Search This Blog

Saturday, July 2, 2011

Virus Information and How to Remove

It is my first post on virus programs. It is very important  for all user because virus can kill your computer without your information or stolen your data.........

Trojan-PSW.Win32.Qbot.dkg

Once launched, the backdoor copies its body to a file:
%ALLUSERSPROFILE%\Application Data\Microsoft\<rnd_1>\<rnd_1>.exe
where <rnd_1> - is a random name (for example: "uiouy").
To start the created copy automatically each time the system starts it appends a path to the backdoor copy to a registry value found in the branch:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]

Removal instructions

If your computer does not have an antivirus, and is infected by this malicious program, follow the instructions below to delete it:
  1. Reboot a computer in a “Safe Mode” (at the beginning of system boot, press and hold the «F8», then select the «Safe Mode» the Windows boot menu).
  2. Delete the registry keys and restore original values of the keys in system registry 
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce]
  3. Delete files:
    %ALLUSERSPROFILE%\Application Data\Microsoft\<rnd_1>\<rnd_1>.exe
    %ALLUSERSPROFILE%\Application Data\Microsoft\<rnd_1>\<rnd_1>.dll 
    %ALLUSERSPROFILE%\Application Data\Microsoft\<rnd_1>\<rnd_3>.dll
    %ALLUSERSPROFILE%\Application Data\Microsoft\<rnd_1>\<rnd_4>.dll
    c:\irclog.txt
  4. Delete downloaded files in the folder:
    %WinDir%\TEMP
  5. Empty Temporary Internet Files, that may contain infected files 
 
More information and information source page 


DEEPAK KUMAR VERMA CALL 9214012330 MAIL - deepuverma@engineer.com

No comments:

Post a Comment