sysdate.exe

Baru-baru ni.. aku mendapat satu simpton pada sebuah laptop guru dimana selepas login window vista tiada paparan ikon dan taskbar pada screen. aku pada mulanya beranggapan window 2 corrupt. Selepas aku menyelidik pada task manager, aku mendapat satu process dinama sysdate.exe. aku pun buka laman pak cik google n search apa tu sysdate.exe. rupanya sysdate 2 akan hentikan apa-apa process pada startup. so dalam kes aku ni, sysdate dah hentikan process explorer.exe. sebab itulah komputer ni x leh keluar sebarang paparan. ni cara nak selesaikan masalah ini: (malas nak translate, aku paste aja)

Recently my computer was infected with this virus called Sysdate.exe that was inside the Recycler folder in the C: drive. I knew that it was a virus since my PC didn’t have the Recycler folder earlier. Thus the location of the virus was C:\RECYCLER\S-1-5-21-8324555943-4443154761-431384085-6428\sysdate.exe

Symptoms of this virus:

• In the Recycler folder there was another folder but in the looks of the Recycle Bin whose name was something like S-1-5-21-8324555943-4443154761-431384085-6428 and on double clicking it, I came across all the files which were there in the Recycle Bin.

• There was an entry in the Registry Editor named Taskman that came back again and again on deleting.

• There were no changes in the startup and task manager in my system but if there is any in yours then remove the process from startup and kill from task manager.

Note: Go to Folder Options -> View tab -> Check the option of Show hidden files and folders and uncheck the option of Hide Protected operating System Files.

Here are the steps how I removed the virus and fixed my problem.

1. First of all to see all the contents in the Recycler folder we need to change the attributes of the folder.

2. Open command prompt (by typing cmd in the Run box) and type

attrib C:\Recycler –r –h –s press enter.

Then again type attrib C:\Recycler\ S-1-5-21-8324555943-4443154761-431384085-6428 –r –h –s and press enter.

3. The shape and look of the folder will change from that of Recycle Bin to a normal Folder which will now show all the contents inside it.

4. There were two files inside the S-1-5-21-8324555943-4443154761-431384085-6428 folder, Sysdate.exe and Autorun.inf, both of which were undeletable.

5. Now to delete Recycler, S-1-5-21-8324555943-4443154761-431384085-6428, Autorun.inf and Sysdate.exe files, first kill the explorer.exe process from the task manager.

6. Your Explorer will shut down but Task Manager would be still running. Now go to File -> New Task. Click on Browse

7. Go to the Recycler folder in this browse function and Shift Delete the Sysdate.exe and Autorun.inf files there, they will get easily deleted and will come back.

8. Then delete the Recycler folder as well.

9. After you have done with removing the Viruses, type explorer.exe in the new task section which will bring the explorer running again.

10. Type regedit in the Run box to open Registry Editor, navigate to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and delete the Taskman key in the right pane.

Refresh to see if it comes again. If it does not come again, your virus will have been removed.

11. If your computer has more than one user then navigate to HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and edit the Shell key on right side. Edit it to remove the C:\Recycler\ S-1-5-21-8324555943-4443154761-431384085-6428 value.

The value should be only Explorer.exe

Restart the computer to see the virus removed.

I did all the above steps on more than one PC and it worked on each of them.

rujukan dari : http://techsalsa.com/remove-sysdateexe-virus/