|
Posted by =?Utf-8?B?bGF5bWFu?= on May 10, 2007, 1:47 pm
If you were Registered and logged in, you could reply and use other advanced thread options
(128 MB) then you may have to run a small .bat file to delete the dc.exe,
fun.exe and sviq.exe while you end them in the task manager. The AVG
freeware can also clean off your flash drive if it is infected too. Much
easier than deleting manually.
The registry list below worked too, but DO NOT set the userinit value to
blank. leave it alone. Otherwise you will not be allowed to log in to
windows and will have to use the recovery CD to get in again.
"yanniemx" wrote:
> so I removed the virus from the infected machine using the steps below and
> some additional steps, here is what I did:
>
> 1.) you have to be quick on this step: in Task Manager end task on DC, FUN
> and SVIQ...I used the End Process Tree
>
> 2.) look for the following files
> (extension is usually EXE but not always)
> fun
> dc
> sviq
> repair
> DataV
> Other
> win
> winsit
> cviq
> They can be located in one or more of the following directories:
> C:\windows\system
> C:\windows\system32
> C:\windows
> C:\windows\inf
> C:\windows\config
> C:\windows\system32\config
> C:\windows\system\config
>
> 3.) In regedit clean these keys:
> HKEY_CURRENT_USER\Software\Microsoft\windows\current\version\run
> HKEY_LOCAL_MACHINE\Software\Microsoft\windows\current\version\run
> HKEY_LOCAL_MACHINE\software\microsoft\windows NT\currentVersion\winlogon
> subkeys: Useinit --> set Useinit to Blank
> Shell to Explorer.exe
>
> HKEY_CURRENT_USER\software\microsoft\windowsNT\currentVersion\windows
> delete subkeys: load=other.exe
> run=win.exe
>
> 4.) run MSCONFIG and look to see if anything else is starting or loading
> that looks weird and remove it...of course be careful because you can destroy
> your system if you remove the wrong things
> 5.) reboot and make sure the virus is gone (it should be)
>
| 
XML site map