January 19, 2008
Worm W32.Dranyam affects Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows Vista, Windows XP operating systems.
How to remove Worm W32.Dranyam?
1. Perform standard procedure for Virus removal.
** Standard procedure for Virus removal
2. Remove this registry entries
** How to edit windows registry ?
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}\"StubPath" = "C:\WINDOWS\Help\svchost.exe"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}\"StubPath" = "C:\WINDOWS\Help\services.exe"
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window Title" = "«×¤‡ M•ä•R•Ç † m•Á•ÿ•Ñ•â•R•Ð ‡¤×»"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:\INF\snd\9406607\"Copy of 1.exe" = "Copy of 1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "userinit.exe,services.exe"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "0"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "1"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"ShowSuperHidden" = "0"
Remove these files from all drives
%DriveLetter%\MarcMaynard.exe
%DriveLetter%\autorun.inf
Remove these files if exist in the system.
* %UserProfile%\Administrator\Desktop\hi.txt
* %Windir%\Help\services.exe
* %Windir%\Help\svchost.exe
Related:
Virus removal tools
0 comments:
Post a Comment