Manual Removal of W32/VB.IDF Trojan
Manual Removal of W32/VB.IDF Trojan.
W32/VB.IDF is a Trojan. The Trojan will infect Windows systems.
This Trojan first appeared on January 9, 2009.
Other names of W32/VB.IDF Trojan:
This Trojan is also known as TROJ_VB.HBG, Trojan.Win32.VB.idf.
This Trojan first appeared on January 9, 2009.
Other names of W32/VB.IDF Trojan:
This Trojan is also known as TROJ_VB.HBG, Trojan.Win32.VB.idf.
Damage Level : Medium/High
Distribution Level: Medium
Distribution Level: Medium
No Removal Tool for W32/VB.IDF Trojan
Read Symantec Removal
Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
Read Symantec Removal
Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
End the Following Active Process Before Removal
- [ Kill the Process, Use Killbox if your Access Denied ]
- %ProgramFiles%\common files\rising.exe
- %System%\53472fc0.exe
- %System%\rising.exe
- %Temp%\ravtmp\rising.exe
- c:\rising.exe
- %Temp%\[RANDOM 5 DIGITS].dll
- %System%\logo_1.exe
- %Windows Installed Drive\Recycle\RisinG.exe
- %Windows Installed Drive\recycle\x-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe
- %Windows Installed Drive\recycle\x-5-4-27-2345678318-4567890223-4234567884-2341\Desktop.ini
eg: C:\Recycle\RisinG.exe - Removing the Folder Using Command Prompt
- Open Task Manager - End Process Explorer.exe
- in task manager - File - New Task, cmd press enter
- in Cmd, First type cd\ , to change the directory
- then it become c:\ , type C:\cd recycle , press enter
- then, C:\recycle\ then delete the exe file
- C:\recycle\del rising.exe , press enter to delete the file
- then type cd\ , press enter
- type c:\rd recycle , press enter to remove the recycle folder
- type exit , to exit command prompt
- type shutdown -r t 0 , to restart your pc
- This Trojan Can also use the following file names
AF037A60.EXE, DC3.EXE, 9B1CC3AC.EXE, 22906838.DAT, RISING2008[1].EXE, DOWN(0).EXE, 60637142.EXE, 57597865.EXE, NEW.EXE, 13376637.SVD, ASDSDS.EXE, SDSDD.EXE, 42947858.EXE, KKKFUCKU.EXE, RISING[n].EXE, SDSDSD.EXE, RECYCLE/X-5-4-27-2345678318-4567890223-4234567884-2341/RISING.EXE
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
- Download this UnHookExec.inf, and then continue with the removal.Save it to your Windows desktop. Do not run it at this time, download it only.
- After booting into the Safe Mode or VGA Mode
- Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile DoNotAllowExceptions value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile DoNotAllowExceptions value:
Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.
Edit Menu - Find, enter Keyword and remove all value that find in search.
Exit the Registry Editor,
Restart your Computer.
Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
Written by FireFly. Read more great feeds at is source WEBSITE
5 comments.
Read more articles on RisinG.exe and W32/VB.IDF and manual removal and removal of trojan and otherSoftware and Windows.
- [+] Digg: Feature this article
- [+] Del.icio.us: Bookmark this article
- [+] Furl: Bookmark this article
chandu
Rick goodrich
Yusri Mathews
#1. March 11th, 2009, at 4:35 AM.
thnq,
worked like a charm..