Clean excel.xls excel4.xls  virus - regedt32.sys pagefile.exe virus removal:

Here is a step by step set of instructions designed to help you clean up the virus:

1. Temporarily Disable System Restore, Reboot computer in SafeMode;

2.Find and delete the following files in the folder:
%USERPROFILE%\local settings\temp\7a6bf18f47dfc9960c786d20010b9c71d2d8c046.exe

%USERPROFILE%\templates\excel.xls
%USERPROFILE%\templates\excel4.xls
%USERPROFILE%\templates\winword.doc
%USERPROFILE%\templates\winword2.doc
%WINDIR%\help\helpcat.exe
%WINDIR%\regedt32.sys
%WINDIR%\sysinf.bat
%WINDIR%\system\kavupda.exe
%WINDIR%\system32\exceres
%WINDIR%\system32\option.bat
%WINDIR%\system32\wordres
c:\documents and settings\default user\templates\excel.xls
c:\documents and settings\default user\templates\excel4.xls
c:\documents and settings\default user\templates\winword.doc
c:\documents and settings\default user\templates\winword2.doc
c:\documents and settings\stupid\templates\excel.xls
c:\documents and settings\stupid\templates\winword.doc
c:\recyclep\pagefile.exe
d:\recyclep\pagefile.exe

3. Open the Start Menu.In the white line (Start Search) area, type regedit and press Enter.Delete or modify the following registry keys and values:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\

    • currentversion\policies\explorer\disallowrun\

    • 1 = avp.exe
    • 10 = rfwcfg.exe
    • 11 = kpfw32.exe
    • 12 = kpfw32x.exe
    • 13 = kavpfw.exe
    • 14 = kav32.exe
    • 15 = kavstart.exe
    • 2 = rfwmain.exe
    • 3 = rfwsrv.exe
    • 4 = ravmod.exe
    • 5 = ccenter.exe
    • 6 = ravmon.exe
    • 7 = ravstub.exe
    • 8 = ravservice.exe
    • 9 = rav.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\image file execution options\360safe.exe\
    • debugger = d:\recycler\????8.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\image file execution options\360tray.exe\
    • debugger = d:\recycler\????8.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\image file execution options\avp.exe\
    • debugger = d:\recycler\????8.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\image file execution options\kavstart.exe\
    • debugger = d:\recycler\????8.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\image file execution options\rav.exe\
    • debugger = d:\recycler\????8.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\image file execution options\ravmod.exe\
    • debugger = d:\recycler\????8.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\image file execution options\regedit.exe\
    • debugger = d:\recycler\????8.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\image file execution options\rfwmain.exe\
    • debugger = d:\recycler\????8.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\image file execution options\rfwsrv.exe\
    • debugger = d:\recycler\????8.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\image file execution options\taskmgr.exe\
    • debugger = d:\recycler\????8.exe

    • 4. Scan your computer completely using antivirus software(AVG,Malwarebytes,CCleaner,etc.).

    Bookmark and Share