W32.Feebs.E@mm
removal procedures requires technical know-how on computer
troubleshooting. It is better to consult your LAN Administrator or
Technical Persons to avoid additional damage on your computer if
modifications on Services and Registry have to be done.
MANUAL REMOVAL:
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected.
4. Delete any values added to the registry.
Navigate to the subkey and delete
value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\ShellServiceObjectDelayLoad
Value: "[FILE NAME OF DLL WORM COMPONENT]" = "{[RANDOM CLSID]}"
Navigate to the subkey and delete value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
Components\{CD5AC91B-AE7B-E83A-0C4C-E616075972F3}
Value: "Stubpath" = "C:\Recycled\userinit.exe"
Navigate to the subkey and delete value:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Value: "mal" = "[EMAIL ADDRESS OF RECIPIENT]"
Navigate to the subkey and delete value:
HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\InprocServer32
Value: "(default)" = "%System\[PATH TO DLL WORM COMPONENT]"
Navigate to the subkey and delete value:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Value:
"web" =
"68 74 74 70 3A 2F 2F 70 6F 70 63 61 70 66 72 65 65 2E 74 33 35 2E 63 6F
6D 2F 00"
Navigate to and delete the following subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\dat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\cdat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\fdat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\rdat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\sdat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\ldat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\gdat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\pdat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\udat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\idat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\ddat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\kdat
5. Exit registry and
re-start the computer
***If it makes changes to Windows
registry that may prevent you from running executable files. A tool to
reset registry values to the default value is available for download.
Click Here.
6. Reenable the SharedAccess service (Windows 2000/XP only).
[how to]
7. In order to make sure that worm feebs.e is
completely eliminated from your computer, carry out a full scan of your
computer using
AntiVirus and
Antispyware Software. Another way to delete the virus using various
Antivirus Program without the need to install can be done with
Online Virus
Scanner.
Click here to
proceed 
Click here to download
Download and run any of these
Anti-Spyware:
Spy Sweeper
Spyware Doctor
Pest Patrol
Spy Hunter
|
