It is my first post on virus programs. It is very important for all user because virus can kill your computer without your information or stolen your data.........
More information and information source page
DEEPAK KUMAR VERMA CALL 9214012330 MAIL - deepuverma@engineer.com
Trojan-PSW.Win32.Qbot.dkg
Once launched, the backdoor copies its body to a file:
%ALLUSERSPROFILE%\Application Data\Microsoft\<rnd_1>\<rnd_1>.exe
where <rnd_1> - is a random name (for example: "uiouy").
To start the created copy automatically each time the system starts it appends a path to the backdoor copy to a registry value found in the branch:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
Removal instructions
If your computer does not have an antivirus, and is infected by this malicious program, follow the instructions below to delete it:
- Reboot a computer in a “Safe Mode” (at the beginning of system boot, press and hold the «F8», then select the «Safe Mode» the Windows boot menu).
- Delete the registry keys and restore original values of the keys in system registry
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] [HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce]
- Delete files:
%ALLUSERSPROFILE%\Application Data\Microsoft\<rnd_1>\<rnd_1>.exe %ALLUSERSPROFILE%\Application Data\Microsoft\<rnd_1>\<rnd_1>.dll %ALLUSERSPROFILE%\Application Data\Microsoft\<rnd_1>\<rnd_3>.dll %ALLUSERSPROFILE%\Application Data\Microsoft\<rnd_1>\<rnd_4>.dll c:\irclog.txt
- Delete downloaded files in the folder:
%WinDir%\TEMP
- Empty Temporary Internet Files, that may contain infected files
More information and information source page
DEEPAK KUMAR VERMA CALL 9214012330 MAIL - deepuverma@engineer.com
No comments:
Post a Comment