Another virus that threatens computer user is virus FullHouse. The characteristics of this virus is making an extra drive named FullHouse's Drive. The virus is made using Visual Basic which in performing its action will create a separate drive on Desktop, My computer and Control Panel that when opened will display images "Han Ji Eun" female artist in Korean Full House series.
To remove it, take this following steps to remove Virus FullHouse:
- Scan viruses file located in the directory C:\RECYCLER with antivirus that are able to detect this virus very well. I recommend Norman Security Suite.
- After scan is finished, with a deleted virus file status (defered) means the file will be deleted when windows restart
- Click Clean button and then Close and at the same time Norman Security Suite also will ask the computer to restart
- To normalize the registry that has been re-created by a virus open Notepad then copy the script below
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCR, batfile\shell\open\command,,,"""%1"" %*"
HKCR, comfile\shell\open\command,,,"""%1"" %*"
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, piffile\shell\open\command,,,"""%1"" %*"
HKCR, lnkfile\shell\open\command,,,"""%1"" %*"
HKCR, scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
HKLM, SOFTWARE\Classes\exefile\DefaultIcon,,,""%1""
HKLM, SOFTWARE\Classes\exefile,,,"Application"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
[del]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run, Task
Manager
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Manager Task
HKCR, exefile, NeverShowExt
HKCR, CLSID\{10020D75-0000-0000-C000-000000000000}
HKLM, SOFTWARE\Classes\CLSID\{10020D75-0000-0000-C000-000000000000}
- Save with the name "repair.inf" select Save As type to All Files
- Run repair.inf with right click and select install
- Delete files created by the virus with the following characteristics:
* Extension "exe"
* Size 168 kb
- To make easy searching process use "Search Windows" with filter *. exe file that has 168 KB size and date modified 7/8/2008
- Then delete "FullHouse Drive" on the Desktop, My Computer and Control Panel
- Recovery folder on the Flash Disk that has been in Hidden
- To show hidden folders back to the Flash Disk, use command attrib from command prompt.
* Click Run
* Type CMD, then press Enter
- Move directory to the drive position Flash Disk, say E then type command E: and press Enter
- Then type attrib -s -h -r/ s/ d and then press Enter
September 7, 2009 4:28 PM
nice blog!