Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

email virus/worm

You are currently browsing the articles from MS Windows Vista Compatible Software matching the category email virus/worm.

Manual Removal of W32/Agent.BXGE Trojan

Manual Removal of W32/Agent.BXGE Trojan

W32/Agent.BXGE is a trojan. The trojan arrives as an email attachment which contains the file DHL_HELP.exe. The trojan will infect Windows systems.
This trojan information updated on March 30, 2009.
Other names of W32/Agent.BXGE Trojan:
This trojan is also known as Trojan.Win32.Agent.bxge

Damage Level : Medium/High
Distribution Level: Medium

No Removal Tool for W32/Agent.BXGE Trojan
W32/Agent.JKB Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Agent.BXGE Trojan Known File Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]

%Windows\ld03.exe
%Windows\pp05.exe
%Windows\System\dll32.dll
%Windows\System\sdra64.exe
[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Agent.BXGE Trojan Entries Manual Removal From Registry

Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.

Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

The W32/Agent.BXGE Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

Delete The Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete file entry from right side

Search Registry For W32/Agent.BXGE Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,

Restart your Computer.

Recommended Removal Tools:

Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)

Killbox (Freeware)

Ultimate Links PC Tips™

Written by FireFly on March 31st, 2009 with no comments.
Read more articles on W32/Agent.BXGE and email virus/worm and manual removal and removal of trojan and otherSoftware.

Manual Removal of Re_file.exe

Re_file.exe (W32.Beagle)
This worm spreads via the Internet as an attachment to infected messages. Infected messages will be sent to all email addresses harvested from the victim machine.The worm is also able to download other files from the Internet without the knowledge or consent of the user. The worm itself is a PE EXE file. The file is 40,565 bytes in size.
Damage Level: Highly Dangerous
Distribution Level: High
Removal Tools:
Tools From Bitdefender:
Win32.Bagle.A@mm - Download
Win32.Bagle.AU@mm - Download
Win32.Bagle.FO@mm - Download (recommended)
Win32.Bagle.{C-E}@mm - Download
Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names

%System%\wind2ll2.exe
%System%\re_file.exe
%WinDir%\elist.xpt
Documents and Settings%\Application Data\hidn
It then copies its body to this folder under the following names:
Documents and Settings%\Application Data\hidn\hidn2.exe
Documents and Settings%\Application Data\hidn\hldrrr.exe

Manually Remove From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.

The worm deletes the following registry key, making it impossible to boot the infected computer in Safe Mode:
HKLM\System\CurrentControlSet\Control\SafeBoot

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
”winshost.exe” = “%winsysdir%\winshost.exe”

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
“winshost.exe” = “%winsysdir%\winshost.exe”

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
“drv_st_key” = “%Documents and Settings%\Application Data\hidn\hidn2.exe”

where ‘%winsysdir%’ represents Windows System folder. This ensures the trojan is run every time Windows starts.
When the dropped DLL is activated, it will check for the following registry value:

HKCU\Software\FirstRun
”FirstRunRR” = dword:value

If the value doesn’t exist, the trojan creates it and sets it as 1. The DLL also opens MS paint (mspaint.exe) as a decoy and executes the actual payload.

Exit the Registry Editor.
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)