|
W32.Neela removal procedure requires technical know-how on
computer troubleshooting. It is better to consult your LAN Administrator
or Technical Persons to avoid additional damage on your computer if
modifications on Services and Registry have to be done.
HOW TO REMOVE W32.Neela :
1. Restart the computer using the Windows Recovery Console
[how to]
After starting in Recovery Console. Proceed with these commands:
a) Type del index.dat, Press Enter.
b) Type del Word Template.LNK, Press Enter.
c) Type cd C:\Documents and Settings\Administrator\Local
Settings\Application Data\Administrator.task
Press Enter.
d) Type del csrss.exe, Press Enter.
e) Type del lsass.exe, Press Enter.
f) Type del services.exe, Press Enter.
g) Type del smss.exe, Press Enter.
h) Type del winlogon.exe, Press Enter.
i) Type cd..,Press Enter.
j) Type cd Temp\Word Template, Press Enter.
k) Type del 2.doc, Press Enter.
l) Type del lsass.doc, Press Enter.
m) Type del services.doc, Press Enter.
n) Type del smss.doc, Press Enter.
o) Type del winlogon.doc, Press Enter.
p) Type cd C:\Documents and Settings\All Users\Application Data, Press
Enter.
q) Type del Normal.exe, Press Enter.
r) Type C:\Windows\System32, Press Enter.
s) Type del execute.exe, Press Enter.
t) Type cd.., Press Enter.
u) Type cd Tasks, Press Enter.
v) Type del At1.job, Press Enter.
w) Type del leena.job, Press Enter.
x) Type cd.., Press Enter.
y) Type del aneel.exe, Press Enter.
z) Type del l33na.exe, Press Enter.
aa) Type del leena.exe, Press Enter.
ab) Type del Normal.zip, Press Enter.
ac) Type cd.., Press Enter.
ad) Type del Read This.exe, Press Enter.
ae) Type exit, Press Enter. The computer will now restart automatically.
2. After the computer restart, temporarily Disable System Restore (Windows
Me/XP).
[how to]
3. Update the virus definitions.
4. Reboot computer in SafeMode
[how to]
5. Run a full system scan and delete all infected files.
6. Delete/Modify any values added to the registry.
[how to
edit registry]
Navigate to and delete the following entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\AtTaskMaxHours"
= "48"
HKEY_USERS\S-1-5-21-823293668-192808943-1586382537-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoSetFolders"
= "1"
HKEY_USERS\S-1-5-21-823293668-192808943-1586382537-500\Software\Nico Mak
Computing\WinZip\filemenu\filemenu5" = "C:&x5C;WINDOWS&x5C;Normal.zip"
Restore the following registry entries to their
original values, if required:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.inf\"Default" = "txtfile"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\"Default" = "txtfile"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\"Default" = "Microsoft Word
Document"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
\Folder\HideFileExt\"Type" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
\Folder\SuperHidden\"Type = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\"Shell" = "Explorer.exe C:&x5C;WINDOWS&x5C;l33na.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\"AlternateShell"
= "C:&x5C;Documents and Settings&x5C;Administrator&x5C;Local
Settings&x5C;Application Data&x5C;Administrator.task&x5C;services.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\"NextAtJobId"
= "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch
\"Epoch" = "A52"
HKEY_USERS\S-1-5-21-823293668-192808943-1586382537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden"
= "2"
HKEY_USERS\S-1-5-21-823293668-192808943-1586382537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt"
= "1"
HKEY_USERS\S-1-5-21-823293668-192808943-1586382537-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"SuperHidden"
= "1"
7. In order to make sure that threat is
completely eliminated from your computer, carry out a full scan of your
computer using
AntiVirus and
Antispyware Software. Another way to delete the virus using various
Antivirus Program without the need to install can be done with
Online Virus
Scanner.
|
