Enter your Keyword, Search here,

Manual Removal of W32.Sality.aa Trojan

Manual Removal of W32.Sality.aa Trojan
W32/Sality-AA is a virus that also acts as a keylogger.
The virus logs keystrokes to certain windows, as well as information about the infected computer.
This logged data is periodically submitted to a remote website.
W32/Sality-AA has been seen spreading itself via email by piggy-backing on W32/Netsky-T.
Aliases: Virus.Win32.Sality.aa (Kaspersky), Virus:Win32/Sality.AM (Microsoft), W32/Sality.ah (McAfee)
Type of infiltration: Virus/Trojan
Size: Variable
Affected platforms: Windows
Short description: Win32/Sality.NAR is a polymorphic file infector.
Damage Level : Highly Dangerous / Severe
Distribution Level: High/Medium
Auto Removal Tool for W32.Sality.aa Trojan
W32 Sality Remover Download
W32.Sality.aa Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • %System%\amvo.exe
  • %System%\blastclnnn.exe
  • %System%\scvhsot.exe 
  • %Temp%\00055a0e_rar\scvhsot.exe
  • %Temp%\000592b2_rar\scvhsot.exe
  • %Temp%\0005934e_rar\hinhem.scr
  • %Temp%\0005938d_rar\blastclnnn.exe
  • %Windir%\hinhem.scr
  • %Windir%\scvhsot.exe
  • c:\rdsfk.com
  • %System%\drivers\.sys
  • %temp%\win%name%.exe
  • %temp%\%name%.exe
  • %Program files\DriveGuard\ [ Delete Folder and Contents ]
  • Usb Drive: %\system\Driveguard\
    If you have any of these files in running process from task manger, end the process before removal.
    Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
    Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.


    Kill the following processes if running and delete the appropriate files:
    antzom.exe, ax.exe, bomryuc.dll    , drlbqse.dll, egjjen.sys, fmgonn.sys, hehmu.sys, hsgfrn.sys, idlrrh.sys, impnn.sys, jnjpvn.sys, loader174.exe, mAO3q2B7r6.exe, mm2emt.exe, ogmkmn.sys, omdftn.sys, vwservice.exe, vwsrv.exe, vwsrv[1].exe, win13652.dll, win21309.dll, win25709.dll, win27388.dll, win28610.dll, win29788.dll, win3096.dll, win31324.dll, win33848.dll, win35482.dll, win36587.dll, win37763.dll, win40320.dll, win40346.dll, win44025.dll, win46721.dll, win48684.dll, win63279.dll, win7320.dll, windjnvr.exe, winibqs.exe, winjepm.exe, winkrqpx.exe, winkxggjh.exe, winnmswkj.exe, winrlwmt.exe, winxotbiy.exe, wmdrtc32.dll, wmdrtc32.dl_, x1001[1].exe, x2000[1].exe, x2007.exe, x2011.exe, x2011[1].exe, x3000[1].exe, ywsnkhb.dll

    W32.Sality.aa Trojan Spreading on removable media and System - Removal
    The virus copies itself into the root folders of removable drives using a random filename. The filename has one of the following extensions:
    .exe
    .pif
    .cmd
    example: fsto.pif, jclhuf.exe, h.cmd
    The following file is dropped in the same folder:
    autorun.inf
    Thus, the virus ensures it is started each time infected media is inserted into the computer.
    A New Program will install in %\Program Files\DriveGuard\Driveprotect.exe
    To delete that folder,
    Open Task manager, End the process explorer.exe
    then goto file>New Task
    then type cmd, press enter key then the command prompt will open,
    type cd\ to get C:\
    then type:" cd program files " press enter, (without quotes)
    to delete the folder,     type:" rd Driveguard "
    type:" shutdown -r -t 0 to restart your pc "

    W32.Sality.aa Trojan Unregister DLL Files Using Windows Command Prompt
    • To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
    • Type "cd" in order to change the current directory,
    • Press the "space" button, enter the full path to where you believe the Program DLL file is located press the "Enter" button on your keyboard.
    • If you don't know where Program DLL file is located, use the "dir" command to display the directory's contents.
    • To unregister a "Program" DLL file,
    • Type in the exact directory path + "regsvr32 /u" + [ DLL_NAME ]
    • Example [ C:\Windows\System\ regsvr32 /u name.dll ] and press the "Enter" button.
    • A message will pop up that says you successfully unregistered the file.
    W32.Sality.aa Trojan Manual Removal From Registry
    Click Start, Run,Type regedit,Click OK.
    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
    • Download and run this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ] and then continue with the removal.
    • Save it to your Windows desktop. Do not run it at this time, download it only.
    • After booting into the Safe Mode or VGA Mode.
    • Right-click the UnHookExec.inf file and click Install.
    • [This is a small file. It does not display any notice or boxes when you run it.]
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    “GlobalUserOffline” = 0
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system
    “EnableLUA” = 0
    The following Registry entries are deleted:
    HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    HKEY_CURRENT_USER\System\CurrentControlSet\Control\SafeBoot
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot

    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2dd611c-0b40-11dc-bf14-0019d1772ee2}
    AutoRun\command- System\DriveGuard\DriveProtect.exe -run
    Explore\Command- System\DriveGuard\DriveProtect.exe -run
    Open\Command- System\DriveGuard\DriveProtect.exe -run

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aouei
    Key: CLSID\{1CE21416-0B8D-8CF6-1FCB-099B30C628BB}\InprocServer32
    Value: ThreadingModel
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_VWSERVICE
    Value: NextInstance
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: Class
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000\Control
    Value: ActiveService
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwservice
    Value: DisplayName
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwservice\Enum
    Value: Count
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwservice\Security
    Value: Security
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32
    Value: Type
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32
    Value: Start
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32
    Value: ErrorControl
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32
    Value: ImagePath
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32
    Value: DisplayName
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32\Security
    Value: Security
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32
    Value: NextInstance
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000\Control
    Value: *NewlyCreated*
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: Service
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: Legacy
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: ConfigFlags
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: Class
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: ClassGUID
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: DeviceDesc
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum
    Value: 0
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum
    Value: Count
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum
    Value: NextInstance
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_NDISFILESERVICES32\0000\Control
    Value: ActiveService

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    Value: d
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    Value: {06DB7430-7430-6DB1-306D-430DB4306DB1}
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\NdisFileServices32
    Value: ImagePath
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\NdisFileServices32
    Value: DeleteFlag
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\NdisFileServices32
    Value: ImagePath
    HKEY_CURRENT_USER\Software\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: ClassGUID
    HKEY_CURRENT_USER\Software\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: DeviceDesc
    HKEY_CURRENT_USER\Software\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: Service
    HKEY_CURRENT_USER\Software\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: ConfigFlag
    HKEY_CURRENT_USER\Software\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: Legacy
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice
    Value: ImagePath
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice
    Value: ObjectName
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice
    Value: ErrorControl
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice
    Value: Start
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice
    Value: Type
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice
    Value: FailureActions
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice\Enum
    Value: NextInstance
    HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice\Enum
    Value: 0
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    Value: s
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    Value: f
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    Value: d
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    Value: f
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    Value: d
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    Value: s
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    Value: Start Page
    _+ Any of the Above Listed Files +_

    Search Registry For Virus File Names listed above to remove completely,
    Edit Menu - Find    , enter Keyword and remove all value that find in search    .

    Exit the Registry Editor,
    Restart your Computer.

    Recommended Removal Tools:
    Killbox (Freeware)
    Written by: 5 comments :
    Tags: , , , , , ,

    Manual Removal of W32/AutoIt.HI Trojan

    Manual Removal of W32/AutoIt.HI Trojan
    W32/AutoIt.HI is a Trojan. The trojan will infect Windows systems.
    The trojan may be dropped by other malware or may be downloaded from remote website by other malware.
    This trojan first appeared on December 11, 2008.
    Other names of W32/AutoIt.HI Trojan:
    This trojan is also known as Win32.Autoit.hi, Worm/Autoit.HAA.
    Damage Level : High/Medium
    Distribution Level: Unknown
    There is NO Auto Removal Tool for W32/AutoIt.HI Trojan
    Trojan Manual Removal Instructions
    Recommend Removal from Safe Mode:
    How to Start in Safe mode:
    Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
    The Infected Files Can be Seen in these folders and names also Running in Tasks
    End the Following Active Process Before Removal
    • %System32\csrcs.exe

      • If you have any of these files in running process from task manger, end the process before removal.
      • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
      • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
    Trojan Entries Manual Removal From Registry
    Click Start, Run,Type regedit,Click OK.
    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
    • Download this UnHookExec.inf, and then continue with the removal.
    • Save it to your Windows desktop.
    • Do not run it at this time, download it only.
    • After booting into the Safe Mode or VGA Mode
    • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    csrcs.exe
    _+ Any of the Above Listed Files +_

    Search Registry For Virus File Names listed above to remove completely,
    Edit Menu - Find    , enter Keyword and remove all value that find in search.

    Exit the Registry Editor,
    Restart your Computer.

    Recommended Removal Tools:
    Killbox (Freeware)
    Written by: No comments :
    Tags: , , , , , ,

    Manual Removal of W32/UltimateAntivirus.CQ Trojan

    Manual Removal of W32/UltimateAntivirus.CQ Trojan
    W32/UltimateAntivirus.CQ is aTrojan. The trojan will infect Windows systems.
    The trojan may be dropped by other malware or may be downloaded from remote website by other malware.
    This trojan first appeared on December 10, 2008.
    Other names of W32/UltimateAntivirus.CQ Trojan:
    This trojan is also known as TROJ_RENOS.HQ, FakeAlert-AB.
    Damage Level : High/Medium
    Distribution Level: Unknown
    There is NO Auto Removal Tool for W32/UltimateAntivirus.CQ Trojan
    Trojan Manual Removal Instructions
    Recommend Removal from Safe Mode:
    How to Start in Safe mode:
    Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
    The trojan installs itself as a software and scans the system. Once scanning is completed it takes to a website for registration
     
    Shows Warning " Antivirus 2009 is Inable, Need to be Licensed, It will Cheat You and Force you to buy license.

    The Infected Files Can be Seen in these folders and names also Running in Tasks
    End the Following Active Process Before Removal
    • %System32\MicroAV.cpl
    • %Program Files\Micro Antivirus 2009\MicroAV.exe
    • %Documents and Settings\Bleeping\Desktop\Ultimate Antivirus.lnk
    • %Program Files\UAV
    • %Program Files\UAV\uav.cpl
    • %Program Files\UAV\uav.exe
    • %Program Files\UAV\uav0.dat
    • %Program Files\UAV\uav1.dat
    • %WINDOWS\system32\uav.cpl
    • If you have any of these files in running process from task manger, end the process before removal.
    • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
    • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
    Trojan Entries Manual Removal From Registry
    Click Start, Run,Type regedit,Click OK.
    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
    • Download this UnHookExec.inf, and then continue with the removal.
    • Save it to your Windows desktop.
    • Do not run it at this time, download it only.
    • After booting into the Safe Mode or VGA Mode
    • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
    HKEY_CLASSES_ROOT\.key
    HKEY_CURRENT_USER\Software\AntiVirus
    HKEY_CURRENT_USER\Software\UAV
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    "Antivirus"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "Antivirus"

    _+ Any of the Above Listed Files +_

    Search Registry For Virus File Names listed above to remove completely,
    Edit Menu - Find    , enter Keyword and remove all value that find in search.
    Exit the Registry Editor,
    Restart your Computer.

    Recommended Removal Tools:
    Killbox (Freeware)
    Written by: No comments :
    Tags: , , , ,

    Manual Removal of W32/Druzgl.D, W32.SillyFDC Worm

    Manual Removal of W32/Druzgl.D Worm.
    W32/Druzgl.D is a worm. The worm will infect Windows systems.
    This worm first appeared on December 9, 2008.
    Other names of W32/Druzgl.D Worm:
    This Worm is also known as Win32.Druzgl.d, W32.SillyFDC.
    Damage Level : High/Medium
    Distribution Level: Unknown    /Low
    No Auto Removal Tool for W32/Druzgl.D Worm
    Worm Manual Removal Instructions
    Recommend Removal from Safe Mode:
    How to Start in Safe mode:
    Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
    The Infected Files Can be Seen in these folders and names also Running in Tasks
    End the Following Active Process Before Removal
    When W32.SillyFDC is executed, it may copy itself to the following folder locations:
    • %Program Files\Microsoft Common\wuauclt.exe
    • %System%
    • %Windir%
    • %Temp%
    • %UserProfile%
    • %ProgramFiles%
    • %SystemDrive%
    • %CommonProgramFiles%
    • %CurrentFolder%
    Using any of the following file names with a .com or .exe extension:
    1. password_viewer.exe
    2. CALC or calc
    3. mscalc.exe
    4. startupfolder
    5. config_
    6. startupfolder.com
    7. config_.com
    How to Delete the Autorun.inf files

    Go to Start > Run, type "cmd"
    At the command prompt, type "cd\", this will change to C:\
    Type "attrib" (C:\>attrib), it will display files with attributes. Take note on attribute of autorun.inf.
    Usually it has SHR.(System, Hidden, Read Only)
    Type “attrib -s -h -r C:\autorun.inf”, it will remove System, Hidden and Read-Only attribute
    Type "edit autorun.inf" it will open DOS Editor and display contents as follows

    ---
    [autorun]
    open=file.exe
    shell\Open\Command=file.exe
    shell\open\Default=1
    shell\Explore\Command=file.exe
    shell\Autoplay\command=file.exe
    ---

    Take note of the file/path that it runs.
    Ex: open=file.exe where file.exe is the filename of the file that autoruns.
    Exit DOS Editor.

    Back at the command prompt type "attrib -s -h -r file.exe", where file.exe is the file that was called on DOS editor to autorun.
    Ex: C:\>attrib -s -h -r file.exe.
    If it is located on different directory include the path.
    Ex: C:\>attrib -s -h -r c:\Windows\file.exe

    Type "del file.exe". If it is located on different directory include the path.
    Ex: C:\>del c:\Windows\file.exe
    Type "del autorun.inf"
    Type "del c:\Windows\autorun.inf
    Type "del c:\Windows\password_viewer.exe
    Type "del c:\Douments and Settings\(Your User Name)\Local Settings\Application Data\Microsoft\CD Burning\autorun.inf
    Exit command prompt by typing "exit"
    • If you have any of these files in running process from task manger, end the process before removal.
    • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
    • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
    Manual Removal From Registry
    Click Start, Run,Type regedit,Click OK.
    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
    • Download and run this UnHookExec.inf, and then continue with the removal.
    • Save it to your Windows desktop. Do not run it at this time, download it only.
    • After booting into the Safe Mode or VGA Mode.
    • Right-click the UnHookExec.inf file and click Install.
    • [This is a small file. It does not display any notice or boxes when you run it.]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"load"
    Delete any values associated with the worm (Value name Above Listed File Names)

    Search Registry For Virus File Names listed above to remove completely,
    Edit Menu - Find    , enter Keyword and remove all value that find in search.

    Exit the Registry Editor,
    Restart your Computer.

    Recommended Removal Tools:
    Killbox (Freeware)
    Written by: No comments :
    Tags: , , , , , , ,

    Manual Removal of W32/Inject.DK Trojan

    Manual Removal of W32/Inject.DK Trojan
    W32/Inject.DK is a Trojan. The Trojan will infect Windows systems.
    This Trojan first appeared on December 8, 2008.
    Other names of W32/Inject.DK Trojan:
    This Trojan is also known as Win32.Inject.kxs, Troj/Inject-DK.
    Damage Level : High/Medium
    Distribution Level: Unknown
    There is NO Auto Removal Tool for W32/Inject.DK Trojan
    Trojan Manual Removal Instructions
    Recommend Removal from Safe Mode:
    How to Start in Safe mode:
    Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
    The Infected Files Can be Seen in these folders and names also Running in Tasks
    End the Following Active Process Before Removal
    • %System32\msw32prt.exe
      • If you have any of these files in running process from task manger, end the process before removal.
      • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
      • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
    Manual Removal From Registry
    Click Start, Run,Type regedit,Click OK.
    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
    • Download and run this UnHookExec.inf, and then continue with the removal.
    • Save it to your Windows desktop. Do not run it at this time, download it only.
    • After booting into the Safe Mode or VGA Mode.
    • Right-click the UnHookExec.inf file and click Install.
    • [This is a small file. It does not display any notice or boxes when you run it.]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components_+ Any of the Above Listed Files +_

    Search Registry For Virus File Names listed above to remove completely,
    Edit Menu - Find    , enter Keyword and remove all value that find in search.

    Exit the Registry Editor,
    Restart your Computer.

    Recommended Removal Tools:
    Killbox (Freeware)
    Written by: No comments :
    Tags: , , ,

    Manual Removal of W32/LdPinch.ABVF Trojan

    Manual Removal of W32/LdPinch.ABVF Trojan
    W32/LdPinch.ABVF is a Trojan. The Trojan will infect Windows systems.
    This Trojan first appeared on December 5, 2008.
    Other names of W32/LdPinch.ABVF Trojan:
    This Trojan is also known as PWS-LDPinch, Trojan-PSW.Win32.LdPinch.abvf.
    Damage Level : High/Medium
    Distribution Level: Unknown
    There is NO Auto Removal Tool for W32/LdPinch.ABVF Trojan
    Trojan Manual Removal Instructions
    Recommend Removal from Safe Mode:
    How to Start in Safe mode:
    Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
    The Infected Files Can be Seen in these folders and names also Running in Tasks
    End the Following Active Process Before Removal
    • %Program files\wuauclt.exe
      • If you have any of these files in running process from task manger, end the process before removal.
      • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
      • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
    Manual Removal From Registry
    Click Start, Run,Type regedit,Click OK.
    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
    • Download and run this UnHookExec.inf, and then continue with the removal.
    • Save it to your Windows desktop. Do not run it at this time, download it only.
    • After booting into the Safe Mode or VGA Mode.
    • Right-click the UnHookExec.inf file and click Install.
    • [This is a small file. It does not display any notice or boxes when you run it.]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
    File Execution Options
    _+ Any of the Above Listed Files +_

    Search Registry For Virus File Names listed above to remove completely,
    Edit Menu - Find    , enter Keyword and remove all value that find in search.

    Exit the Registry Editor,
    Restart your Computer.

    Recommended Removal Tools:
    Killbox (Freeware)
    Written by: No comments :
    Tags: , , , ,

    More Posts that you may be interested...