Trojan.Spy.Agent malware comes hidden using an folder icon, used as a mean to persuade people in executing it.
After execution, it drops several files and creates three directories in C:\Windows\system32\ in one of which it copies itself. These directories are set as hidden and protected system folders, so without full viewing permissions, they can remain hidden [...]
Exploit.SWF contains an actionscript to load another small swf file based on the Flash version detected. If a vulnerable version is detected then the corresponding exploit is executed. This will allow a remote attacker to download and execute arbitrary files on system.
Exploit.SWF removal - Exploit.SWF virus cleaner:
1. Temporarily Disable System Restore, Reboot computer in SafeMode;
2.Scan [...]
Trojan-Downloader.Win32.Agent is used to download and run other malicious applications from the internet (mostly password stealers).
When run, the downloader drops a dinamic library file in the %temp% directory with a random name, such as 4049437_ex.tmp, 4099250_ex.tmp, 4161421_ex.tmp.
The malware uses a function from this dll to run the files it downloads (probably to avoid euristic detections [...]
.dll removal - .dll virus cleaner:
1. Temporarily Disable System Restore, Reboot computer in SafeMode;
2.Find and delete the following files in the folder:
C:\WINDOWS\\system32\\.dll
3. Delete or modify the following registry keys and values:
HKEY_CLASSES_ROOT\CLSID\\InProcServer32
@ = C:\\WINDOWS\\system32\\.dll
HKEY_CLASSES_ROOT\CLSID\\InProcServer32
ThreadingModel = Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
= “”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
=
4. Scan your computer completely using antivirus software(AVG,Malwarebytes,CCleaner,etc.).
Clean comres.dll mmsfc1.dll virus - comres.dll mmsfc1.dll removal:
1. Temporarily Disable System Restore, Reboot computer in SafeMode;
2.Find and delete the following files in the folder:
%Windows%\fOntS\comres.dll
%Windows%\fOntS\GTH60366.fon
%Windows%\fOntS\GTH60366.ttf
%System%\comres.dll
%System%\GTH60366.exe - copy of rundll32.exe
%System%\mmsfc1.dll
%System%\sysGTH.dll
3. Open the Start Menu.In the white line (Start Search) area, type regedit and press Enter.
then press CTRL+F,and find ‘ comres.dll’ ,if find someting then delete it.
4. Scan [...]
Clean digiwet.dll virus - digiwet.dll removal:
1. Temporarily Disable System Restore, Reboot computer in SafeMode;
2.Find and delete the following files in the folder:
%windir%\system32\digiwet.dll
%windir% \wiaservim.log in
3. Delete or modify the following registry keys and values:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
4. Scan your computer completely using antivirus software(AVG,Malwarebytes,CCleaner,etc.).
Clean worm.pinit-4 virus - worm.pinit-4 virus removal:
1. Temporarily Disable System Restore, Reboot computer in SafeMode;
2.Find and delete the following files in the folder:
C:\WINDOWS\$NtServicePackUninstall$\user32.dll
C:\WINDOWS\ServicePackFiles\i386\user32.dll
C:\WINDOWS\system32\user32.dll
3. Insert Windows CD,then press R to repair Windows.At the prompt, enter the following code and press enter;
copy d:\i386\user32.dl_ c:\windows\system32\user32.dll
then,remove the Windows CD, and restart the computer
4. Scan your computer completely using antivirus [...]
Clean trojan.adclicker virus - trojan.adclicker virus removal:
1. Temporarily Disable System Restore, Reboot computer in SafeMode;
2.Find and delete the following files in the folder:
C:\Documents and Settings\All Users\Application Data\Microsoft\Application Data\poco.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
3. Delete or modify the following registry keys and values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
C:\Documents and Settings\All Users\Application Data\Microsoft\Application Data\poco.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
4. Scan your computer completely using [...]
Clean Trojan.Brisv.A!inf virus - Trojan.Brisv.A!inf virus removal:
Trojan.Brisv.A!inf, also known as W32/GetCodec-A (Sophos), is a prompt trojan interacting with media files and Windows Media Player. Its size is small and that allows it to be easely downloaded with other data that has been infected previousely.
Here is a step by step set of instructions designed to help [...]
Clean trojan.vundo virus - trojan.vundo virus removal:
Here is a step by step set of instructions designed to help you clean up the virus:
1. Temporarily Disable System Restore, Run MSCONFIG and disable every startup item and Reboot computer in SafeMode;
2.Find and delete the following files in the folder:
%Temp%\[REVERSED TROJAN FILE NAME].dat
%ProgramFiles%\system32\vundo.dll
3. Delete or modify the following [...]
