USBcillin is a rogue security application that disguises to protect USB drives from virus threats. USBcillin can modify Windows registry to hook itself and run each time Windows is started.

Alias: -

Damage Level: Low

Systems Affected: Windows

Manual Removal of USBcillin

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]

Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\system\”NoDispCPL” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\system\”DisableTaskMgr” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\system\”DisableRegistryTools” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Uninstall\”NoRemovePage” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Uninstall\”NoAddRemovePrograms” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Uninstall\”NoAddPage” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Network\”NoNetSetup” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoViewContextMenu” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoSetFolders” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoRun” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoPropertiesMyComputer” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoPrinters” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoNetHood” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoFolderOptions” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoFind” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoFileMenu” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoDesktop” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoControlPanel” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\”NoActiveDesktop” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”USBcillin” = “C:\WINDOWS\system32\USBcillin.exe”
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ System\”DisableCMD” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Uninstall\”NoRemovePage” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Uninstall\”NoAddRemovePrograms” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Uninstall\”NoAddPage” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System\”NoDispCPL” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System\”DisableTaskMgr” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System\”DisableRegistryTools” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Network\”NoNetSetup” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoViewContextMenu” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoSetFolders” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoRun” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoPropertiesMyComputer” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoPrinters” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoNetHood” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoFolderOptions” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoFind” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoFileMenu” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoDesktop” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoControlPanel” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoActiveDesktop” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Window Title” = “Windows Internet Explorer”

Navigate to and restore the following registry entries to their previous values, if required:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\”Userinit” = “C:\WINDOWS\system32\userinit.exe,”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\”Shell” = “explorer.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Explorer\TrayNotify\”PastIconsStream” = “hex:14,00,00,00,05,00,00,00,01,00,01,00,b6,00,00,00,14,00,00,00,49,4c, 00,06,b6,00,ba,00,04,00,10,00,10,00,ff,ff,ff,ff,21,00…”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Explorer\MenuOrder\Start Menu\”Order” = “hex:08,00,00,00,02,00,00,00,00,02,00,00,01,00,00,00,03,00,00,00,d2,00, 00,00,00,00,00,00,c4,00,00,00,41,75,67,4d,02,00,00,00…”

6. Exit registry editor.

7. Reset the Internet Explorer home page
- Start Microsoft Internet Explorer.
- Connect to the Internet, and then go to the page that you want to set as your home page.
- Click Tools > Internet Options.
- In the Home page section of the General tab, click Use Current > OK.

8. Restart the computer.
9. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.