Manual Removal of W32/VirtualBouncer.C Trojan.
W32/VirtualBouncer.C is a Trojan. The trojan will infect Windows systems.
The trojan installs itself as an antivirus software and scans the system.
Once scanning is completed it takes to a website for registration.
This trojan first appeared on December 29, 2008.
Other names of W32/VirtualBouncer.C Trojan:
This trojan is also known as DR/VirtualBouncer.C.5,Troj/FakeAle-BP.
The trojan installs itself as an antivirus software and scans the system.
Once scanning is completed it takes to a website for registration.
This trojan first appeared on December 29, 2008.
Other names of W32/VirtualBouncer.C Trojan:
This trojan is also known as DR/VirtualBouncer.C.5,Troj/FakeAle-BP.
Damage Level : Medium
Distribution Level: Unknown
Distribution Level: Unknown
No Removal Tool for W32/VirtualBouncer.C Trojan
Trojan Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
End the Following Active Process Before Removal
- %Program Files\myCleanerPC\myCleanerPC.exe [ 876544 Bytes ]
- %Program Files\myCleanerPC\DNRProject.dll [ 774144 Bytes ]
- %Program Files\myCleanerPC\mcpcuninstaller1_25.EXE
- %Program Files\myCleanerPC\Setup.INI
- %Program Files\myCleanerPC\clean.swf
- %Program Files\myCleanerPC\clean1.swf
- %Documents and Settings\[USER]\Application Data\myCleanerPC
- %Documents and Settings\[USER]\Start Menu\Programs\myCleanerPC
- %Documents and Settings\[USER]\Application Data\myCleanerPC\history.dat
- %Documents and Settings\[USER]\Application Data\myCleanerPC\error.log
- %Documents and Settings\[USER]\Application Data\myCleanerPC\CleanerDefs.css
- %Documents and Settings\[USER]\Application Data\myCleanerPC\schedule.dat
- %Documents and Settings\[USER]\Application Data\myCleanerPC\Signatures.dat
- %Documents and Settings\[USER]\Application Data\myCleanerPC\stats.log
- %Documents and Settings\[USER]\Application Data\myCleanerPC\user.dat
- %Documents and Settings\[USER]\Start Menu\Programs\myCleanerPC\About myCleanerPC.lnk
- %Documents and Settings\[USER]\Start Menu\Programs\myCleanerPC\MyCleanerPC.lnk
- %Documents and Settings\[USER]\Start Menu\Programs\myCleanerPC\Uninstall myCleanerPC.lnk
- If you have any of these files in running process from task manger, end the process before removal.
- Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
- Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
Unregister DLL Files Using Windows Command Prompt
- To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
- Type "cd" in order to change the current directory,
- Press the "space" button, enter the full path to where you believe the Program DLL file is located press the "Enter" button on your keyboard.
- If you don't know where Program DLL file is located, use the "dir" command to display the directory's contents.
- To unregister a "Program" DLL file,
- Type in the exact directory path + "regsvr32 /u" + [ DLL_NAME ]
- Example [ C:\Windows\System\ regsvr32 /u name.dll ] and press the "Enter" button.
- A message will pop up that says you successfully unregistered the file.
Trojan Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
- Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
- Download and run this UnHookExec.inf, and then continue with the removal.
- Save it to your Windows desktop. Do not run it at this time, download it only.
- After booting into the Safe Mode or VGA Mode
- Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\myCleanerPC
HKEY_USER\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\MyCleanerPC
HKEY_USER\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\MyCleanerPC
HKEY_LOCAL_USERS\SOFTWARE\MyCleanerPC
41765812-F0D1-4837-9662-5FBCD9CC2DEE
4F81B064-E53B-48CD-98DD-84ABD18D4CBE
72556741-56FD-45A8-93DA-EE5EE41B908A
9BD6A9A7-7D88-4658-8BE4-1AA69174F8AF
A582B627-CE65-4BA7-B44F-8B9609193C32
AB9F5DD2-427A-4CE3-9522-3756BF2F0048
AE94BD95-408C-4506-BA90-2FAACB173927
B6B86368-2787-49B2-9054-F32B4B839AF1
F30973B1-DD06-4885-8C39-EE3CED95061F
DNRProject.cCookie
DNRProject.cErrorLog
DNRProject.cHistory
DNRProject.cRegistryRoutines
DNRProject.cScheduler
DNRProject.cSignature
DNRProject.cThreatLevel
DNRProject.cUserSettings
DNRProject.DNRDirector
1295E3D3-FDC8-4A3E-8E60-C6031601D08D
472FA6ED-4A44-49BA-8241-7CA38806C618
7265B88D-C685-4290-8B25-3659F8626031
14627BD3-6C96-4B5F-AA47-941CB370BB94
244DB87B-7310-46DB-A7B8-651B8AEC8648
FC912F2E-A101-4015-B822-7D2D71D15545
908099C8-E0C7-4787-B084-96F915383598
26953A7A-BC68-496E-A479-AE975B0BFC6A
DBA4C028-544C-4D46-8D96-87E12B655CDD
FA6EEA37-5D54-490F-801E-DC0AD91C1045
AF6015BD-186A-4E60-A08E-0FC1C53324D9
BC978724-6C36-4F11-9A63-E85834BA344F
CC03D597-A404-4B95-8544-FD215925B677
4F81B064-E53B-48CD-98DD-84ABD18D4CBE
72556741-56FD-45A8-93DA-EE5EE41B908A
9BD6A9A7-7D88-4658-8BE4-1AA69174F8AF
A582B627-CE65-4BA7-B44F-8B9609193C32
AB9F5DD2-427A-4CE3-9522-3756BF2F0048
AE94BD95-408C-4506-BA90-2FAACB173927
B6B86368-2787-49B2-9054-F32B4B839AF1
F30973B1-DD06-4885-8C39-EE3CED95061F
DNRProject.cCookie
DNRProject.cErrorLog
DNRProject.cHistory
DNRProject.cRegistryRoutines
DNRProject.cScheduler
DNRProject.cSignature
DNRProject.cThreatLevel
DNRProject.cUserSettings
DNRProject.DNRDirector
1295E3D3-FDC8-4A3E-8E60-C6031601D08D
472FA6ED-4A44-49BA-8241-7CA38806C618
7265B88D-C685-4290-8B25-3659F8626031
14627BD3-6C96-4B5F-AA47-941CB370BB94
244DB87B-7310-46DB-A7B8-651B8AEC8648
FC912F2E-A101-4015-B822-7D2D71D15545
908099C8-E0C7-4787-B084-96F915383598
26953A7A-BC68-496E-A479-AE975B0BFC6A
DBA4C028-544C-4D46-8D96-87E12B655CDD
FA6EEA37-5D54-490F-801E-DC0AD91C1045
AF6015BD-186A-4E60-A08E-0FC1C53324D9
BC978724-6C36-4F11-9A63-E85834BA344F
CC03D597-A404-4B95-8544-FD215925B677
Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.
Edit Menu - Find, enter Keyword and remove all value that find in search.
Exit the Registry Editor,
Restart your Computer.
Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
No comments :
Post a Comment
Comment on this Post!!