kinza.exe
fiber.exe
boot.vbs
actmon.ini
The following variation may also be there
imapde.dll
imapdc.vxd
imapd.exe
imapdb.dll
imapdb.exe
imapdc.dll
imapdd.dll
imapde.dll
rbwinx1.dll
Kill the following processes with your username from task manager
wscript.exe
cmd.exe
netsh.exe
First of all the taskmanager, registry editor & folder options may be disabled
To enable it use the free tool RRT (To Download click here)
On How to use it click here
Change the following registry values
(Be careful before you edit registry. Improper editing could lead to system crash)
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
On the Right Side find the entry named Userinit
It will have data as
C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\boot.vbs
Change it to
C:\WINDOWS\system32\userinit.exe
Now delete the following files located at C:\windows\system32\
kinza.exe
fiber.exe
actmon.ini
imapde.dll
imapdc.vxd
imapd.exe
imapdb.dll
imapdb.exe
imapdc.dll
imapdd.dll
imapde.dll
rbwinx1.dll
The virus disables windows firewall which you have to activate by going to control panel, clicking on security center, and then on windows firewall. It will say that the service has been stopped, do you want to start it. Click yes to start the firewall again.
Delete the following registry values to complete the removal of unnecessary registry keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shellnoroam\MUICache
On the right side locate and delete value c:\windows\system32\fiber.exe
3 comments:
Hello.
I have moderated the comment section. You can post your comments but they will appear only after they have been approved by me. I will login daily more than once to approve them.
Well go ahead and ask about any virus/trojans related problems you are having and I will be happy to answer you. Do check the contact me section.
Mudit
hi mudit,
thx 4 great help in removing sandeep sharma virus,
need one more help in the same great steps pls "to remove tr/crypt.cfi.gen" and w32.fujacks.ini
can u pls help in removing these two.
Regards,
Atul
You are welcome Atul.
I would love to post the removals of these virus but for that I would need samples of them. Can you zip the samples and send me on my mail id muditgoyal1131@yahoo.co.in (which I think wont work) or upload it to sites like rapidshare.
If thats not possible I can remove it personally by remotely accessing your pc. I you want that, contact me on my mail id.
Post a Comment