Sunday, December 11, 2011

JBLCF ID Knight Conficker

 
recently encountered a virus on my laptop. I suspect it came from USB drives that came from Internet Cafes.
Symptoms:

Changes Folder Options to "Do not show hidden files or folders" and "Hide extensions for known file types" on  startup.
When trying to run the Command Prompt, your computer immediately shuts down.
Im using AVG but it cannot detect the virus. I uninstalled it and try out Norton 2009, still to no avail. Even McAffe online scan does not detect it. I think most anti virus softwares do not have the updates yet. So I just did my own research.
This seems to get rid of the above symptoms. Though Im not sure about the extent of the infection. Anyway heres what I did:
First turn off system restore.
Open Task Manager by pressing Ctr + Alt + Delete. Find and kill  "JBLCF_Scandal.exe" .
Next, we need to delete the files associated with it. Its invisible even if you set Show Hidden Files on Folder Options. 
So we open the registry editor. Start Menu > Run > regedit
Make sure to backup the registry first before doing anything!
Go to [HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=1
Everytime a command prompt is opened, system shuts down. So we go to [HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"autorun"="c:\Windows\pc-off.bat" –> remove "c:\Windows\pc-off.bat" or delete the autorun key.
Now go to the Windows directory and delete "c:\Windows\jblcf_scandal.exe". This file is visible by now since we set "ShowSuperHidden"=1.
Also delete "c:\Windows\pc-off.bat".
Thats it. Now for your own sake, go back to the registry editor and set "ShowSuperHidden"=0. This will make critical system files invisible again, and therefore safe from those naughty fingers of yours.
Goodluck
 
Leave a comment of your Email so that i can email you the tools.
 
recently encountered a virus on my laptop. I suspect it came from USB drives that came from Internet Cafes.
Symptoms:
Changes Folder Options to "Do not show hidden files or folders" and "Hide extensions for known file types" on  startup.
When trying to run the Command Prompt, your computer immediately shuts down.
Im using AVG but it cannot detect the virus. I uninstalled it and try out Norton 2009, still to no avail. Even McAffe online scan does not detect it. I think most anti virus softwares do not have the updates yet. So I just did my own research.
This seems to get rid of the above symptoms. Though Im not sure about the extent of the infection. Anyway heres what I did:
First turn off system restore.
Open Task Manager by pressing Ctr + Alt + Delete. Find and kill  "JBLCF_Scandal.exe" .
Next, we need to delete the files associated with it. Its invisible even if you set Show Hidden Files on Folder Options. 
So we open the registry editor. Start Menu > Run > regedit
Make sure to backup the registry first before doing anything!
Go to [HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=1
Everytime a command prompt is opened, system shuts down. So we go to [HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"autorun"="c:\Windows\pc-off.bat" –> remove "c:\Windows\pc-off.bat" or delete the autorun key.
Now go to the Windows directory and delete "c:\Windows\jblcf_scandal.exe". This file is visible by now since we set "ShowSuperHidden"=1.
Also delete "c:\Windows\pc-off.bat".
Thats it. Now for your own sake, go back to the registry editor and set "ShowSuperHidden"=0. This will make critical system files invisible again, and therefore safe from those naughty fingers of yours.
Goodluck
 
Leave a comment of your Email so that i can email you the tools.

No comments:

Post a Comment