VALUE HAS A VALUE IF ITS VALUE IS VALUED

Archive
▼ 2009 (243)

► July (4)

► Jul 01 (4)

▼ June (167)

► Jun 29 (1)

► Jun 28 (5)

► Jun 24 (1)

► Jun 23 (2)

► Jun 22 (11)

► Jun 21 (3)

▼ Jun 20 (7)

Block USB Devices

Reliance Smart GPRS Settings

How to edit a (.PPS or .PPSX) PowerPoint Show file

Megaupload tricks to download files

How Long Has Your System Been Running?

How to Avoid Disk Check Scan at every BootUp

Removed Fun.exe, dc.exe, SVIQ.exe virus

► Jun 19 (12)

► Jun 17 (4)

► Jun 16 (4)

► Jun 15 (1)

► Jun 14 (9)

► Jun 13 (5)

► Jun 12 (52)

► Jun 08 (12)

► Jun 07 (14)

► Jun 05 (1)

► Jun 04 (15)

► Jun 02 (2)

► Jun 01 (6)

► May (72)

► May 29 (19)

► May 28 (53)
Text

Followers

chat box!!!!!

Removed Fun.exe, dc.exe, SVIQ.exe virus

6/20/2009 05:30:00 AM Posted In virus protection Edit This 0 Comments »

I have got a virus, which automatically opening the Yahoo messenger. So, when I have looked the processes in the task manager, I have found the following processes Fun.exe, dc.exe, SVIQ.exe.

I killed those processes, by right clicking the process and select "End Process Tree". After I have killed all those processes, I searched Internet and found the following link w32.Imaut.As (also called Dung Coi). Then I have deleted all the virus files and cleaned the registry.

Follow steps below :

First go to the task manager (right click on the task bar > task manager) and select the processes tab.

Right click on the Fun.exe, dc.exe, SVIQ.exe and select "End Process Tree". This stops the viruses from interrupting in the cleanup process.

Go to the MSConfig (Win+R, type MSConfig and press enter). Go to the startup tab. Uncheck the dc.exe, fun.exe, SVIQ.exe, Other.exe, Win.exe. This stop the virus processes from starting with the windows.

Next go to the Registry Editor (Win+R, type RegEdit and press enter). Remove the following keys

dc, dc2k5, fun under the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
load, run under the key HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
Go to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and Modify Shell's value to "Explorer.exe".
Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dc
Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dc2k5
Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Fun
Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load
Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run

Delete the following files.

%Windir%\Help\Other.exe
%Windir%\inf\Other.exe
%Windir%\system\Fun.exe
%Windir%\System32\config\Win.exe
%Windir%\System32\WinSit.exe
%Windir%\dc.exe
%Windir%\SVIQ.exe
%Windir%\System32\NWB.dat
c:\PNga.txt
%Windir%\wininit.ini

VALUE HAS A VALUE IF ITS VALUE IS VALUED

Archive

Text

Followers

chat box!!!!!

Removed Fun.exe, dc.exe, SVIQ.exe virus

0 comments:

Labels

WELCOME