ံဒီရက္ပိုင္းမွာ Happy Birthday – Virus ျပန္႔ေနတယ္ …
ျပန္႔ႏႈန္းျမန္တယ္ …
ဒီမွာေတာ့ အင္တာနက္ဆိုင္၊ ဓာတ္ပံုဆိုင္၊ ဗီႏိုင္းဆိုင္ေတြကေနတစ္ဆင့္ ကူးစက္လာတာမ်ားတယ္ …
သတိထားၾကပါဗ်ဳိ႕ ……
ျဖစ္လာခဲ့ရင္ ေျဖရွင္းနည္းက …..
ဒီေကာင္က windows စတတ္တာနဲ႔ အသုံးျပဳရတဲ့ ntdlr ဆုိတဲ့ဖုိင္ကုိဖ်က္ပစ္လုိက္တာဗ် ..။
ntdlr ဆုိတဲ့ဖုိင္ကုိ Windows ရွိတဲ့ drive ထဲ ေကာ္ပီျပန္ကူးထည့္လုိက္ရင္သူကခ်က္ခ်င္းျပန္ဖ်က္ပစ္လိ မ့္မယ္ .။ဖ်က္ေနတဲ့ process မျပီးခင္ ကြန္ပ်ဴတာကုိ restart ရေအာင္လုပ္ ..။
အဲေျပာဖုိ႔က်န္ခဲ့လုိ႔ဒီေကာင္က registery ထဲမွာလည္း၀င္ျပင္ထားေသးေတာ့ registery ကုိလည္းျပန္ျပင္ေပးရမယ္ ..။ registery ပိတ္ထားလုိ႔ စိတ္ပူပါနဲ႔
PHP Code:
Enable/Disable Registry Editing tools
‘© Doug Knox – rev 12/06/99
Option Explicit
‘Declare variables
Dim WSHShell, n, MyBox, p, t, mustboot, errnum, vers
Dim enab, disab, jobfunc, itemtype
Set WSHShell = WScript.CreateObject(“WScript.Shell”)
p = “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\”
p = p & “DisableRegistryTools”
itemtype = “REG_DWORD”
mustboot = “Log off and back on, or restart your pc to” & vbCR & “effect the changes”
enab = “ENABLED”
disab = “DISABLED”
jobfunc = “Registry Editing Tools are now “
‘This section tries to read the registry key value. If not present an
‘error is generated. Normal error return should be 0 if value is
‘present
t = “Confirmation”
Err.Clear
On Error Resume Next
n = WSHShell.RegRead (p)
On Error Goto 0
errnum = Err.Number
if errnum 0 then
‘Create the registry key value for DisableRegistryTools with value 0
WSHShell.RegWrite p, 0, itemtype
End If
‘If the key is present, or was created, it is toggled
‘Confirmations can be disabled by commenting out
‘the two MyBox lines below
If n = 0 Then
n = 1
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & disab & vbCR & mustboot, 4096, t)
ElseIf n = 1 then
n = 0
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & enab & vbCR & mustboot, 4096, t)
End If
ဆုိတာကုိ ကူးျပီး .vbs နဲ႔သိမ္းလုိက္ ..။ အဲဒီဖုိင္က registery ကုိ enable ျပန္လုပ္ေပးလိမ့္မယ္ ..။
အဲဒီေတာ့ အဆင့္ ၁ အေနနဲ႔
virus ၀င္ေနတဲ့ ကြန္ပ်ဴတာကုိ စီဒီနဲ႔ ntdlr ရယ္ အေပၚက vbs ဖုိင္ေလးရယ္ကူးထည့္
(၂)vbs ကုိအရင္ဆုံး run
(၃) ntdlr ကုိ windows ရွိတဲ့ drive ထဲကုိ copy & paste လုပ္
virus ကခ်က္ခ်င္းျပန္ဖ်က္ပစ္လိမ့္မယ္ ..။
(၄)ဖ်က္ေနတဲ့ process မျပီးခင္ ကြန္ပ်ဴတာကုိ restart ရေအာင္လုပ္ .။
(၅) save mode နဲ႔တတ္ ..
(၆)msconfig က start up မွာ explorcr ဆုိတာကုိဖ်က္ပစ္ ..
(၇)registery ထဲကုိ၀င္ ..
(၉)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Share d Tools\MSConfig\startupreg ထဲက explorcr.exe ပါေနတဲ႔ value ေတြကုိ ဖ်က္ပစ္လုိက္ ..။
ကြန္ပ်ဴတာကုိ restart ျပန္လုပ္လုိက္တာနဲ႔ နဂုိအတုိင္းျပန္လည္အသုံးျပဳလုိ႔ရနုိင္မွာပါ .။
ntdlr ဖုိင္ကုိ တစ္ျခား windows ကေနေကာ္ပီလုပ္ယူရမွာေနာ္ …။ windows ရွိတဲ့ drive ထဲမွာ သူ႔ကုိ hide လုပ္ထားတယ္ .။ အဲဒီဖုိင္ေလးကုိရွာျပီးကူးထည့္ရမွာ ..။virus ကျပန္ဖ်က္တဲ့အခ်ိန္မွာလည္း ခ်က္ခ်င္း restart လုပ္နုိင္ဖုိ႔လည္းလုိတယ္ဗ်ိဳ ႔ …။
http://www.mysteryzillion.com
March 17, 2008 at 9:44 pm
Happy Birthday Virus was made at Yangon?
I think this virus is made by a Myanmar Programmer.
that is only fight at 21, this is birthday of one girl from “LUCKY LIFT” CD shop.
bye admin . . .
i am one user . . .
.. ha ha . . . .
March 24, 2008 at 10:14 am
I am a staff member of mawlamyine university.
in my dept: there are 5 computers were destroy by Happy Birthday Virus.
Also 3 USB flash drive were unuseable.
Last time, we can solve the virus problem with format the USB stick.
But this time drive cann’t format.
what can i do?
If you have a technique to solve this problem please reply to my email.
Thank
see you.
July 16, 2008 at 6:00 pm
Now I face blood window virus. how can i remove??
July 20, 2008 at 12:14 am
please reply me
1 history of virus
1 how to solve virus