Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

Manual Removal of W32/Murlo.ABJ Trojan

Manual Removal of W32/Murlo.ABJ Trojan

W32/Murlo.ABJ is a trojan. The trojan will infect Windows systems.
This trojan first appeared on February 25, 2009.
Other names of W32/Murlo.ABJ Trojan:
This trojan is also known as Trojan-Downloader.Win32.Murlo.abj, Troj/FakeAV-KS, TR/Dldr.FakeAler.IM.

Damage Level : Medium/High
Distribution Level: Medium

No Removal Tool for W32/Murlo.ABJ Trojan
W32/Murlo.ABJ Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

[ Kill the Process, Use Killbox if your Access Denied ]

Add Comment if you Want the File Remover

Download W32/Murlo.ABJ Trojan Known Files Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]

%Windows\System\init32.exe
%Windows\System\frmwrk32.exe
%Windows\System\userinit.exe
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Murlo.ABJ Trojan Entries Manual Removal From Registry

Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.

Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

The W32/Murlo.ABJ Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

Delete The Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete run=frmwrk32.exe

The following registry entry is set, disabling system software:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr Change Value to 1

Registry entries are set as follows: Manually Edit:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
NoChangingWallpaper Change Value to 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoSetActiveDesktop Change Value to 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoActiveDesktopChanges Change Value to 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallpaper Change Value to 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoSetActiveDesktop Change Value to 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoActiveDesktopChanges Change Value to 1

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components
GeneralFlags Change Value to 0

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0
CurrentState Change Value to 40000004

HKCU\Software\Microsoft\Internet Explorer\Desktop\General
Wallpaper \ahtn.htm

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr = 0×00000001

Search Registry For W32/Murlo.ABJ Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,

Restart your Computer.

Recommended Removal Tools:

Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)

Killbox (Freeware)

Ultimate Links PC Tips™