|
HOW TO REMOVE W32.Imaut.BA:
1. Restart the computer using the Windows Recovery Console
[how to]
After starting in Recovery Console. Proceed with these commands:
a) Type cd windows
b) Type del system\svchost32.exe
c) Press Enter
d) Type del system\cmd.exe
e) Press Enter
f) Type del system\svchost.exe
g) Type exit
h) Press Enter. The computer will now restart automatically.it
2. After the computer restart, temporarily Disable System Restore (Windows
Me/XP).
[how to]
3. Update the virus definitions.
4. Reboot computer in SafeMode
[how to]
5. Run a full system scan and delete all infected files.
6. Delete/Modify any values added to the registry.
[how to
edit registry]
Navigate to and delete the following entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
\"Task Manager" = "%Windir%\system\svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
\"Yahoo Messenger" = "%Windir%\system\svchost32.exe"
Navugate to and restore the following registry
entries to their original values, if required:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" =
"http://eyejuice.net/"
HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz\"content url" =
"http://eyejuice.net/"
HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast
\"content url" = "http://eyejuice.net/"
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control
Panel\"Homepage" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
\"DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
\"DisableRegistryTools" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoRun"
= "1"
7. In order to make sure that threat is
completely eliminated from your computer, carry out a full scan of your
computer using
AntiVirus and
Antispyware Software. Another way to delete the virus using various
Antivirus Program without the need to install can be done with
Online Virus
Scanner.
|
