Coping with Hampa W32/Agent.EAOI

By padmajani on June 2nd, 2008


Be careful with local virus. Nowadays, there’s local virus named Hampa, comes from Medan.

Ways to Heal Hampa:

· Cut the connection between the computer and network.

· Kill active virus process in. Use tools IceSword.

http://mail.ustc.edu.cn/%7Ejfpan/download/IceSword122en.zip. It’s better if you kill all of the viruses together because if there’s still an active virus, your computer will log off.

Then find these names:

§ Taskman.exe — > icon Folder

§ Dllhost.exe — > icon Folder

§ Rundll32.com — > icon “Application”

§ wmiprvse.com – > icon “Application”

· Erase registry that has been changed by the virus.

To change registry file EXE, you can use tools iceSword that you’ve been downloaded by:

o In IceSword application, click “Registry”

o Then search this registry:

HKLM\Software\Classes\exefile\shell\open\command

In default string of the right column, change valueor data to be “%1″ %*

To erase other registry, you can use tools “FixRegistry”:

http://www.4shared.com/file/46098361/5ddfda62/_3__FixRegistry.html?dirPwdVerified=7a224f27

Delete main virus using “Search File”.

Before that, show invisible files in order to make your searching to be more optimal.

To show invisible files, do these ways: Buka Windows Explorer

o Click “Tools”

o Click “Folder Options”

o Click “View”

o In “Advanced settings”

§ Choose “Show hidden files and folders”

§ Uncheck option “Hide extsnsion for known file types”

§ Uncheck option “Hide protected operating system files (recommended)

o Click “Apply”

o Click “Ok”

After the files are visible, find main and duplicate files.

Note:

Erase files which have characteristics:

§ 130 KB sized

§ Ext exe with “Folder” icon

§ Ext. COM with “Application” icon

· Restore Host file Windows that has been changed by the virus

For restoring into Original Host file Windows you can use tools Host’s Xpert, please download this tools:

http://www.funkytoad.com/download/HostsXpert.zip

After being downloaded, run this tools and click “Restore MS Host file”

· Show invisible files:

o Click “Start”

o Click “Run”

o Write “CMD” then press enter button

o Move cursor position to drive or folder you’d like to check

o Write attrib -s -h /s /d

· For optimum cleaning and avoiding the infection again, use antivirus like Norman Virus Control or NSS( Norman Security Suite) that can detect and heal this virus

Note:

To accelerate cleaning process, use tools “Agent Malware Cleaner”

http://www.4shared.com/file/46094742/bb3ffe3e/_2__AgentMalwareCleaner.html?dirPwdVerified=7a224f27

(source: vaksin.com)

You can also subscribe here to get this site update in your email.
Enter your email address:
« Using Certain Tactics to Internet Explorer and Firefox: Change History Saving Mode Tips on Economizing Refined Fuel Oil Using »

Leave a Reply

You can use these XHTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Powered by Yahoo! Answers