STYA virus, I have to say this virus quite annoying! Over the last few week's a lot of notebook in my office infected by this virus. It spread really fast, specially if we are using flash drive. Above picture show us that windows already infected by stya virus, you can directly check your time information. The original text beside the clock it suppose to be PM/AM, but if your infected it changed to stya.
Stya virus basically ( as far as i know ) only limiting Windows administrator account to manage function such as Registry, Task Manager, Network Neighbourhood and Startup Config. For me, I use that function quite often. This is one of the reason why I have to find the solution, while my office antivirus which is Symantec Antivirus are unable to detect this virus.
Since i cannot find information about stya virus a lot in the Internet, I've decided to track by my self what is the script/application/startup program that suspicious ( I just use my instinct :P ) running on my Windows. Below are the steps, for your information my Windows function normaly after removing the virus.
1. Disable startup service of STYA.vbs using gpedit.msc. If you find it you're unable to run the file, just right click and use "Run As.." ( Choose your Local Computer Administrator ). There are three service that need to be disabled : stya.vbs, stya.bat,boot.bat.
2. After step one, restart computer and re-login using administrator account. Make sure that no stya virus service running. Delete stya files that located in this directory :
a) C:/Stya.vbs
b) C:/windows/Stya.vbs
c) C:/windows/Boot.bat
d) C:/windows/Stya.bat
Stya virus basically ( as far as i know ) only limiting Windows administrator account to manage function such as Registry, Task Manager, Network Neighbourhood and Startup Config. For me, I use that function quite often. This is one of the reason why I have to find the solution, while my office antivirus which is Symantec Antivirus are unable to detect this virus.
Since i cannot find information about stya virus a lot in the Internet, I've decided to track by my self what is the script/application/startup program that suspicious ( I just use my instinct :P ) running on my Windows. Below are the steps, for your information my Windows function normaly after removing the virus.
1. Disable startup service of STYA.vbs using gpedit.msc. If you find it you're unable to run the file, just right click and use "Run As.." ( Choose your Local Computer Administrator ). There are three service that need to be disabled : stya.vbs, stya.bat,boot.bat.
2. After step one, restart computer and re-login using administrator account. Make sure that no stya virus service running. Delete stya files that located in this directory :
a) C:/Stya.vbs
b) C:/windows/Stya.vbs
c) C:/windows/Boot.bat
d) C:/windows/Stya.bat
3. To recover several windows service that been blocked by the virus, we can use a small tool called Smart Virus Remover. It can restore default settings of windows original configuration.
0 comments:
Post a Comment