W32.Aboc may spread on computers through removable USB devices. In order to remove this virus, you need to scan the PC with an effective antivirus program.
W32.Aboc is a computer virus that will propagate on USB removable drives and infects the system with another virus called W32.Virut.CF. W32.Aboc is also capable of downloading additional threats from a remote server and executes it on the affected computer. By making some changes on the system, this virus may be able to hide its presence and avoid antivirus detection.
When executed, the worm will drop several files under Windows folder. Please refer to Malicious Files section for a complete list. Next, W32.Aboc will adjust the registry to gain start-up spot on Windows. It will add some entries that will able to load the virus each time you start Windows.
To allow network access, the virus will also tweak registry and modify the firewall for this sole purpose. Then, it modifies windows keys to avoid own removal. Also by tweaking the registry, the virus will disable your Internet browser’s proxy settings.
W32.Aboc then attempts to establish a connection with an array of domains to which it will download additional threat. It also infects legitimate Windows files like logonui.exe and wuaucldt.exe
W32.Aboc virus spread normally through spam email messages. It is typically attached as a valuable file to a spam email that normally disguises as promotional items from a known brand. Locally, it will transmit via removable drives such as memory stick, flash drive, or external hard disk.
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of W32.Aboc:
1. Temporarily Disable System Restore.
2. Update the virus definitions.
3. Restart Windows in Safe Mode.
4. Run a full system scan and clean/delete all infected files.
5. Delete/Modify any values added to the registry.
6. Exit registry editor and restart Windows.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Hide its presence on the system
- Disable proxy access on Internet Explorer
- Modify Windows Registry
Malicious Files Added by W32.Aboc:
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\SYSTEMIL2.EXE
Associated Windows Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”SystemIL” = “%Windir%\SYSTEMIL.EXE”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”SystemIL” = “%Windir%\SYSTEMIL.EXE”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”%System%\winlogon.exe” = “%System%\winlogon.exe:*:enabled:@shell32.dll,-1″
Alternative Removal Method for W32.Aboc
Option 1 : Use Windows System Restore to return Windows to previous state
If W32.Aboc enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before W32.Aboc infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.