Another virus that threatens the computer user is FullHouse virus. The characteristics of this virus is making an extra drive with the name FullHouse Drive.
The virus is made using Visual Basic programming language that in performing its action will create a separate drive on the Desktop, My computer and Control Panel that when opened will display images “Han Ji Eun” beautiful artist in the series Full House.
To clean it, follow these:
Scan Virus files that are in the directory "C:\RECYCLER" with antiviral agents are able to detect this virus very well, Norman Security Suite. After the scan is finished with a virus file delete the file status (defered) means the file will be deleted when windows restart. Clean button and then click Close at the time Norman Security Suite also will ask the computer to restart (reboot).
To normalize the re-registry that was created by a virus open Notepad then copy the script below
[Version]
Signature = “$ Chicago $”
Provider = Vektanova
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKCR, batfile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKCR, comfile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKCR, exefile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKCR, piffile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKCR, lnkfile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKCR, scrfile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced,
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ DefaultIcon ,,,”"% 1 “”
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile,,, “Application”
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,”"”% 1 “”% * ”
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ regfile \ shell \ open \ command,,, “regedit.exe”% 1 “”
[del]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run, Task
Manager
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run, Task Manager
HKCR, exefile, NeverShowExt
HKCR, CLSID \ (10020D75-0000-0000-C000-000000000000)
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (10020D75-0000-0000-C000-000000000000)
- -Save with the name “repair.inf” select 'Save As Type' to "All Files", then run repair.inf with right-click and select install
- -Delete files created by the virus with the following characteristics:
* Type the file “application”
* Extension “exe”
* Size 168 kb
- -To facilitate the process of finding the virus files using “Search Windows”
with the filter *. exe file that has 168 KB size and date modified
as of 7/8/2008
- -Then delete “FullHouse Drive” on the Desktop, My Computer and Control Panel and Recovery folder on the Flash Disk that has been in Hidden
- -To show hidden folders back to the flash. Use command “attrib” at the command prompt.
* Click “Start”
* Click “Run”
* Type “CMD”, then press “Enter”
- -Move the directory to the drive position Flash Disk, say E then type
command E: and press “Enter”
- -Then type attrib-s-h-r / s / d and then press “enter”
Source: http://www.detikinet.com/read/2009/08/19/152816/1185768/510/langkah-menyapu-virus-fullhouse