|
HOW TO REMOVE W32.SillyFDC :
1. Temporarily Disable System Restore (Windows Me/XP).
[how to]
2. Download
Ewido
Micro Scanner and save it to your Desktop. Do not scan yet
3. Reboot computer in SafeMode
[how to]
4. End malicious Process
- Press Ctlr+Alt+Del
- Click Process tab
- End the process if present: password_viewer.exe, CALC, calc, mscalc.exe,
startupfolder, config_
startupfolder.com, config_.com
5. Delete the autorun files
- Go to Start > Run, type "cmd"
- At the command prompt, type "cd\", this will bring you to C:\
- Type "attrib" (C:\>attrib), it will display files with attributes. Take
note on attribute of autorun.inf. Usually it has SHR.
- Type “attrib -s -h -r C:\autorun.inf”, it will remove System, Hidden and
Read-Only attribute
- Type "edit autorun.inf" it will open DOS Editor and display contents as
follows
=======================
[autorun]
open=file.exe
shell\Open\Command=file.exe
shell\open\Default=1
shell\Explore\Command=file.exe
shell\Autoplay\command=file.exe
=======================
take note of the file/path that it runs. Ex: open=file.exe
where file.exe is the filename of the file that autoruns.
- Exit DOS Editor.
- Back at the command prompt type "attrib -s -h -r file.exe", where
file.exe is the file that was called on DOS editor to autorun. Ex:
C:\>attrib -s -h -r file.exe. If it is located on different
directory include the path. Ex: C:\>attrib -s -h -r c:\Windows\file.exe
- Type "del file.exe". If it is located on different directory include the
path.
Ex: C:\>del c:\Windows\file.exe
- Type "del autorun.inf"
- Type "del c:\Windows\autorun.inf
- Type "del c:\Windows\password_viewer.exe
- Type "del c:\Douments and Settings\(Your User Name)\Local
Settings\Application Data\Microsoft\CD Burning\autorun.inf
- Exit command prompt by typing "exit"
6. Run Disc Cleanup
- Go to Start > All Programs > Accessories >System Tools, click Disc
Cleanup
- Check the following: Downloaded Program Files, Temporary Internet Files,
Offline Webpage, Recycle Bin and Temporary Files.
7. View hidden files and folders.
- Open Windows Explorer
- Go to Tools > Folder Options
- Go to View Tab
- Mark "Show hidden files and folders"
- Click Apply, then OK
Note: If unable to change the settings, please click
here.
8. Update and scan with your installed AntiVirus. Quarantine/Delete
infected files
9. Search and delete other files.
- Go to Start > Search
- Find and delete files : password_viewer.exe, calc.exe (not the one
located on \system32\calc.exe), mscalc.exe, startupfolder.exe,
config_.exe, startupfolder.com and config_.com
10. Scan with Ewido
- Double click the downloaded Ewido_Micro
- It will download Signature Database before scanning
- When update is completed, disconnect computer from Internet (Turn Off
Modem or unplug RJ45 jack)
- Click “Start scan” to begin. It may take time for the process to
finished
- Click “Remove Infection” to delete infected files.
- Restart computer and do another scan with Ewido
11. In order to make sure that threat is
completely eliminated from your computer, carry out a full scan of your
computer using
AntiVirus and
Antispyware Software. Another way to delete the virus using various
Antivirus Program without the need to install can be done with
Online Virus
Scanner.
Note: If computer shutdown automatically and cannot perform the
procedure. Please follow this:
Scanning and Disinfecting Infected Hard Disk via USB
|
