|
HOW TO REMOVE W32.Imaut.AA :
1. Temporarily Disable System Restore (Windows Me/XP).
[how to]
2. Download
Ewido
Micro Scanner and save it to your Desktop. Do not scan yet
3. Reboot computer in SafeMode
[how to]
4. End malicious Process
- Press Ctlr+Alt+Del
- Click Process tab
- End the process if present: smss.exe, SSVICSSHOST.exe, killer.exe,
lsass.exe
5. Delete the autorun files
- Go to Start > Run, type "cmd"
- At the command prompt, type "cd\", this will bring you to C:\
- Type "attrib" (C:\>attrib), it will display files with attributes. Take
note on attribute of autorun.inf. Usually it has SHR.
- Type “attrib -s -h -r C:\autorun.inf”, it will remove System, Hidden and
Read-Only attribute
- Type "edit autorun.inf" it will open DOS Editor and display contents as
follows
=======================
[autorun]
open=file.exe
shell\Open\Command=file.exe
shell\open\Default=1
shell\Explore\Command=file.exe
shell\Autoplay\command=file.exe
=======================
take note of the file/path that it runs. Ex: open=file.exe
where file.exe is the filename of the file that autoruns.
- Exit DOS Editor.
- Back at the command prompt type "attrib -s -h -r file.exe", where
file.exe is the file that was called on DOS editor to autorun. Ex:
C:\>attrib -s -h -r file.exe. If it is located on different
directory include the path. Ex: C:\>attrib -s -h -r c:\Windows\file.exe
- Type "del file.exe". If it is located on different directory include the
path.
Ex: C:\>del c:\Windows\file.exe
- Type "del autorun.inf"
- Type "del c:\Windows\system32\autorun.ini
- Type "del c:\Windows\system32\setting.ini
- Exit command prompt by typing "exit"
6. Run Disc Cleanup
- Go to Start > All Programs > Accessories >System Tools, click Disc
Cleanup
- Check the following: Downloaded Program Files, Temporary Internet Files,
Offline Webpage, Recycle Bin and Temporary Files.
7. View hidden files and folders.
- Open Windows Explorer
- Go to Tools > Folder Options
- Go to View Tab
- Mark "Show hidden files and folders"
- Click Apply, then OK
Note: If unable to change the settings, please click
here.
8. Update and scan with your installed AntiVirus. Quarantine/Delete
infected files
9. Search and delete other files.
- Go to Start > Search
- Find and delete files : New Folder.exe,
Funny UST Scandal.avi.exe, blastclnnn.exe, autorun.inf and smss.exe
(not the ones located on c:\i386\smss.exe, c:\i386\System32\smss.exe and
c:\Windows\System32\smss.exe that are legitimate files)
10. Scan with Ewido
- Double click the downloaded Ewido_Micro
- It will download Signature Database before scanning
- When update is completed, disconnect computer from Internet (Turn Off
Modem or unplug RJ45 jack)
- Click “Start scan” to begin. It may take time for the process to
finished
- Click “Remove Infection” to delete infected files.
- Restart computer and do another scan with Ewido
11. In order to make sure that threat is
completely eliminated from your computer, carry out a full scan of your
computer using
AntiVirus and
Antispyware Software. Another way to delete the virus using various
Antivirus Program without the need to install can be done with
Online Virus
Scanner.
|
