill it anyway.Do this for every drive you have within the “Mountpoints2″ subtree. Also go into:Shell > AutoPlay > commandShell > Explore > commandShell > Open > commandShell > Scan for Biros > commandShell > Scan with Manok > commandShell > Scan with Rempit > commandAnd open the default file and delete “wscript.exe HBKiller.js”

8. Restarting your PC- Before restart, make sure that you empty your recycle bin.

Restart your PC- You will see a windows prompt that you have changed your system configurations. Check on the checkbox not to remind you anymore and press ok.

Print This Post Print This Post