1) Buka notepad. Kemudian copy tulisan di bawah ini ke notepad kamu (tulisan warna item).
[Version]
Signature=”$Chicago$”
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, userinit,0, C:\WINDOWS\System32\userinit.exe ,
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKCU, Software\Microsoft\Windows\CurrentVersion\Run,T1702521TT4
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,T70Z516
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKCU, Software\VB and VBA Program Settings
2) Setelah command2 di atas dicopy dinotepad, lalu save as dalam bentuk format *.inf misalnya antivirus.inf
3) Kemudian buat satu lagi di notepad juga. Copy command2 berikut (tulisan warna item) :
[Version]
Signature=”$Chicago$”
Provider=Babenya Galak
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder, Bitmap,0, “C:\WINDOWS\SYSTEM32\SHELL32.DLL,4″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder, Text,0, “@shell32.dll,-30498″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState, text,0, “@shell32.dll,-30506″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer, text,0, “@shell32.dll,-30497″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess, text,0, “@shell32.dll,-30507″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache, text,0, “@shell32.dll,-30517″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip, text,0, “@shell32.dll,-30514″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree, text,0, “@shell32.dll,-30511″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden, Bitmap,0, “%SystemRoot%\system32\SHELL32.dll,4″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden, text,0, “@shell32.dll,-30499″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, text,0, “@shell32.dll,-30499″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN, text,0, “@shell32.dll,-30501″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue,0×00010001,2
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, text,0,”@shell32.dll,-30503″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, type,0, “CheckBox”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler, text,0, “@shell32.dll,-30509″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers, text,0, “@shell32.dll,-30513″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor, text,0, “@shell32.dll,-30512″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath, text,0, “@shell32.dll,-30504″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress, text,0, “@shell32.dll,-30505″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip, text,0, “@shell32.dll,-30502″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing, text,0, “@shell32.dll,-30518″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, text,0, “@shell32.dll,-30508″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets, Bitmap ,0, “C:\WINDOWS\system32\SHELL32.DLL,4″
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO, text,0, “Show and manage the pair as a single file”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE, text,0, “Show both parts but manage as a single file”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE, text,0, “Show both parts and manage them individually”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade, text,0, “@shell32.dll,-30510″
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistriTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableCMD
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, Intelprc
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, Network
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SystemWindows
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system, legalnoticecaption
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,legalnoticetext
4)Sama kayak yang nomor 2, save as dalam bentuk *.inf misalnya antivirus2.inf
5) Akhirnya kamu mendapatkan 2 ikon yang bakal membunuh virus yang nyerang aplikasi exe.
Cara kerja:
1. Klik kanan pada ikon yang berextensi *.inf tadi
2. Cari Install dengan klik kanan pada icon ekstensi *.inf
3. Klik Install
4. Lakukan kedua2 nya (File tadi)
5. Mudah2an virus tadi tumbang dan kamu bisa ngerjain aplikasi exe lagi.
6. Selamet mencoba
Tidak ada komentar:
Posting Komentar