Trojan.Mournor or W32.Mournor
When your computer is infected with Trojan.Mournor, you may follow the procedure on this page to contain this threat. Remove the Trojan at once before it can further harm the system.
Trojan.Mournor or W32.Mournor is a computer worm that alters certain system files and downloads additional threats coming from a remote server. The worm may propagate by infecting removable USB drives and network shared drives that have weak protection. It replaces genuine explorer.exe file with a modified one and moved it to a different folder. This method will allow the Trojan to execute when user opens Windows Explorer.
Alias: Trojan.Mourner, Worm.Win32.VB.nu, W32/Autorun.worm.gen, Mal/Generic-A, Worm:Win32/Autorun.PL, Worm.Win32.AutoRun, Win32/Xema.worm.2449408
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
When executed, Trojan.Mournor or W32.Mournor copies itself under Windows Directory and to the local drives it founds on target computer. Next, the worm will create a backup copy of “Explorer.exe” to a specified system folder and replaces the legitimate file with its own modified version. This makes the worm to run for every instance of Explorer activities.
Distribution
To infect other drives on the affected computer, W32.Mournor will drop one executable file and another Autorun.Inf file. The purpose of the Autorun file is to set the drive to autoplay or auto-execute the worm when the drive is mounted. If the infected drive is shared across the network then other connected computers might as well be infected with W32.Mournor. Using the infected USB drives on another PC might as well cause the same infection. Therefore, it is sometimes advisable that Autorun feature of Windows must be turned off.
How to Remove Trojan.Mournor or W32.Mournor
Manual Removal Procedure
1. Kill any running process that belongs to Trojan.Mournor.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
svc.exe
2. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
3. Delete all files dropped by Trojan.Mournor.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'
Removing the Virus from USB Drive
1. To eliminate Trojan.Mournor on every removable drives, please download and run Flash Disinfector. This tool is designed to scan malicious objects from Removable USB Devices, Flash Drives and memory stick.
Alternative Removal Method for Trojan.Mournor or W32.Mournor
Option 1 : Use Windows System Restore to return Windows to previous state
If Trojan.Mournor or W32.Mournor enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Trojan.Mournor or W32.Mournor infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Option 2 : Trojan.Mournor or W32.Mournor manual uninstall guide
IMPORTANT! Manual removal of Trojan.Mournor or W32.Mournor requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to Trojan.Mournor or W32.Mournor.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Trojan.Mournor or W32.Mournor files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by Trojan.Mournor or W32.Mournor.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.