Overall Risk Level: 
W32.Mibling is a worm that opens a backdoor on infected computer and connects to a specific IRC channels to allow a remote unauthorized access. W32.Mibling propagates through instant messaging program that sends messages with malicious links.
Alias: -
Damage Level: Low
Systems Affected: Windows
Manual Removal of W32.Mibling
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\Acha.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\AmyMastura.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\BabyRina.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\cscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\csrsz.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\lsasc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\registry.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\SMSSS.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\wscript.exe
Navigate to and restore the following registry entries to their previous values, if required:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe, C:\Program Files\Microsoft Office\OFFICE11\services.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\”NeverShowExt” = “”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\”UacDisableNotify” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”AntiVirusDisableNotify” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”AntiVirusOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\FirewallDisableNotify” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”FirewallOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”FirstRunDisabled” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”UpdatesDisableNotify” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”UacDisableNotify” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\system\”EnableLUA” = “0″
HKEY_ALL_USERS\Software\Microsoft\Office\Common\”QMSessionCount” = “2″
HKEY_ALL_USERS\Software\Microsoft\Office\Common\ Assistant\”CurrAsstState” = “26″
6. Exit registry editor and restart the computer.
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
How to Remove W32.Mibling:
On this page is our suggested (by precisesecurity) removal procedure and Visitor's own suggestion. We cannot control and evaluate each suggested procedure so please use it at your own risks. If no suggestion is present to remove virus, spyware, adware and malware, you may try the following:- Scan W32.Mibling with MalwareByte's Anti-Malware
- Remove W32.Mibling with Standard Virus Scan
Any Response?