A virus is quite irritating to the nickname 'Luna Maya' has spread in Indonesia. This virus displays a message that seems to poke fun at fans of porn videos in Indonesia, with displays Pop Up saying "dasar !!" as the alert title and "Otak bokep.." as the entire alert.
The virus is also annoying. For instance, CD/DVD ROM will be kept open even though it was closed manually by the user.
Nicknamed 'Luna Maya' given to this virus because one of some virus files has a name LunaMaya.exe. The virus is detected as Suspicious_Gen2.LBTU by Norman Security Suite.
'Defuse' the Virus in "safe mode" * To enter the "safe mode", press the F8 key on the keyboard when the computer starts.
* On the Windows Advanced Options menu, you can choose the mode "safe mode" or can also "safe mode with networking and "command prompt" mode. In order to make it easier, just select "safe mode."
* Keep windows running until the confirmation window pops up use of "safe mode".
* Click the "Yes", to use the "safe mode" on the confirmation window.
Turn off the active virus in memory. * Use the Task Manager replacement tool in this case the use CurProcess. Download tools CurrProcess on the following link:
http://www.nirsoft.net/utils/cprocess.zip * Run CurrProcess, then locate the file viruses "Amoumain.exe". Left-click the virus file, then select the "Kill Selected Processes." If a virus file is missing, then close the window CurrProcess.
Fixing RegistryFix the registry which has modificated by the virus, then copy this script onto a Wordpad or Notepad file.
[Version]
Signature="$Chicago$"
Provider=Vektanova
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0
HKLM, SOFTWARE\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\system, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\explorer, NoRun
Save as
Luna Maya Repair.inf, then right-click the file and select 'Install". Then let the process until it finish.
Remove virus file "Luna Maya" with the following characteristics:
* Has the file type "Application"
* It has a file size of "37 kb"
* Having a MS Word file icon
Notes:
* To facilitate the search should use the Search function of Windows by using the filter files *.exe and *.inf and size 37 kb.
* Delete virus files which usually have the same modified date.
* Be sure to remove the main virus file like: Amoumain.exe, Luna Maya.exe, Love.exe, and nt.bat
* Log-off computers, then log in again. Reboot the PC is the recomended way.
