CYBERSUFI HATES WORM

CYBERSUFI HATES WORM

Is antiworm program to all kinds of worm. Whether worm which have there is and also worm which there is not yet.

FOUR STANDAR STEPS USING CYBERSUFI HATES WORM *"

1] Search and identify worm. Pick a file that suspected contains worm and do right click, click Properties, click tab Version. Data in tab Version, can be used as keyword to search worm."

[2] Run FIX RUN. Delete entries in Registry RUN subkey that is suspected as an entry of worm. Reboot the computer to clear memory from worm."

[3] Run FIX REG. To fix subkeys that usually targeted by worm's manipulation."

[4] Do search and delete process worm's files. By specifying folder that should be checked, search mode, entrying worm string data from step 1.

HOW TO SEARCH WORM STRING MARKER DATA, THAT WILL BE USED IN TEXT IN FILE PROPERTIES OPTION

Activate Windows Explorer and search suspected worm file. To view properties file , right click the file. Context Menu appears. Click Properties. Properties Windows will appear. Click Version tab. This tab contain useful information such as : File version, Description, Copyright and other information. Look at other version information. Click Internal name in Item name group. Look for data in VALUE group. That data is the keyword. Say the keyword is : KINANTI. Type that data one by one in TEXT IN FILE PROPERTIES entries. Make all entry boxes filled with data. For additional search info, click all options in File Properties and write down the value, in : Original File Name, Product Name, Company, etc.

HOW TO SEARCH WORM STRING MARKER DATA, THAT WILL BE USED IN NORMAL TEXT IN FILE

It is done by looking file's contents, to search specific string data. Say the name of the file is COBA.EXE. Activate Windows Explorer. To examine file's contents, double click CANNOT be done because its type is EXE. Double-clicking the file makes its launch the program ! so the worm is active ! Click the file and press F2 to edit its extension from exe becomes txt."

Notepad will active, displaying file's contents. Search unique data as you wish and write down. Exsample : kspoold. Enter that unique data in NORMAL TEXT IN FILE entries when working with CSHW.

WORKING IN SAFE MODE WITH MSCONFIG [DO IT AS NEEDED!]

If worm is stubborn, Run CSHW in Windows SAFEMODE. So that active worm in memory is cleared. Because in safe mode, windows will be executed with minimal (standard) driver only.

To enter safe mode, reboot, while booting in progress, press F8 repeatedly, until boot menu appears. Choose SAFE MODE. then Run this program."

After finish using CSHW, please do reboot. If an error message show, the program/file in that message can be suspected as the worm trigger file. search and delele that file if necessary. To avoid seeing this message, use msconfig. Click Start, choose Run and type msconfig (press enter). Msconfig will active. Click Startup tab, and at Startup item, look for data that activate the error message. Remove the tick in front of the suspected data. Reboot and the error message will not show again.