You Want to know if your PC have this Virus. Simply click Start-Run then type CMD then hit "ENTER" if your computer Shutdown then your computer has a Virus. This Malware Content of some Files named, JBLCF_Scandal.exe and pc-off.bat and it cannot be seen because it is in Hidden in your Windows directory and the last is Autorun.inf. Look the Codes Below how JBLCF_Scandal.exe Affect on your Computer When you Enable Autorun or Double Click the USB Pen Drive that has a Virus.
[autorun]
open="JBLCF_Scandal.exe %1"
shell\Open\command="JBLCF_Scandal.exe %1"
shell\Explore\command="JBLCF_Scandal.exe %1"
The Effect of this Malware is to disable your registry and locked your Homepage also your Folder Option that it cannot be Edit to "Show all hidden Files and Folders", it also Shutdown your Pc if any Programs run or link the CMD file or Command Prompt. To Help, I Create a Simple Steps To Delete this Stupid Malware but first you must turn off System Restore before doing the steps.
Follow the steps to delete Malware named JBLCF_Scandal.exe and pc-off.bat
1. To see if ther's a malware Open Task Manager in Processes Tab find the file JBLCF_Scandal.exe then press End Process. Or Right click in your Desktop create New WinRAR archive. If you dont have Winrar Click Here to Download or if you had already Open Winrar and go to Windows directory and find if ther's a 2 files i mention lastly. Why i want you to download WinRar, Beacuse this WinRar not only use for Extract and compile but you can also use to View your Hidden files and you dont need any hidden Software Viewer.
2. Because this malware Disable Registry Tools you cannot Edit Registry, To Edit Registry, Start-Run and Type GPEDIT.MSC in "User Configuration" click "Administrative Templates" then click "System" and "Find Prevent access to registry editing tools" then choose "Disable" then apply. Now you can Edit Registry.
3. Its also Disable your Folder Option to "Show Hidden Files and Folders". So that user cannot find and delete this malware. To Enable, Copy the Code Below and paste it in your text Editor(NotePad) and Save as *.reg file then Apply. Note: HKEY's Must be in Single Line. See the image below or click to enlarge.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"CheckedValue"=dword:00000002
"DefaultValue"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
"DefaultValue"=dword:00000001
4. Now You can Use Folder Option To view Hidden Files and Folders,Open MyComputer in Tool Bar Open Folder Option,in Tab area click View then follow the image below then apply.
.....Tips On How To delete Reg keys with out searching in Reg directories...
To delete a registry value with a .reg file, put a hyphen (-) after the equals sign following the DataItemName in the .reg file. For example, to delete the "Autorun" registry value from the following registry key:(Copy the code below and save as AutoDel.reg)
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"autorun"=-
Note: This "AutoDel.Reg" File Delete the Message in your Command Prompt (CMD) "'C:\WINDOWS\pc-off.bat' is not recognized as an internal or external command,operable program or batch file.
Look like this:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
'C:\WINDOWS\pc-off.bat' is not recognized as an internal or external command,operable program or batch file.
5. If you finnished the Step 4, Go to Windows and Find the 2 files named JBLCF_Scandal.exe and pc-off.bat and Change Each file properties or Uncheck the Read-Only File and Hidden File. See the Image Below then apply in pc-off.bat also.
6. Now you can safely delete the 2 files JBLCF_Scandal.exe and pc-off.bat but we not done yet. Click Start-Run and type PREFETCH and delete all the file inside the prefetch directory and the final step is Run the MSCONFIG and Hit ENTER. In Tab Section click Startup and click Disable All then Apply. Restart Your PC and Your Done!... Now try to run cmd if your computer wont shutdown means you Succeeded in deleting the malware. back to step 4 check the 2 boxes you uncheck before and apply because you dont need that any more and it can cause file to rename and damage because of extension open source and not hide so bring it back to normal for safe dont forget to create a system restore point.......
Subscribe in a reader
