Friday, May 8, 2009

Surabaya (81u3f4nt45y - 24.01.2007 -Surabaya) At Booting

It's a spyware that often comes up during booting, exactly before the welcome screen appears. For the welcome screen to come up you are prompted by Surabaya warning window - a bar displaying some information about the Surabaya. Among them is Surabaya in my birthday. It tells you to click Ok so that you can be able to continue to booting up your system. 

The worm has an Indonesia origin. Nobody really knows where it came from in Indonesia but, most people are speculating it to come from Surabaya which is  the second largest city in Indonesia. The virus is appalling and dangerous to the efficient operating of your system. It is ready to change your hard disk icon to document settings and add others unknown folders to it. Usually, it would add itself to the list of folders in the C drive. If should any case deleted they will return back after sometime to the exact same place where they have been deleted from. It behaves almost like a worm yet is a spyware that threaten the very exist of your important files.

  An exampl of the Surabaya warning display screen above.

There is a possible way to remove this disturbing files from your system without damaging your important files. One thing is for sure that most virus scans cannot locate all the files belong to this virus but a total remover is possible with manual debugging. For that simple reason it advisable to do it manually as follows:

Step 1: Go to Start -->Run-->type regedit-->click OK . The registry editor will appear.

Step 2: In the registry editor click on HKEY_LOCAL_MACHINE -->SOFTWARE--> Microsoft-->Windows NT-->Current Version-->WinLogon. Look closely to your left hand side of the registry editor and look for LegalNoticeCaption and delete it. Next look also for LegalNoticeText and delete it.

Step 3: In your computer registry editor click Edit-->Find-->in the Find bar type Surabaya and click OK.

Step 4: The location of any file that belong to Surabaya will be displayed for you. Delete any of them by right-clicking on the file on the dropdown menu and move on to delete it .

Step 5: After deleting all the files with the name Surabaya, go to HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> Current Version --> Explorer -->Advanced --> Folder --> Hidden --> Show All. On the right hand side of your registry editor search for CheckedValue and rightclick on it. Move your cursor to Modify which is the first one on the dropdown menu list and change the value from "0 " to "1".

Step 6: Go to Edit-->Find-->type Surabaya. If it returns any thing related to Surabaya you have to delete it.

Step 7: Click File --> Exit to close the registry editor.

Step 8: Do a system restore to a time when your computer operates at it best. And, restart your system.

Note: Do not do a system restoration until you finished with the debugging of the Virus rather spyware less you might restore back the Surabaya . Most especially when you don't have a restoration point in your system - just restart.