Techno World Inc - The Best Technical Encyclopedia Online!

THE TECHNO CLUB [ TECHNOWORLDINC.COM ] => Viruses => Topic started by: Daniel Franklin on September 29, 2007, 12:34:08 PM


Title: How to remove W32/Small.KI
Post by: Daniel Franklin on September 29, 2007, 12:34:08 PM


Method how to remove W32/Small.KI.: 1.Disconnect the computer from the network (better in "safe mode").

2.If used windows ME/XP, turn off (system restore) in the process of the cleaning.

3.Turn off the process from this virus. You could use Task Manager, turn off 2 processes from this virus that is: update.Exe and winzip.Exe.

4.Removed regsitry key that was changed by the virus. a. ScanRegistry = "scanregw.exe /scan" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b. change string ShowSuperHidden dengan value 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Advanced c. change string WebView with value 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Advanced d. change string FullPatch with value 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Cabinet State e.change string UNCAsIntranet with value 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ZoneMap

5.Remove File who made by the virus. * WINZIP_TMP.exe * C: * Rundll16.exe [hidden file] dan WINZIP_TMP.exe * C:\Windows * scanregw.exe [hidden file], update.exe [hidden file], winzip.exe [hidden file] dan sample.Zip * C:\Windows\System32 * Temp.htt [hidden file] dan WinZip_Tmp.exe [hidden file] * C:\Document and settings * C:\Documents and Settings\Administrator * C:\Documents and Settings\Administrator\Start Menu * C:\Documents and Settings\Administrator\Start Menu\Programs\, * C:\Documents and Settings\Administrator\Start Menu\Programs\Startup * C:\Documents and Settings\All Users\Start Menu * C:\Documents and Settings\All Users\Start Menu\Programs * C:\Documents and Settings\All Users\Start Menu\Programs\Startup

6.Removed also file that was made to each folder that in-share with the characteristics: * Icon Concealed [icon Winzip] * fils size 94 KB * Ekstension EXE * Type file "Application"

7.For the cleaning more optimal useantivirus with latest update. 8.Really was suggested to install "antivirus for mail server" (if you had mail server).

Articles Source - Free Articles


Powered by SMF 1.1.4 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks