Manual Removal of W32/Druzgl.D, W32.SillyFDC Worm
Manual Removal of W32/Druzgl.D Worm.
This worm first appeared on December 9, 2008.
Other names of W32/Druzgl.D Worm:
This Worm is also known as Win32.Druzgl.d, W32.SillyFDC.
Damage Level : High/Medium
Distribution Level: Unknown/Low
No Auto Removal Tool for W32/Druzgl.D Worm
Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
When W32.SillyFDC is executed, it may copy itself to the following folder locations:
- %Program Files\Microsoft Common\wuauclt.exe
- %System%
- %Windir%
- %Temp%
- %UserProfile%
- %ProgramFiles%
- %SystemDrive%
- %CommonProgramFiles%
- %CurrentFolder%
Using any of the following file names with a .com or .exe extension:
- password_viewer.exe
- CALC or calc
- mscalc.exe
- startupfolder
- config_
- startupfolder.com
- config_.com
How to Delete the Autorun.inf files
Go to Start > Run, type “cmd”
At the command prompt, type “cd\”, this will change to C:\
Type “attrib” (C:\>attrib), it will display files with attributes. Take note on attribute of autorun.inf.
Usually it has SHR.(System, Hidden, Read Only)
Type “attrib -s -h -r C:\autorun.inf”, it will remove System, Hidden and Read-Only attribute
Type “edit autorun.inf” it will open DOS Editor and display contents as follows
—
[autorun]
open=file.exe
shell\Open\Command=file.exe
shell\open\Default=1
shell\Explore\Command=file.exe
shell\Autoplay\command=file.exe
—
Take note of the file/path that it runs.
Ex: open=file.exe where file.exe is the filename of the file that autoruns.
Exit DOS Editor.
Back at the command prompt type “attrib -s -h -r file.exe”, where file.exe is the file that was called on DOS editor to autorun.
Ex: C:\>attrib -s -h -r file.exe.
If it is located on different directory include the path.
Ex: C:\>attrib -s -h -r c:\Windows\file.exe
Type “del file.exe”. If it is located on different directory include the path.
Ex: C:\>del c:\Windows\file.exe
Type “del autorun.inf”
Type “del c:\Windows\autorun.inf
Type “del c:\Windows\password_viewer.exe
Type “del c:\Douments and Settings\(Your User Name)\Local Settings\Application Data\Microsoft\CD Burning\autorun.inf
Exit command prompt by typing “exit”
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\”load”
Edit Menu - Find, enter Keyword and remove all value that find in search.
Exit the Registry Editor,
Restart your Computer.
Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
Written by FireFly. Read more great feeds at is source WEBSITE
no comments.
Read more articles on W32.SillyFDC and W32/Druzgl.D Worm and worm removal and manual removal and otherSoftware and Removal and Windows.
- [+] Digg: Feature this article
- [+] Del.icio.us: Bookmark this article
- [+] Furl: Bookmark this article
