• [ Kill the Process, Use Killbox if your Access Denied ]

[In Windows Vista Run As Administrator, After Execution System Will Restart]

• %Windows\System\Sysctrls.exe
  [ No Exact Information about Files, search above related files in Program files Folder ]
  If you have any of these files in running process from task manger, end the process before removal.
  Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
  Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

• [ Kill the Process, Use Killbox if your Access Denied ]

[In Windows Vista Run As Administrator, After Execution System Will Restart]

• %Windows\System\ssms.exe [ More Info ]
  
• %Windows\System32\ssms.exe
• %Root Windows Drive\1.reg
• %Root Windows Drive\a.bat
  [ No Exact Information about Files, search above related files in Program files Folder ]
  If you have any of these files in running process from task manger, end the process before removal.
  Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
  Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

• %Windows\System\VMwareService.exe
  If you have any of these files in running process from task manger, end the process before removal.
  Note: if task manager is disabled
  Download the following file [ Right click and select “Save Target as” ]
  Click to Download - Enable Registry.reg
  Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf, [ Right click and select “Save Target as” ] and then continue with the removal.
Save it to your Windows desktop. Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VMwareService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

• %Windows\System\x.exe
• %Windows\System\VMwareService.exe
  If you have any of these files in running process from task manger, end the process before removal.
  Note: if task manager is disabled
  Download the following file [ Right click and select “Save Target as” ]
  Click to Download - Enable Registry.reg
  Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf, [ Right click and select “Save Target as” ] and then continue with the removal.
Save it to your Windows desktop. Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

• Delete The Following Files after ending Active Running process
• %Windows\xpupdate.exe [ Kill the Process ]
  
• %Windows\50cent.exe [ Kill the Process ]
  
• %Windows\files.ini
• %Windows\nav32sp.exe [ Kill the Process ]
  
• %Windows\oi00r1z.dll
• %Windows\prot.exe [ Kill the Process ]
  
• %Windows\~5c.exe [ Kill the Process ]
  
• %Windows\Isasss.exe [ Kill the Process, Use Killbox if your Access Denied ]
  • If you have any of these files in running process from task manger, end the process before removal.
  • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
  • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
    

• The Following Files Can be Infected with W32.Randex.gen Trojan
  
• %System\agguvj.exe
• %System\bnmveqfts.exe
• %System\dllcache\winlogon.exe
• %System\dlp.exe
• %System\eejxdf.exe
• %System\explorer.exe
• %System\exuamw.exe
• %System\hostlogin.exe
• %System\iexplorer7.exe
• %System\ihost.exe
• %System\imchemaoa.exe
• %System\lexplore.exe
• %System\llass.exe
• %System\msconf.exe
• %System\msconfg.exe
• %System\msconfig.exe
• %System\msgfix.exe
• %System\mslogon.exe
• %System\msupdate.exe
• %System\mtwfdhx.exe
• %System\nvmbanr.exe
• %System\pdxfcasrq.exe
• %System\phjxqnp.exe
• %System\postalc.exe
• %System\quwsgbs.exe
• %System\regsvcd.exe
• %System\rejaww.exe
• %System\rundll32.dll
• %System\smlogsvcc.exe
• %System\spoolsrv.exe
• %System\svchosts.exe
• %System\syadpon.exe
• %System\system.exe
• %System\system32i.exe
• %System\thiskz.exe
• %System\txp\ntdzm.exe
• %System\windowantasdivri.exe
• %System\windows_update.exe
• %System\winexplore.exe
• %System\winmgr.exe
• %System\winrundll.exe
• %System\winup.exe
• %System\winupdate.exe
• %System\winupdatr.exe
• %Temp\nzm.exe
• %Windows\config\lsass.exe
• %Windows\nzm.exe
  
  • If you have any of these files in running process from task manger, end the process before removal.
  • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
  • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.