Kepada ahli group gunakan kaedah seperti dibawah ini...

Selamat berjaya.

As an alternative to using the tool is the following:

1.. Click on Start|Find|Files or Folders.

2.. Search for REGEDIT.EXE.

3.. Rename REGEDIT.EXE to REGEDIT.COM. (Since the worm maps all executable files to itself, you will need to do this to be able to run Regedit. After cleaning your system, you can rename this file back to its original name.)

4.. Run REGEDIT.COM.

5.. In the left panel of the Registry Editor, click on the "+" at left of the names to go to the registry below: HKEY_CLASSES_ROOT\exefile\shell\open\ command

6.. In the right panel, double-click on the entry with the data (Default) = "%systemdir%\WINSVRC.EXE"%1""%*" where %systemdir% is the Windows system directory; e.g., \WINDOWS\SYSTEM for Win 9x, and \WINNT\SYSTEM32 for NT/2K.

7.. In the Edit window that appears, delete the entire first part of the string, leaving behind "%1"%*".

8.. As in step 5, go to the registry entry below: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run

9.. Click on the entry below, then press "DELETE" Win32BaseServiceMOD = %systemdir%\WINSVRC.EXE

10.. Go to the registry entry below: HKEY_CURRENT_USER\Software\Navidad

11.. Delete this key.

12.. Reboot your system.

13.. Scan your systen with Trend antivirus and then delete all files detected as TROJ_NAVIDAD.A.

14.. Rename REGEDIT.COM back to REGEDIT.EXE.

Sumbangan :
Mohd Zamri
Ahli TranungKite e-Groups