February 21, 2008

How to remove W32.Spybot.AVEN - Worm ?


1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart your system in safe mode.
3. Run a full system scan.
4. Delete these values added to the registry.

NB: Use this Symantec Tool to reset shell\open\command registry keys if regedit (Registry editor) is not accessible .


* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"YahooServices" = "57 00 49 00 4E 00 42 00 4F 00 54 00 2E 00 45 00 58 00 45 00 00 00 63 00 30 00 6B 00 65 00 68 00 65 00 61 00 64 00 00 00 23 00 23 00 63 00 30 00 6B 00 65 00 00 00 34 00 32 00 30 00 00 00 00 00 02 00 00 00 00 00 00 00 59 00 61 00 68 00 6F 00 6F 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 73 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 59 00 61 00 68 00 6F 00 6F 00 53 00 76 00 63 00 73 00 74 00 72 00 74 00 65 00 72 00 00 00 74 00 47 00 62 00 6F 00 74 00 20 00 6E 00 74 00 20 00 79 00 61 00 68 00 6F 00 6F 00 00 00 70 00 61 00 79 00 2E 00 64 00 61 00 74 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 D0 00 07 00 00 00 00 00 6E 00 69 00 67 00 67 00 61 00 61 00 00 00 00 00 F6 00 DC 02 45 00 00 00 E6 00 DC 02 45 00 00 00 00 00 00 00 00 00 00 00 0B 00 1A 00 00 00"

* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\"YahooServices" = "57 00 49 00 4E 00 42 00 4F 00 54 00 2E 00 45 00 58 00 45 00 00 00 63 00 30 00 6B 00 65 00 68 00 65 00 61 00 64 00 00 00 23 00 23 00 63 00 30 00 6B 00 65 00 00 00 34 00 32 00 30 00 00 00 00 00 02 00 00 00 00 00 00 00 59 00 61 00 68 00 6F 00 6F 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 73 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 59 00 61 00 68 00 6F 00 6F 00 53 00 76 00 63 00 73 00 74 00 72 00 74 00 65 00 72 00 00 00 74 00 47 00 62 00 6F 00 74 00 20 00 6E 00 74 00 20 00 79 00 61 00 68 00 6F 00 6F 00 00 00 70 00 61 00 79 00 2E 00 64 00 61 00 74 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 D0 00 07 00 00 00 00 00 6E 00 69 00 67 00 67 00 61 00 61 00 00 00 00 00 F6 00 DC 02 45 00 00 00 E6 00 DC 02 45 00 00 00 00 00 00 00 00 00 00 00 0B 00 1A 00 00 00"
Posted by Vidhu at 9:04 AM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)