Enter your Keyword, Search here,

Manual Removal of tkbellexe.exe

Tkbellexe.exe (W32.Lovgate/Worm)
W32.Lovgate is a Trojan that spreads through email and exploits buffer overrun vulnerability in the system. Once executed, Lovgate can allow unauthorized remote access to infected systems.
TkBellExe.exe is a mass-mailing worm Worm.Win32.LovGate.
TkBellExe.exe opens a back door on TCP port 6000.
TkBellExe.exe spreads via open network shares.
TkBellExe.exe tries to terminate antiviral programs installed on a user computer.

Damage Level : Medium
Distribution Level: High
[ Aliases ]
Email-Worm.Win32.LovGate.w (Kaspersky Lab) is also known as: I-Worm.LovGate.w (Kaspersky Lab), BackDoor-AQJ (McAfee),   W32.Lovgate.R@mm (Symantec),   Win32.HLLM.Lovgate.9 (Doctor Web),   W32/Lovgate-V (Sophos),   Win32/Lovgate.V@mm (RAV),   WORM_LOVGATE.V (Trend Micro),   Win32:Lovgate-AD (ALWIL),   I-Worm/Lovgate.X (Grisoft),   Win32.Lovgate.V@mm (SOFTWIN),   W32/Lovgate.AC.worm (Panda),   Win32/Lovgate.Z (Eset)

Manual Removal Instructions
Recommend Removal from Safe Mode:

How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

Kaspersky Tool:
Email-Worm.Win32.LovGate.w Removal Download
BitDefender/Softwin Tool:
Win32.Lovgate.V@mm Removal Download
Symatec Tool:


The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

  • %windir%\CDPlay.exe
  • %windir%\Exploier.exe
  • %system%\IEXPLORE.exe
  • %system%\iexplorer.exe
  • %system%\RAVMOND.exe
  • %system%\WinHelp.exe
  • %system%\spoolsv.exe
  • %system%\Update_OB.exe
  • %system%\TkBellExe.exe
  • %system%\hxdef.exe
  • %system%\Kernel66.dll
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file,Click to Download - Enable Registry.reg

Manually Remove From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.

In the right pane, delete the values:
"Winhelp" = "%system%\TkBellExe.exe..."
"Hardware Profile" = "%system%\hxdef.exe..."  
"Program in Windows"="%system%\IEXPLORE.exe"  
"Microsoft NetMeeting Associates, Inc." = "NetMeeting.exe"  
"Protected Storage"="RUNDLL32.exe MSSIGN30.DLL ondll_reg..."  
"VFW Encoder/Decoder Settings"="RUNDLL32.exe MSSIGN30.DLL ondll_reg"  
"Shell Extension" = "%system%\spollsv.exe"

In the right pane, delete the values:

"COM++ System" = "svchost.exe..."


HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
In the right pane, delete the value:

In the left hand pane, delete the subkeys:
Windows Management Protocol v.0(experimental

In the right pane, modify the default value to:
notepad.exe %1

Exit the Registry Editor
Restart your Computer

Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find
, enter Keyword and remove all value that find in search
Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)

No comments :

Post a Comment

Comment on this Post!!

More Posts that you may be interested...