Wednesday, 4 November 2009

How to Remove sdra64.exe

A few days ago,there was a trojan (new for me) spreading on our networks. Like another virus, that trojan makes the autoprotect from antivirus not stop running...another indication from this trojan infected is our computer keep on hibernating. This trojan attacked the network using an email--masks itself as a “Password Reset Confirmation Email,” appears to come from Facebook.

Wheww.., it's kinda hard to explain sumthing using english yahh..

Ketika komputer Anda terinfeksi trojan ini, terdapat sdra64.exe pada proses yang berjalan. Dan ketika Anda melihat pada sistem registry Anda:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -- lalu cari Userinit, terdapat:
C:\Windows\System32\Userinit.exe,C:\Windows\System32\sdra64.exe,
yang seharusnya:
C:\Windows\System32\Userinit.exe,

Jika Anda menghapus C:\Windows\System32\sdra64.exe, ketika di refresh, si trojan akan muncul kembali, dan merubah Userinit kembali menjadi seperti sedia kala.

Berikut langkah2 yang saya gunakan untuk membersihkan sdra64.exe=
- Download SUPERAntiSpyware
- Install dan update SUPERAntiSpyware
- Setelah itu, restart komputer dan masuk ke SafeMode
- Scan komputer dengan SuperAntiSpyware, sebelum scan, matikan system restore anda
- Setelah scan selesai, reboot komputer Anda
- Selesai.., gampang yah? ...
Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)