How to remove worm W32.Dranyam ?

Worm W32.Dranyam affects Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows Vista, Windows XP operating systems.

How to remove Worm W32.Dranyam?
1. Perform standard procedure for Virus removal.

** Standard procedure for Virus removal

2. Remove this registry entries

** How to edit windows registry ?
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}\"StubPath" = "C:\WINDOWS\Help\svchost.exe"

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}\"StubPath" = "C:\WINDOWS\Help\services.exe"
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window Title" = "«×¤‡ M•ä•R•Ç † m•Á•ÿ•Ñ•â•R•Ð ‡¤×»"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:\INF\snd\9406607\"Copy of 1.exe" = "Copy of 1"

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "userinit.exe,services.exe"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "0"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "1"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"ShowSuperHidden" = "0"

Remove these files from all drives
%DriveLetter%\MarcMaynard.exe
%DriveLetter%\autorun.inf

Remove these files if exist in the system.
* %UserProfile%\Administrator\Desktop\hi.txt
* %Windir%\Help\services.exe
* %Windir%\Help\svchost.exe

Related:

January 19, 2008

How to remove worm W32.Dranyam ?

Virus removal tools

No comments:

Blog Archive

About me