Your best source of information and news about hardware, hardware and secrets on the internet

Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

Trojans

You are currently browsing the articles from MS Windows Vista Compatible Software matching the category Trojans.

Manual Removal of W32/VB.KIE Trojan

Manual Removal of W32/Rbot.WIM Trojan.
W32/VB.KIE is a trojan. The trojan will infect Windows systems.
This trojan first appeared on February 2, 2009
Other names of W32/VB.KIE Trojan:
This trojan is also known as Trojan-Downloader.Win32.VB.kie
Damage Level : High/Medium
Distribution Level: Unknown
No Auto Removal Tool for W32/VB.KIE Trojan
W32/VB.KIE Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
Download W32/VB.KIE Trojan Known Files Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]
  • %Windows\System32\s3mgr.exe

    If you have any of these files in running process from task manger, end the process before removal.
    Note: if task manager is disabled
    Download the following file [ Right click and select “Save Target as” ]
    Click to Download - Enable Registry.reg
    Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Rbot.WIM Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf, [ Right click and select “Save Target as” ] and then continue with the removal.
Save it to your Windows desktop. Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
 Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the S3mgr Entry on the right pane


Search Registry For W32/Rbot.WIM Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
Ultimate Links PC Tips

Written by FireFly on February 3rd, 2009 with no comments.
Read more articles on manual removal and W32/VB.KIE Trojan and removal of trojan and Trojans and otherSoftware and Windows XP.

Manual Removal of ExpressAntiVirus2009 Trojan

Manual Removal of ExpressAntiVirus2009 Trojan.
ExpressAntiVirus2009 is a misleading application that may give exaggerated reports of threats on the computer.
Publisher: ExpressAntiVirus2009.com
Damage Level : Medium
Distribution Level: Low
No Removal Tool for ExpressAntiVirus2009
Download Malicious Software Removal Tool from the Microsoft Download Center
Trojan Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

  • %ProgramFiles\exav\av.ini
  • %ProgramFiles\exav\base.dll
  • %ProgramFiles\exav\borlndmm.dll
  • %ProgramFiles\exav\expressav.exe [ Kill the Process, Use Killbox if your Access Denied ]
  • %Documents and Settings\[User Name]\Application Data\Local settings\Temp
    • If you have any of these files in running process from task manger, end the process before removal.
    • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
    • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

Unregister DLL Files Using Windows Command Prompt

  • To open the Windows Command Prompt, go to Start > Run > type cmd and then click the “OK” button.
  • Type “cd” in order to change the current directory,
  • Press the “space” button, enter the full path to where you believe the System Antivirus 2008 DLL file is located press the “Enter” button on your keyboard.
  • If you don’t know where System Antivirus 2008 DLL file is located, use the “dir” command to display the directory’s contents.
  • To unregister “System Antivirus 2008″ DLL file,
  • Type in the exact directory path + “regsvr32 /u” + [DLL_NAME]
  • (C:\Windows\System\ regsvr32 /u lsasrv.dll) and press the “Enter” button.
  • A message will pop up that says you successfully unregistered the file.
Trojan Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
  • Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
    • Download and run this UnHookExec.inf, and then continue with the removal.
    • Save it to your Windows desktop. Do not run it at this time, download it only.
    • After booting into the Safe Mode or VGA Mode
    • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”av” = “C:\Program Files\exav\expressav.exe”
It also modifies the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoFind” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoRun” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoSMHelp” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoSetFolders” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoViewOnDrive” = “3FFFFFF”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableRegistryTools” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\”NoBrowserOptions” = “1″
1 = On, 0 = Off

Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)

Written by FireFly on January 11th, 2009 with no comments.
Read more articles on manual removal and ExpressAntiVirus2009 and AntiSpyware and removal of trojan and Trojans and antivirus and otherSoftware and Windows.

Can your Rely on the Windows XP System Restore Option?

One thing you must love about Windows XP is that they have the system restore option active at times that makes it easier for you to restore at some point after you have properly backed up your system. But along with that backup includes problems such as infected files by viruses or Trojans. That is perhaps if you noticed, that sometimes, when you have to get rid of a dreaded virus, tutorials will tell you to temporarily turn off the system restore option to make sure that you don’t leave any trace of these infections.

But the question is on whether you really need the system restore turned on. Some would turn it off to be safe while others just leave it on. This is to avoid the problems of infections at times but if you are wise, it is best to leave it on, especially if you are not too technically savvy about tinkering your operating system.

A good practice to consider is to of course set a restore point and then turn off the system restore. But before you do, make sure that this restore point is virus free and reliable. That way, you can be sure that once something unfortunate occurs, you can always rely on your backed up system to get back online.

With the system restore turned on, a lot of issues can be avoided. While you may lose some current files, it is better to lose a few rather than reformatting the whole computer and lose a lot!

Written by PC Freak on July 31st, 2008 with no comments.
Read more articles on malware and viruses and otherSoftware and Trojans and Desktops and backups and Tutorials and operating system and system restore and Windows XP.