Local virus OjanBlank quite disturbing and potentially dangerous. The virus is seeping from an external device that connects via USB port, like USB flash or portable hard drive.
When infecting a computer, this virus will do various things. These include monitoring whether komoputer victim to connect to the internet, turn off Windows Firewall, and transmit data from the victim’s computer to the virus.
Here are the steps as outlined by the analyst antivirus from Vaksincom, Adi Saputra:
1. Disconnect the network / Internet.
2. Turn off System Restore
Right-click My Computer, select Properties.
Select System Restore tab, put check the option Turn off System restore
Click Apply, click OK.
3. Turn off the virus (with Command Prompt).
Click Menu [Start] à [All Programs] à [Accessories] à [Command Prompt]
In the Command Prompt window, type the command “tasklist (this is to see the process of active virus” WinGUI.exe or junx.exe)
Once the process determines the active virus, turn off the virus by running / type taskkill command as follows:
Taskill / f / im WinGUI.exe, or
Taskill / f / im junx.exe
4. Windows Registry Repair
Fix Windows Registry that has been modified by a virus with the following steps:
a. Copy the script below using notepad:
Signature = “$ Chicago $”
Provider = Vaksincom Oyee
AddReg = UnhookRegKey
DelReg = del
HKLM, SoftwareCLASSESbatfileshellopencommand ,,,”””% 1 “”% * ”
HKLM, SoftwareCLASSEScomfileshellopencommand ,,,”””% 1 “”% * ”
HKLM, SoftwareCLASSESexefileshellopencommand ,,,”””% 1 “”% * ”
HKLM, SoftwareCLASSESpiffileshellopencommand ,,,”””% 1 “”% * ”
HKLM, SoftwareCLASSESregfileshellopencommand,,, “regedit.exe”% 1 “”
HKLM, SoftwareCLASSESscrfileshellopencommand ,,,”””% 1 “”% * ”
HKLM, SOFTWAREMicrosoftWindows NTCurrentVersionWinlogon, Shell, 0, “Explorer.exe”
HKLM, SYSTEMControlSet001ControlSafeBoot, AlternateShell, 0, “cmd.exe”
HKLM, SYSTEMCurrentControlSetControlSafeBoot, AlternateShell, 0, “cmd.exe”
HKLM, SOFTWAREClassesexefileDefaultIcon ,,,””% 1 “%”
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionRun, Microsoft Word Agents
HKLM, SOFTWAREMicrosoftWindowsCurrentVersionRun, Microsoft Office Agents
b. Save the file with the name repair.inf. Use the Save As Type option to All Files to avoid mistakes.
c. Right-click the file repair.inf, then select install
d. Restart the computer.
5. Remove the master file and duplicate files created by the virus OjanBLANK, where the file has the following characteristics:
File Size 224 KB
Having a MS Word icon
Type the application configuration file.
6. Delete the trojan file and companion files virus, which is as follows:
7. For optimal cleaning and prevent re-infection, you should use updated antivirus and recognize this virus very well.