ประเภท: Trojan
ไวรัสจะเก็บไฟล์ไว้ที่ C:\Windows\Ahnrpta.exe
อาการ
- CPU Run 100% ทำให้เครื่องช้า
- ใช้โปรแกรม Antivirus ไม่ได้
วิธีแก้
- ใช้ Task manager ปิดการทำงาน โปรเซส Ahnrpta.exe
- ใช้ StopZilla Spywareremover ยังไม่เคยลองครับ
หรือ
1. Download REG UNLOCKER
2. Execute reg unlocker (select all options) and as quick as you can, open the task manager (CTR+ ALT +DEL) and kill the process EXPLORER.EXE (don’t worry if all programs start closing and you end with the task manager alone, that is the point)
3. Using the task manager kill the process AhnRpta.exe which is the virus of course you’ll have to do this dozens of times thru this tutorial, because it keeps starting itself again
4. run REGUNLOCKER again. With the task manager go to Applications–> New Task and write “explorer” (without quotes) Remember step 4. Now in the explorer window go to Tools — Folder Options — View and select “show hidden files and folders” accept and go to the task manager and kill “explorer.exe” there.
5. Dont forget step 4. Now, you only have open the task manager in the tab applications click New Task and write
“msconfig” without quotes, (never forget step 4) go to the start tab and look for olhrwef, deselect it, apply, but don’t restart the system, no yet.(step 4), now in the task manager, go to applications – New Task and write “regedit” without quotes. Browse the following path
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSI… F-882A-4526-8C08-51278EA437C1}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSI… F-882A-4526-8C08-51278EA437C1}\InprocSer…
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSI… F-882A-8C08-4526-51278EA437C1}
the last part can vary a little in each computer, but the firts dozen of numbers will be the same. Delete the keys (I mean, delete the last folder for example {BB4C402F-882A-4526-8C08-51278EA437C1} don’t delete the root folders or you will completly screw up your system.
also browse to
# [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\W... entVersion\Explorer\ShellExecuteHooks]
* {BB4C402F-882A-4526-8C08-51278EA437C1} = “hook dll rising”
and delete the key… be careful in this part you don’t have to delete the complete folder, in the right pane look for the “hook dll rising” part and delete that one only.
Don’t forget step 4.
You can closes the registry and go back to the task manager. New task, click browse and go to
“c:\windows\” you will find the file “AhnRpta.exe” delete it.
Now go to “C:\WINDOWS\system32″ look for the file “olhrwef” and delete it (note: I didn’t found it in my pc but this part was in the original tutorial that I followed).
Also delete the following files in that folder
afmain0.dll
afmain1.dll
afmain2.dll