Clean bait.doc.exe winword.doc.exe winword2.doc.exe virus Removal:

Here is a step by step set of instructions designed to help you clean up the virus:

1. Temporarily Disable System Restore, Reboot computer in SafeMode;

2.Find and delete the following files in the folder:
%USERPROFILE%\local settings\temp\89c244e57fb899f8d5ff0a578e4d5ca3bda46ab1.exe

%USERPROFILE%\desktop\bait.doc.exe
%USERPROFILE%\my documents\bait.doc.exe
%USERPROFILE%\templates\winword.doc.exe
%USERPROFILE%\templates\winword2.doc.exe
%WINDIR%\mydoc.rtf
%WINDIR%\shellnew\winword8.doc.exe
%WINDIR%\system32\bafjzmhu.exe
%WINDIR%\system32\config\systemprofile\templates\winword.doc.exe
%WINDIR%\system32\config\systemprofile\templates\winword2.doc.exe
%WINDIR%\system32\dvohhhqsmigze.exe
%WINDIR%\system32\ooqcvhabsgybywh.exe
%WINDIR%\system32\pckhar.exe
%WINDIR%\system32\vxdlfzfgez.exe
c:\documents and settings\default user\templates\winword.doc.exe
c:\documents and settings\default user\templates\winword2.doc.exe
c:\documents and settings\stupid\templates\winword.doc.exe
c:\documents and settings\stupid\templates\winword2.doc.exe

3. Open the Start Menu.In the white line (Start Search) area, type regedit and press Enter.Delete or modify the following registry keys and values:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\currentversion\policies\system\
    • disableregistrytools = 1
  • HKEY_CURRENT_USER\software\policies\microsoft\Windows\system\
    • disablecmd = 2
  • HKEY_LOCAL_MACHINE\software\classes\clv.classes\
    • com1 = 32452d0b9c2d83536a4377a170202cd97df465aa
    • com2 = 6abafabbfe17f1e3840f3b32869a3993b38c02884261033be2be45e708a2
    • com3 = 2fb2b12b479339e852c4baa6329dd4b8
    • com4 = 7ef5fcf8482f85199130d72f7e94bceee144593767406234d791
    • startcom1 = e78068b0fe1a22d9d108d0a88b799017
    • startcom2 = 184fc7781590dac3b8bc7f95ede234ca
  • HKEY_LOCAL_MACHINE\Software\Microsoft\security center\
    • antivirusdisablenotify = 1
    • antivirusoverride = 1
    • firewalldisablenotify = 1
    • firewalloverride = 1
    • firstrundisabled = 1
    • updatesdisablenotify = 1
  • HKEY_CURRENT_USER\sessioninformation\
    • programcount = 2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\currentversion\explorer\advanced\
    • hidefileext = 1
    • showsuperhidden = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\currentversion\policies\explorer\
    • nodrivetypeautorun = 145
  • HKEY_LOCAL_MACHINE\software\classes\.bat\
    • (default) = txtfile
  • HKEY_LOCAL_MACHINE\software\classes\.reg\
    • (default) = txtfile
  • HKEY_LOCAL_MACHINE\software\classes\.vbs\
    • (default) = txtfile
  • HKEY_LOCAL_MACHINE\software\classes\.wsc\
    • (default) = txtfile
  • HKEY_LOCAL_MACHINE\software\classes\.wsf\
    • (default) = txtfile
  • HKEY_LOCAL_MACHINE\software\classes\.wsh\
    • (default) = txtfile
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\systemrestore\
    • disablesr = 1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\winlogon\
    • sfcdisable = 1113997
    • sfcscan = 0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\
  • explorer\advanced\folder\hidden\showall\
    • checkedvalue = 0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\installer\userdata\s-1-5-18\products\904000001e872d116bf00006799c897e\usage\
    • wordfiles = 261379
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\run\
    • (default) = dvohhhqsmigze.exe
    • jugqqfpv = vxdlfzfgez.exe
    • oyicaxec = ooqcvhabsgybywh.exe
  • HKEY_LOCAL_MACHINE\system\controlset001\control\computername\computername\
    • computername = virusbenci
  • HKEY_LOCAL_MACHINE\system\controlset001\services\tcpip\parameters\
    • hostname = virusbenci
    • nv hostname = virusbenci

    4. Scan your computer completely using antivirus software(AVG,Malwarebytes,CCleaner,etc.).

    • Bookmark and Share