Worm W32.IRCBot.DCN removal tips...
1. Follow standard procedure for virus removal
2. Delete these values and subkeys added to registry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Generic Host Process for Win32 Service" = "%System%\wbem\rpchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices\"Generic Host Process for Win32 Service" = "%System%\wbem\rpchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\OLE\"Generic Host Process for Win32 Service" = "%System%\wbem\rpchost.exe"
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\"Generic Host Process for Win32 Service" = "%System%\wbem\rpchost.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%System%\wbem\rpchost.exe" = "%System%\wbem\rpchost.exe:*:Enabled:Generic Host Process for Win32 Service"
No comments:
Post a Comment