Manual Removal of W32/Magania.AWRS Trojan

Manual Removal of W32/Magania.AWRS Trojan

W32/Magania.AWRS is a trojan. The trojan will infect Windows systems.
This trojan first appeared on March 19, 2009.
Other names of W32/Magania.AWRS Trojan:
This trojan is also known as WORM_MYTOB.KB,TrojanGameThief.Magania.awrs

Damage Level : Medium/High
Distribution Level: Medium

No Removal Tool for W32/Magania.AWRS Trojan
W32/Magania.AWRS Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

• [ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Magania.AWRS Trojan Known File Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]

• %Windows\System\kacsde.exe
• %Windows\System\uret463.exe
  [ Known Creating File(s) Names -%System%\uret463.exe, %Temp%\23ft.exe, 1brfrip.exe, 23ft.exe, 6vu680.com, 8q6h.exe, 9b8kmipy.com, dgf.exe, e00233it.com, gnwav.exe, gxul.com, i2.com, jg.com, mt.com, ono60.exe, p8ihdw.exe, tt.com, ud.exe, v9l1l.com, xc.exe, y319s.exe ]
• %Windows\System\godert0.dll
  If you have any of these files in running process from task manger, end the process before removal.
  Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
  Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
  

W32/Magania.AWRS Trojan Entries Manual Removal From Registry

Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.

• Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
  and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only.
• After booting into the Safe Mode or VGA Mode
• Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

The W32/Magania.AWRS Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

Delete The Entries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete file entry from right side

Search Registry For W32/Magania.AWRS Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,

Restart your Computer.

Recommended Removal Tools:

Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)

Killbox (Freeware)

Ultimate Links PC Tips™

Manual Removal of W32/AutoRun.DMI Worm

Manual Removal of W32/AutoRun.DMI Worm

W32/AutoRun.DMI is a worm. The worm will infect Windows systems.
This Worm first appeared on March 19, 2009.
Other names of W32/AutoRun.DMI Worm:
This Worm is also known as WORM_AUTORUN.DMI

Damage Level : Medium/High
Distribution Level: Medium

No Removal Tool for W32/AutoRun.DMI Worm
W32/AutoRun.DMI Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

• [ Kill the Process, Use Killbox if your Access Denied ]

Download W32/AutoRun.DMI Worm Known File Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]

• %Program Files\Common Files\SafeSys.exe [ May be H- Attribute (Hidden) ]
  
• %Program Files\ufvvs.bak [ May be H- Attribute (Hidden) ]
  If you have any of these files in running process from task manger, end the process before removal.
  Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
  Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
  

W32/AutoRun.DMI Worm Entries Manual Removal From Registry

Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.

• Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
  and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only.
• After booting into the Safe Mode or VGA Mode
• Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

The W32/AutoRun.DMI Worm modifies registry at the following locations to ensure its automatic execution at every system startup:

Delete The Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete SafeSys.exe entry from right side

Search Registry For W32/AutoRun.DMI Worm File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,

Restart your Computer.

Recommended Removal Tools:

Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)

Killbox (Freeware)

Ultimate Links PC Tips™

Manual Removal of W32/Merond.A Worm

Manual Removal of W32/Merond.A Worm

W32/Merond.A is a worm. W32/Merond.A is an Email worm. The worm arrives as an infected attachment through emails. It also spreads through network and removable media.
This Worm first appeared on March 18, 2009.
Other names of W32/Merond.A Worm:
This Worm is also known as W32.Merond.A Worm

Damage Level : Medium/High
Distribution Level: Medium

No Removal Tool for W32/Merond.A Worm
W32/Merond.A Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

• [ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Merond.A Worm Known File Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]

• %Windows\System\javaqs.exe [ May be H- Attribute ]
  
• %Windows\System\javaupd.exe [ May be H- Attribute ]
  If you have any of these files in running process from task manger, end the process before removal.
  Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
  Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
  

W32/Merond.A Worm Entries Manual Removal From Registry

Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.

• Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
  and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only.
• After booting into the Safe Mode or VGA Mode
• Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

The W32/Merond.A Worm modifies registry at the following locations to ensure its automatic execution at every system startup:

Delete The Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Delete javaqs.exe/javaupd.exe entry from right side

Search Registry For W32/Merond.A Worm File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,

Restart your Computer.

Recommended Removal Tools:

Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)

Killbox (Freeware)

Ultimate Links PC Tips™

Manual Removal of W32/FakeVir.LC Trojan

Manual Removal of W32/FakeVir.LC Trojan

W32/FakeVir.LC is a trojan. The trojan will infect Windows systems.
This trojan first appeared on March 17, 2009.
Other names of W32/FakeVir.LC Trojan:
This trojan is also known as W32/FakeVir.LC Trojan

Damage Level : Medium/High
Distribution Level: Medium

No Removal Tool for W32/FakeVir.LC Trojan
W32/FakeVir.LC Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

• [ Kill the Process, Use Killbox if your Access Denied ]

Download W32/FakeVir.LC Trojan Known File Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]

• %Program Files\MediaSystem
• %Program Files\MediaSystem\1.gif
• %Program Files\MediaSystem\wall.html
• %Program Files\MediaSystem\wmptray.exe
  If you have any of these files in running process from task manger, end the process before removal.
  Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
  Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
  

W32/FakeVir.LC Trojan Entries Manual Removal From Registry

Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.

• Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
  and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only.
• After booting into the Safe Mode or VGA Mode
• Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

The W32/FakeVir.LC Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

Delete The Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete wmptray.exe entry from right side

Search Registry For W32/Wincod Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,

Restart your Computer.

Recommended Removal Tools:

Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)

Killbox (Freeware)

Ultimate Links PC Tips™

Vista Tips - Using BitLocker Drive Encryption with a USB Storage Device

If your computer does not have a compatible TPM chip, you can still use BitLocker Drive Encryption with a USB storage device.

However, Microsoft has recently decided to hide this option from users. A local group policy change must be made to turn this option back on.

1. Click the Start button, type gpedit.msc in the run command or search box, and press Enter.
2. When the Group Policy editor has loaded
   • Navigate through Computer Configuration
   • Administrative Templates
   • Windows Components
   • BitLocker Drive Encryption
   • Right-click Control Panel Setup: Enable advanced startup options and select Properties.
3. Select the Enabled option and click OK.

You can now use a USB storage device with BitLocker Drive encryption again

Vista Tips - Secure the Administrator account

The Administrator account is the most important account on the computer because it has the highest permissions and can do anything it wants to the configuration and settings of your computer.

Securing this valuable account is critical to the overall security of your computer.This can be accomplished by ensuring the account is disabled, setting a strong password, and renaming it so that it is harder for malicious scripts and viruses to try to use.

Doing this is very similar to securing the Guest account as you just did in the Assigning Password on Guest Account.

Follow these steps to protect your Administrator account:

• Click the Start menu, right-click Computer, and select Manage.
• After Computer Manager loads, expand Local Users and Groups and select the Users folder.
• Right-click the Administrator account and select Properties.
• Check the Account is disabled option if it is not already selected. Then, click OK to save the changes.
• Right-click the Administrator account and select Set Password.
• A warning screen will appear, telling you about what might happen if you proceed. Disregard this message and click Proceed.
• When the Set Password window appears, type a completely random complex password that is at least 20 characters long in both boxes and click OK. The new password will now be set.
• Rename the account to confuse any malicious scripts that might be looking for it. Right-click the Administrator account again and select Rename.
• Type a new name for the account that has some random letters and numbers in it. I like to use AdminDisabled2341 as a new name.
• Press Enter and you are finished.

Now both of the built-in Windows Vista accounts are secured.

Ultimate Links PC Tips™

Vista Tips - Assigning a Password and Renaming the Guest Account

One of the default accounts set up in Windows Vista is the Guest account. This account can be useful if your computer is in a public place such as a library and a low rights account is needed.

However, for most of us, this account is just another possible security hole because it cannot be deleted. It is disabled by default but it could be enabled again by a virus or malware if your computer ever gets infected. The best way to neutralize this account is to give it a random password and rename it to eliminate the chances that some script will be able to use it.

Follow these steps to protect this account:

• Click the Start menu, right-click Computer, and then select Manage.
• After Computer Manager loads, expand Local Users and Groups and select the Users folder. All the local computer accounts will be listed.
  
• Right-click the Guest account on the list and select Set Password.
• A warning screen will appear, telling you about what may happen if you proceed. Disregard this message and click Proceed.
• When the Set Password window appears, type in a completely random password that is a complex password and is also at least 20 characters long in both boxes and click OK. The new password will now be set.
• Rename the account to confuse any malicious scripts that might be looking for it. Right-click the Guest account again and select Rename.
• Type a new name for this account that has some random letters and numbers in it. You just want to make it different from Guest.
• When you are done renaming it, click Enter and you are finished.

Your Guest account is now more secure than ever.
Ultimate Links PC Tips™