BULU BEBEK

Pernah kena virus Bulu bebek ?

Ciri2x, sound hilang, printer ga jalan, cdroom juga hilang.

Gombal sempat kerepotan buat nendang ni virus.

Gimana ga repot, cdroom ilang. Gua mo scan AV portable dari flashdisk, pasti keinfect duluan tuh flashdisknya.

Akhirnya cari cara gampang,

Scan Hdd di komputer lain, pake KAV update.

Selesai scan,  pasang lagi Hdd di komputer.

copy paste script dibawah ini dengan notepad, simpan dengan nama repair.inf   (download):

============================================

[Version]

Signature=”$Chicago$”

Provider=Vaksincom

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”

HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”

HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”

HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”

HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”

HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”

HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1

HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0x00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0x00010001,2

HKCU, Software\Microsoft\Command Processor, AutoRun,0,

[del]

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NOFind

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NORun

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAYXX.exe

HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\HideFileExt

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPath

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPathAddress

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools

=================================================

Untuk menjalankan, klik kanan file, instal.

CDROOM masih ga nongol ?

Uninstal cdroom dari device manager.

Klik kanan My komputer, properties, Hadware, Device Manager.

kemudian Uninstal CDROOM, trus instal ulang lagi.

untitled1

Masih tidak bisa Add Printer / jalankan printer / instal printer ???

Tinggal kita Repair  aja print spooler.

Download file ini,  ekstrak dan jalankan file “SpoolerPE.reg” (klik 2x)

Masalah terakhir, Sound ga bisa jalan.

Sama seperti CDRoom,

Uninstal driver Sound, trus instal ulang kembali.

(NB: ada beberapa kasus, sound tetep ga bisa nonggol setelah driver diinstal ulang. Ada yang mau nambahin?)

9 Responses to “BULU BEBEK”

  1. .;.,;.;##^.).^ Says:

    kalo loe g pengen kena Virus gw punya akal , bwt komputer loe g kemasukan virus caranya Buka Run>masukan kata kunci”Regedit”>Buka HKEY_CURRENT_CONFIG>Lalu Ke “System”>”CurrentControlSet”nya Tolong Loe Delet , Langsung Loe Restart And Banting Komputer lOE Pake Palu Or MArtil , Banjur Ama Betadine Dijamin Virus G bakalan Yng masuk….. >

    Dari : Haunting Geisah (01000101011010001010010100101011110)

  2. Progf.Charlie(Programm's) Says:

    Hello , Pencipta Virus and Penikmat Virus ,,Saya akan mengumukan bahwa 010010110111101101110101ff01f01as0101d0101010000000101111111101010101011111001010101010101000011111110100110001010101010101101110110410101010 (Assembler)

  3. gRiNdKiNg Says:

    Bulubebek Virus
    Main File :

    :\Autorun.inf
    :\bulubebek.ini

    Virus Running Process

    Script.exe
    LSASS.exe

    Virus Simptom

    Duplicate every folder on Drive and change it to .EXE file with ‘folder’ Icon.
    Hide the origin folder on Drive.
    Hide Task Manager & Folder Option on your PC.

    Remove Bulubebek Virus.

    1. Disconnected From Internet (LAN or Wireles)
    2. Turn Off System Restore
    3. Use Third party software such as Process Explorer or Security Task Manager, to View and Kill process tree for LSASS.exe and Script.exe.
    4. Repair Windows registry using this script:

    [Version]
    Signature=”$Chicago$”
    Provider=Vaksincom Oyee

    [DefaultInstall]
    AddReg=UnhookRegKey
    DelReg=del

    [UnhookRegKey]
    HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
    HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
    HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
    HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
    HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
    HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
    HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
    HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
    HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
    HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0x00010001,1
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0x00010001,2
    HKCU, Software\Microsoft\Command Processor, AutoRun,0,

    [del]
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NOFind
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NORun
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
    HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAYXX.exe
    HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\HideFileExt
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPath
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPathAddress
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools

    5. Copy and paste this script into Notepad and save it as Removebulubebek.inf.
    6. Right Click Removebulubebek.inf and Click install.
    7. LogOff and Logon Computer.
    8. ‘Show Hidden file and folder’ on your Folder Option.
    9. Delete autorun.inf and bulubebek.ini on your drive (Drive C, Drive D, Removable Drive)
    10. Search and remove virus duplication file by using ‘Windows Search”.
    Duplication file always
    • using ‘folder’ icon,
    • 53Kb in size,
    • .EXE file,
    • File Type ‘Application’

    11. To unhide the origin folder on your drive (Drive C, Drive D, Removable Drive)

    • Use ATTRIB –s –h –r /s /d On Command Prompt,

    c:\ ATTRIB –s –h –r /s /d
    Or
    d:\ ATTRIB –s –h –r /s /d
    Or:\ ATTRIB –s –h –r /s /d

  4. gRiNdKiNg Says:

    (^^p)….

  5. gombal_trendy Says:

    @ gRiNdKiNg

    thanks ….

    Tapi pada kasus tertentu,
    Gombal pernah nemuin Sound tetep ga bisa nongol, padahal virus dah leyap. (yakin 100%)

    Setiap Driver sound diuninstal, trus driver diinstal ulang kembali
    sound berfungsi. tapi setelah restart ….

    kembali sound error ……

    Ada solusi ?????

  6. shinichi Says:

    Mas Gombal, rada melenceng dari topik neh, konsultasi yak,
    gini Mas, kalo ngejalanin media player classic, Microsoft Visual C++ Runtime Library nya bilang gini :

    Runtime Error!
    C:/Progra…
    R6002
    floating point support not loaded”
    antivirus ma tune up utilities juga jadi gak jalan deh, pliiiissss, tolongin doonk, pliiissss, kalo Mas punya solusi, tolong imel ke : shinichi_conan@lycos.com, atau ke arizona.f@gmail.com ya Mas. Dah frustasi berat neh, diinstall ulang juga gak ngaruh, hwaa :((

    Makaciiiihhh😀

  7. gombal trendy Says:

    @ shinichi

    Sori, komen kamu masuk kotak pending (I dont know why …)

    ==========
    pertama pastikan cd instalater tidak bermasalah (bila perlu coba instal dengan cd xp yang lain)

    Bila tidak mengatasi masalah juga,

    lepas HDD,

    scan di komputer lain dengan AV yang terupdate.

  8. andre Says:

    Trik Merubah Windows XP menjadi GENUINE (Asli)
    Mungkin kebanyakan pemakai windows XP di Indonesia menggunakan windows XP bajakan. Tapi
    bukan berarti windows XP bajakan itu bukan asli (GENUINE). Yang membedakan asli atau tidaknya
    windows XP ternyata terletak pada serial number yang digunakan ketika proses menginstall windows
    XP.
    Untuk mentes apakah windows XP kita asli, coba gunakan tool “Microsoft Genuine Advantage
    Diagnostic Tool”, yang dapat mendetaksi keaslian windows XP anda, contohnya gua peke windows
    bajakan tapi menggunakan serial number yang genuine so………. selengkapnya ada disini http://andri-haryono77.blogspot.com

  9. foto kartun Says:

    cara mbalikin soundnya belum ketemu ya, mas?
    saya juga mengalami hal yg sama nih. soundnya sdh coba diuninstall dan install lagi, tetep gak fungsi.😦

    any help please?

    PS. saya juga mengalami, di komputer yg lain, setelah ketularan bulu bebek ternyata soundnya tetap sehat wal afiat. berarti virus bulu bebek ini gak konsisten? 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: