Remove Virus Ninja Hokage

1. Turn off "System Restore" before do cleaning (Windows XP System)
2. Turn off any file like "Rin.exe, Obito.exe, KakashiHatake.exe and Hokage4.exe" at Task manager.
3. Open Regedit.exe, delete registry that was created by VBWorm.gen16.

* For easy cleaning the process, you can copy the below script and paste at notepad, than save as "repair.inf". Then right click "repair.inf" -> choose "Install".



[Version]
Signature="$Chicago$"
Provider=Vaksincom Naruto
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NOFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NORun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Hokage 4
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Kakashi Hatake
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Obito Uchiha
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Rin

4. Find and delete any file was created by virus. You can use "Search Windows" to save your time while finding the file. Before you cleanup the virus file, you may show the hidden file using this method:

- Open Windows Explorer
- Click "Tools" menu, then click "Folder Options"
- At "Folder Options" dialog, click "View" tab.
- Scroll down and you will find "Hidden files and folders" option, uncheck "Hide extensions for known file types" option and uncheck "Hide protected operating system files (recomended)" option too.
- Click "Ok" when finish.

To find and cleanup the file, you can use this method:

- Click "Start" button.
- Click "Search", then click "For Files or Folders"
- After the dialog "Search Result" appear, click "All files and folders" menu.
- Then at "All or part of the file name" type *.EXE
- At "Look in", you must be sure the drive was choosed.
- Then click "What size is it", choose "Specify size (in KB)" option.

* choose "at most"
* type size with "42"

- Click "More Advanced option", then choose

* Searh system folders
* Search hidden files and folders
* Search subfolders

- Now click "Search" to process search.
- When finish search, delete all file that have 42 KB size, type "Application" with extention .EXE.

5. Then delete file desktop.ini, folder.htt, Autorun.inf and anbu.txt at flash drive.

6. For maximal cleaning, you must use AntiVirus with up-to-date engine.

7. Turn off the Autoplay function to non-execute virus file when you insert flash drive.

8. Or you can use this simple step to block the virus while active at memory, write the script below and save as RemoveHokage.reg. Then execute the file.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HOKAGE4.exe]
"Debugger"="cmd.exe /c del"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HokageFile.exe]
"Debugger"="cmd.exe /c del"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KakashiHatake.exe]
"Debugger"="cmd.exe /c del"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rin.exe]
"Debugger"="cmd.exe /c del"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Obito.exe]
"Debugger"="cmd.exe /c del"


Submit by Kokphing
Previous
Next Post »