Biasanya permasalahan yang di timbulkan oleh virus
bermacam-macam. Kita pun selaku pengguna computer terkadang sering
bertemu dengan berbagai macam aksi virus dikomputer yang kita gunakan.
Memang sangat bingung dan terkadang pusing mengatasi virus-virus yang
tingkah lakunya aneh-anek.
Dibawah ini sebagian kecil tinggah yang dilakukan oleh virus :
• Merubah setingan File hidden/system menjadi tak terlihat
• Fasilitas Find diblokir, FolderOptions, Run, Regedit, Task
Manager, System Restore, perubahan Wallpaper, Hotkey, Control Panel, Log
Off
• Memblokir file-file exe milik Windows dan AntiVirus
Untuk itu bagai mana cara mengatasi masalah tersebut? untuk
mempermudah pengerjaan kita gunakan VB Script, ikuti langkah berikut
untuk membuatnya :
1. Buka notepad (Start > run > notepad)
2. copy-paste script dibawah ini :
Dim fso, WshShell, FlashDisk, Drives, winpath
Dim autoruninf, dekstopini
Set fso = CreateObject("Scripting.FileSystemObject")
Set WshShell = Wscript.CreateObject("Wscript.Shell")
Set winpath = fso.GetSpecialFolder(0)
Smwc = "SoftwareMicrosoftWindowsCurrentVersion"
Smwnc = "SoftwareMicrosoftWindows NTCurrentVersion"
Spmn = "SoftwarePoliciesMicrosoftWindows NT"
Smie = "SoftwareMicrosoftInternet Explorer"
Hsmwci = "HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options"
WshShell.RegWrite "HKCR.lnk", "lnkfile"
WshShell.RegWrite "HKCR.vbs", "VBSFile"
WshShell.RegWrite "HKCRvbsfile", "VBScript Script File"
WshShell.RegWrite "HKCRvbsfileDefaultIcon", "%SystemRoot%System32WScript.exe,2"
WshShell.RegWrite "HKCRvbsfileFriendlyTypeName", "@%SystemRoot%System32wshext.dll,-4802", "REG_EXPAND_SZ"
WshShell.RegDelete "HKCRvbsfileNeverShowExt"
WshShell.RegWrite "HKCRinffileshellInstallcommand",
"%SystemRoot%System32rundll32.exe setupapi,InstallHinfSection
DefaultInstall 132 %1"
WshShell.RegWrite "HKLMSoftwareCLASSESbatfileshellopencommand ", """%1"" %*"
WshShell.RegWrite "HKLMSoftwareCLASSEScomfileshellopencommand ", """%1"" %*"
WshShell.RegWrite "HKLMSoftwareCLASSESexefileshellopencommand ", """%1"" %*"
WshShell.RegWrite "HKLMSoftwareCLASSESpiffileshellopencommand ", """%1"" %*"
WshShell.RegWrite "HKLMSoftwareCLASSESscrfileshellopencommand ", """%1"" %*"
WshShell.RegWrite "HKCRregfileshellopencommand", "regedit.exe ""%1"""
WshShell.RegWrite "HKCRVBSFileshelleditcommand", "notepad.exe ""%1"""
WshShell.RegWrite "HKLM"&Smwc&"PoliciesExplorerRestrictRun", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"PoliciesExplorerRestrictRun", "0", "REG_DWORD"
WshShell.RegWrite "HKLM"&Smwc&"PoliciesExplorerDisallowRun", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"PoliciesExplorerDisallowRun", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"PoliciesExplorerNoFileAssociate ", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"ExplorerAdvancedHidden", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"ExplorerAdvancedHideFileExt", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"ExplorerAdvancedSuperHidden", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"ExplorerAdvancedShowSuperHidden ", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"ExplorerAdvancedStart_ShowRun", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"ExplorerAdvancedStart_ShowSearc h", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"ExplorerAdvancedStart_ShowHelp" , "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"ExplorerAdvancedHideIcons", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smie&"MainStart Page", "about:blank"
WshShell.RegWrite "HKLM"&Smwnc&"WinlogonShell", "Explorer.exe"
WshShell.RegWrite "HKLM"&Smwnc&"WinlogonUserinit", winpath & "system32userinit.exe,"
WshShell.RegWrite "HKLM"&Smwnc&"WinlogonShell", "Explorer.exe"
WshShell.RegWrite "HKLM"&Smwc&"App PathsHELPCTR.EXE", winpath & "PCHealthHelpCtrBinarieshelpctr.exe"
WshShell.RegWrite "HKLM"&Smwc&"App PathsHELPCTR.EXEPath", winpath & "PCHealthHelpCtrBinaries"
WshShell.RegWrite "HKLM"&Smwc&"App PathsMSCONFIG.EXE", winpath & "PCHealthHelpCtrBinariesmsconfig.exe"
WshShell.RegWrite "HKLM"&Smwc&"App PathsMSCONFIG.EXEPath", winpath & "PCHealthHelpCtrBinaries"
WshShell.RegWrite "HKLM"&Smwnc&"SystemRestoreDisableSR", "0", "REG_DWORD"
WshShell.RegDelete "HKLM"&Spmn&"SystemRestoreDisableSR"
WshShell.RegDelete "HKLM"&Smwc&"PoliciesExplorerNoLogOff"
WshShell.RegDelete "HKLM"&Smwc&"PoliciesExplorerNoControlPanel"
WshShell.RegDelete "HKLM"&Smwc&"WinlogonLegalNoticeCaption"
WshShell.RegDelete "HKLM"&Smwc&"WinlogonLegalNoticeText"
WshShell.RegDelete "HKLM"&Smwnc&"WinlogonLegalNoticeCaption"
WshShell.RegDelete "HKLM"&Smwnc&"WinlogonLegalNoticeText"
WshShell.RegDelete "HKLM"&Smwc&"RunAgeia"
WshShell.RegDelete "HKCU"&Smie&"MainWindow Title"
WshShell.RegDelete "HKCU"&Smwc&"PoliciesExplorerNoFind"
WshShell.RegDelete "HKCU"&Smwc&"PoliciesExplorerNoFolderOptions "
WshShell.RegDelete "HKCU"&Smwc&"PoliciesExplorerNoRun"
WshShell.RegDelete "HKCU"&Smwc&"PoliciesExplorerNoViewContextMe nu"
WshShell.RegDelete "HKCU"&Smwc&"PoliciesExplorerNoTrayContextMe nu"
WshShell.RegDelete "HKCU"&Smwc&"PoliciesExplorerNoWinKeys"
WshShell.RegDelete "HKCU"&Smwc&"PoliciesSystemDisableRegistryTo ols"
WshShell.RegDelete "HKCU"&Smwc&"PoliciesSystemDisableTaskMgr"
WshShell.RegDelete "HKCU"&Smwc&"PoliciesSystemDisableRegedit"
WshShell.RegDelete "HKCU"&Smwc&"PoliciesSystemDisableCMD"
WshShell.RegDelete "HKCU"&Smwc&"PoliciesActiveDesktopNoChangingWall paper"
WshShell.RegDelete "HKCU"&Smwc&"ExplorerRunMRU"
WshShell.RegDelete Hsmwci&"cmd.exe"
WshShell.RegDelete Hsmwci&"helpctr.exe"
WshShell.RegDelete Hsmwci&"msconfig.exe"
WshShell.RegDelete Hsmwci&"regedit.exe"
WshShell.RegDelete Hsmwci&"regedt32.exe"
WshShell.RegDelete Hsmwci&"TaskMgr.exe"
WshShell.RegDelete Hsmwci&"attrib.exe"
WshShell.RegDelete Hsmwci&"install.exe"
WshShell.RegDelete Hsmwci&"setup.exe"
WshShell.RegDelete Hsmwci&"PCMAV.exe"
WshShell.RegDelete Hsmwci&"PCMAV-CLN.exe"
WshShell.RegDelete Hsmwci&"PCMAV-RTP.exe"
WshShell.RegDelete Hsmwci&"PCMAV-SE.exe"
WshShell.RegDelete Hsmwci&"VB6.exe"
WshShell.RegDelete Hsmwci&"autorun.exe"
WshShell.RegDelete Hsmwci&"ansav.exe"
WshShell.RegDelete Hsmwci&"ansavgd.exe"
WshShell.RegDelete Hsmwci&"avscan.exe"
WshShell.RegDelete Hsmwci&"avgnt.exe"
WshShell.RegDelete Hsmwci&"gav.exe"
WshShell.RegDelete Hsmwci&"iexplore.exe"
WshShell.RegDelete Hsmwci&"firefox.exe"
WshShell.RegDelete Hsmwci&"procexp.exe"
WshShell.RegDelete Hsmwci&"procexpNT.exe"
WshShell.RegDelete Hsmwci&"AppSvc32.exe"
WshShell.RegDelete Hsmwci&"ccApp.exe"
WshShell.RegDelete Hsmwci&"ccSvcHst.exe"
WshShell.RegDelete Hsmwci&"Rtvscan.exe"
WshShell.RegDelete Hsmwci&"Smc.exe"
WshShell.RegDelete Hsmwci&"SmcGui.exe"
WshShell.RegDelete Hsmwci&"egui.exe"
WshShell.RegDelete Hsmwci&"ekrn.exe"
WshShell.RegDelete Hsmwci&"RegistryEditor.exe"
WshShell.RegDelete Hsmwci&"wordpad.exe"
WshShell.RegDelete Hsmwci&"viremoval.exe"
WshShell.RegDelete Hsmwci&"viremover.exe"
For Each FlashDisk In fso.drives
If (FlashDisk.drivetype = 1 Or FlashDisk.drivetype = 2) And FlashDisk.Path <> "A:" Then
set autoruninf = fso.GetFile(FlashDisk.Path & "autorun.inf")
set dekstopini = fso.GetFile(FlashDisk.Path & "dekstop.ini")
3. Simpan dengan Save As Type : All File, dan File Name :
PerbaikanRegistry.vbs silahkan letakan di drive mana saja. Untuk contoh
taruh saja di desktop, kemudian double klik file yang baru dibuat
tersebut.
4. Mudah-mudahan membantu meringankan beban anda masalah virus. | 
