Najib’Palace

Personal weblog with news of software, hardware, technology, tips and tricks

Haha.js

Setelah mencuba beberapa tools / anti virus software utk menghapuskan virus nie ( Haha.js , VirusMawar ). aku rasa ni tools yang paling mudah / senang dan tak sakit kepala. tapi kalau nak guna tools ni kena banyakkan bersabar sebab dia lama skit prosess ( bergantung kepada kelajuan komputer tersebut. Pada post yang lepas aku dah post cara nak remove virus haha.js tu tapi susah skit kepada user yang baru mengenali komputer dan tidak advance dengan sistem registry, autorun dan command line. so kali nih aku cuba memudahkan lagi cara korang nak remove virus sengal tu. oK? cekdaout!.

Alatan yang korang perlukan ialah

1. Combofix

2. Kesabaran yang amat tinggi

3. Sedikit pengetahuan tentang sistem operasi dan dialog box. ( x beberapa penting sangat ni )

Pilih mana satu website kat bawah ni untuk download Combofix

bawah ni cara-cara nak guna tools combofix ni…tapi dalam bahasa omputih la..ala senang je🙂

Introduction

ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a log when it is finished that contains a great deal of information that an experienced helper can use to diagnose, retrieve samples of, and remove infections that are not automatically removed.

Due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer. Instead you should use this guide to download and run ComboFix and then post the resulting log in a forum that contains helpers who understand how to diagnose them. These helpers will then help you clean your computer of infections so that it is running properly again.

Please note that this guide is the only authorized guide for the use of ComboFix and cannot be copied without permissions from BleepingComputer.com and sUBs. It is also understood that the use of ComboFix is done at your own risk.

Using ComboFix

The first thing you should do is print out this guide as we will close all the open windows and programs, including your web browser, before starting the ComboFix program.

Next you should download ComboFix from one of the following URLs:

To download ComboFix, simply left-click on one of the links above and if you are using Internet Explorer, you will see a prompt similar to the figure below.

Download ComboFix Screenshot
Download ComboFix Prompt

 

Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop. An image showing this is below.

 

Downloading ComboFix to the Desktop
Downloading ComboFix to the Desktop

 

When you have the Save as screen configured to save ComboFix.exe to the Desktop, click on the Save button. ComboFix will now start downloading to your computer. If you are on a dialup, this may take a few minutes. When ComboFix has finished downloading you will now see an icon on your desktop similar to the one below.

 

ComboFix Icon
ComboFix Icon

For now, do not start ComboFix as there are a few more steps that need to be done first.

We now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. If you use Windows XP and have a Windows CD, then you can follow the instructions found in the tutorial listed below.

How to install and use the Windows XP Recovery Console

Windows Vista users can use their Windows CD to boot up into the Vista Recovery Environment.

If on the other hand, you use Windows XP and do not have the Windows CD, ComboFix includes a method of installing the Windows Recovery console by downloading a file from Microsoft. To install the Windows Recovery Console when you do not have the Windows XP CD, please follow these instructions:

  1. Click on the following link to go to Microsoft’s Web site:http://support.microsoft.com/kb/310994
  2. At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop. If you are unsure what version of Windows you have and what Service Pack is installed, you can follow these instructions to gain that information.
    1. Click on the Start button.
    2. Click on the Run menu option.
    3. In the Open: field type the following: sysdm.cpl and then click on the OK button.
    4. A screen will appear showing information about your installation. Under the System: category you should see your Windows version and the installed Service Pack. When you are done determining this information continue with Step 2.
  3. Once the Microsoft file has finished downloading, you should drag it on top of the ComboFix icon and let your mouse button go. This is shown in the following image.
  4. ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once you have finished installing the Windows Recovery Console, please continue with the rest of the tutorial.

We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

Once you double-click on the icon, you may see a screen similar to the one below.

Windows Open File Security Warning
Windows Open File Security Warning

 

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue. If you are using Windows Vista, and receive UAC prompt asking if you would like to continue running the program, you should press the Continue button. You will now see the first ComboFix screen as shown below.

 

ComboFix is Preparing to Run
ComboFix is Preparing to Run

 

ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen shown below.

 

ComboFix Disclaimer
ComboFix Disclaimer

 

If you do not agree to the disclaimer, then press the number 2 key on your keyboard and then press enter to exit the program. Otherwise, to continue you should press the number 1 key and then press the enter key to continue. If you decided to continue, then ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

 

ComboFix is backing up the Windows Registry
ComboFix is backing up the Windows Registry

 

Once the Windows Registry has finished being backed up, ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

 

ComboFix is scanning the computer for infections
ComboFix is scanning the computer for infections

 

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

 

Stages of the ComboFix AutoScan
Stages of the ComboFix AutoScan

 

At the time of this writing there are a total of 41 stages as shown in the image below, so please be patient.

 

41st Stage of the ComboFix AutoScan
41st Stage of the ComboFix AutoScan

 

When ComboFix has finished running, you will see a screen stating that it is preparing the log report as shown below.

 

ComboFix is preparing the log report
ComboFix is preparing the log report

 

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. This can be seen in the image below.

 

ComboFix is almost done!
ComboFix is almost done!

 

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you as shown below.

 

ComboFix Log File
ComboFix Log File

 

You should now register an account at one of the forums listed below and copy and paste the above log file along with a HijackThis log into a new topic. When posting this information please also provide a description of the problems that you are having. When posting your log files, please be patient as these forums are very active and it could take some time before you receive a response. If you having problems connecting to the Internet after running Combofix, then please see this section.

It is possible that ComboFix, even on its first run, may have fixed the problems you are having. We strongly suggest that you still post your log at a forum as you most likely will have infections left over that a helper will need to analyze further.

….

Korang boleh skip step yang mana perlu mendownload Windows Recover Tools, iaitu step 1,2,3 dan 4. Sebelum mengaktifkan Combofix pastikan terlebih dahulu mematikan software antivirus pada komputer anda. setelah itu jalankan combofix tersebut. kalau ada masalah atau muskill ape ape ke macan biasa la leh email aku ataupon kalau urgent sangat boleh sms je kat aku.

Email: starbucks.cafe@gmail.com

Mobile No: 019-9460942

sumber asal dipetik dari : Bleeping Computer

February 7, 2008 - Posted by | Virus-Tech

6 Comments »

  1. […] Klik Kat Sini utk mengetahui cara cara nak remove virus haha.js , mawarvirus […]

    Pingback by virusmawar.js « Najib’Palace | February 7, 2008 | Reply

  2. […] example@example.com (roddy32) wrote an interesting post today onHere’s a quick excerptSetelah mencuba beberapa tools / anti virus software utk menghapuskan virus nie ( Haha.js , VirusMawar ). aku rasa ni tools yang paling mudah / senang dan tak sakit kepala. tapi kalau nak guna tools ni kena banyakkan bersabar sebab dia … […]

    Pingback by Haha.js | February 7, 2008 | Reply

  3. […] ariyako wrote an interesting post today on Haha.jsHere’s a quick excerptClose or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic. … […]

    Pingback by Spyware » Haha.js | February 7, 2008 | Reply

  4. […] bibby1 wrote an interesting post today onHere’s a quick excerptSetelah mencuba beberapa tools / anti virus software utk menghapuskan virus nie ( Haha.js , VirusMawar ). aku rasa ni tools yang paling mudah / senang dan tak sakit kepala. tapi kalau nak guna tools ni kena banyakkan bersabar sebab dia … […]

    Pingback by Anti Virus | February 7, 2008 | Reply

  5. […] Kat Sini utk mengetahui cara cara nak remove virus haha.js , mawarvirus […]

    Pingback by Najib’Palace » Blog Archive » virusmawar.js | March 7, 2008 | Reply

  6. gue xpam sangat sgt sal anti-virus nie…pecah kepala pki bnda nie.. dah la kne blaja SOFTWARE DEVELOPMENT.. susah gle r..

    Comment by ieka | March 17, 2008 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: