Computer Virus Threats

You are here: HOME > COMPUTER > ANTIVIRUS

W32.Killaut.A

Reported: September 12, 2007

 

 

Description:

W32.Killaut.A spreads by duplicating itself to local and removable drives. It can also disables system tools and some antivirus-related processes.
 

Technical Name: W32.Killaut.A

 

Threat Level: Low

 

Type: Worm

 

Systems Affected: Windows All
SideBar

MAIN MENU

Home

Computer

PDA

MobilePhone

FREE ONLINE SCANNER

THREAT SEARCH

Removal Blogs

 

 

HOW TO REMOVE W32.Killaut.A:

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.

3. Reboot computer in SafeMode [how to]

4. Run a full system scan and clean/delete all infected file

5. Delete/Modify any values added to the registry. [how to edit registry]

Restore the following registry entries to their original values, if required:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\"3" = "63 00 3A 00 5C 00 77 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C 00 63 00 6F 00 6D 00 70 00 6D 00 67 00 6D 00 74 00 2E 00 65 00 78 00 65 00 2C 00 30 00 00 00 74"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run

\"compmgmt.exe " = "63 00 3A 00 5C 00 77 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 64 00 65 00 62 00 75 00 67 00 5F 00 33 00 32 00 2E 00 65 00 78 00 65 00 00 00 00"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Shell" "63 00 3A 00 5C 00 77 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C 00 63 00 6F 00 6D 00 70 00 6D 00 67 00 6D 00 74 00 2E 00 65 00 78 00 65 00 00 00 07"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Sheli" = "63 00 3A 00 5C 00 77 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C 00 74 00 61 00 73 00 6B 00 73 00 5C 00 64 00 6D 00 61 00 64 00 6D 00 69 00 6E 00 5F 00 31 00 2E 00 65 00 78 00 65 00 00 00 00"


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\"AtTaskMaxHours" = "0x00000048"


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule

\"AtTaskMaxHours" = "0x00000048"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

\"NoFolderOptions" = "0x00000001"


HKEY_CURRENT_USER\Control Panel\don't load\"appwiz.cpl" = "6E 00 6F 00 00 00 00"
HKEY_CURRENT_USER\Control Panel\don't load\"Services.cpl" = "6E 00 6F 00 00 00 00"
HKEY_CURRENT_USER\Control Panel\don't load\"Startup.cpl" = "6E 00 6F 00 00 00 00"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

\"NoFolderOptions" = "0x00000001"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

\"NoRun" = "0x00000001"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

\"NoFind" = "0x00000001"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

\"NoFileMenu" = "0x00000001"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run

\"Sheli" = "63 00 3A 00 5C 00 77 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C 00 74 00 61 00 73 00 6B 00 73 00 5C 00 64 00 6D 00 61 00 64 00 6D 00 69 00 6E 00 5F 00 31 00 2E 00 65 00 78 00 65 00 00 00 00"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

\"DisableRegistryTools" = "0x00000001"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

\"DisableTaskMgr" = "0x00000001"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

\"NoDriveTypeAutoRun" = "0x00000001"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp

\"Disabled" = "0x00000001"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Sheli" = "63 00 3A 00 5C 00 77 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C 00 74 00 61 00 73 00 6B 00 73 00 5C 00 64 00 6D 00 61 00 64 00 6D 00 69 00 6E 00 5F 00 31 00 2E 00 65 00 78 00 65 00 00 00 00"


HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\"{default}" = "00 00 C3"


HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\"Connection Settings" = "0x00000001"


HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\"ConnectionsTab" = "0x00000001"


HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\"GeneralTab" = "0x00000001"


HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\"HomePage" = "0x00000001"


HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\"Settings" = "0x00000001"


HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoFolderOptions" = "0x00000001"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\"(default)" = "74 00 78 00 74 00 66 00 69 00 6C 00 65 00 00 00 05"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder

\SuperHidden\"ValueName" = "53 00 68 00 6F 00 77 00 53 00 75 00 70 00 65 00 72 00 48 00 69 00 64 00 64 00 65 00 6E 00 00 00 03"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder

\SuperHidden\Policy\DontShowSuperHidden\"(default)" = "00 00 C3"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "43 00 3A 00 5C 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 5C 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 75 00 73 00 65 00 72 00 69 00 6E 00 69 00 74 00 2E 00 65 00 78 00 65 00 2C 00 63 00 3A 00 5C 00 77 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C 00 74 00 61 00 73 00 6B 00 73 00 5C 00 64 00 6D 00 61 00 64 00 6D 00 69 00 6E 00 5F 00 31 00 2E 00 65 00 78 00 65 00 00 00 39"


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\"AlternateShell" = "63 00 3A 00 5C 00 77 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 4D 00 73 00 4D 00 70 00 45 00 6E 00 67 00 2E 00 65 00 78 00 65 00 00 00 05"


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\"AlternateShell" = "63 00 3A 00 5C 00 77 00 69 00 6E 00 64 00 6F 00 77 00 73 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 4D 00 73 00 4D 00 70 00 45 00 6E 00 67 00 2E 00 65 00 78 00 65 00 00 00 05"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "0x00000002"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "0x00000001"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

\"ShowSuperHidden" = "0x00000000"

Navigate to and restore the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\find
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

 

6. Exit registry editor and restart the computer.

7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
Precise Security

  FREE ON-LINE VIRUS SCANNER:   

Click here to proceed

 

  SPYWARE REMOVAL TOOLS:

Download and run any of these Anti-Spyware

Home | Computer | PDA | Mobile Phone | Links & Resources | Contact Us

Copyright 2005-2009 PRECISESECURITYdotCOM
All Rights Reserved