How to remove Computer worm W32.Pykspa.F?
1. Perform standard procedure for Virus removal.** Standard procedure for Virus removal
2. Remove this registry entries
** How to edit windows registry ?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"[RANDOM]" = "%Temp%\[RANDOM FILE NAME].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"[RANDOM]" = "[RANDOM].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[RANDOM]" = "%Temp%\[RANDOM FILE NAME].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\"[RANDOM]" = "%Temp%\[RANDOM FILE NAME].exe ."
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\"[RANDOM]" = "[RANDOM].exe ."
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\"[RANDOM]" = "%Temp%\[RANDOM FILE NAME].exe ."
Restore the following registry entries to their previous values, if required:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"DisableRegistryTools" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"AntiVirusDisableNotify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"FirewallDisableNotify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"UacDisableNotify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"UpdatesDisableNotify" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDriveTypeAutoRun" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoFolderOptions" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "91"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\"NoDriveTypeAutoRun" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\"NoFolderOptions" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"ConsentPromptBehaviorAdmin" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"ConsentPromptBehaviorUser" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableInstallerDetection" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableSecureUIAPaths" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableVirtualization" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"FilterAdministratorToken" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"PromptOnSecureDesktop" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"ValidateAdminCodeSignatures" = "0"
Remove these files if exist in your system
%CurrentFolder%\[RANDOM FILE NAME].dllRelated:
%System%\[RANDOM FILE NAME].[RANDOM]
%System%\[RANDOM FILE NAME].exe
%Temp%\[RANDOM FILE NAME].[RANDOM]
%Temp%\[RANDOM FILE NAME].exe
%UserProfile%\Application Data\[RANDOM FILE NAME].[RANDOM]
Virus removal tools
- Download Norton AntiVirus 2010 Trial
- Download AVG Anti-Virus Free Edition 9.0
- Top 10 Antivirus 2010 For Home Computers
- Download Microsoft's Free Anti Virus Software
- Download Kaspersky Anti-virus 2009 - Free 30 days trial
- Free Mobile Antivirus Softwares
- Antivirus from Microsoft. And its free!
- Remove Autorun.inf and Antivirus 2008 using ESET NOD32 Antivirus
- Vipre: Antivirus, Antispyware, Anti-Rootkit - Free Trial Download
- Panda's Antivirus, Firewall and Internet Security With 3 Months Free Service
No comments:
Post a Comment