W32.Minudazash
W32.Minudazash is a harmful worm that carries multiple functions once it gains an access on target computer. Follow the removal guide on this page to contain this threat.
W32.Minudazash is a computer worm that propagates by duplicating itself to a mapped network drives and USB removable drives. The worm utilizes autorun functions to run itself whenever the drive is accessed. W32.Minudazash can steal sensitive information and allow a remote attacker to gain control of the computer using a backdoor port. It can also hide its presence on the affected system through registry modifications.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Characteristics
When W32.Minudazash executes, it will drop a copy of itself under Systems folder of Windows. Then, it will adjust the registry so that it will load whenever Windows starts. It will carry additional registry changes so that it can bypass Windows firewall and be able to communicate with a remote server.
Next, this worm will make changes to the default settings of Internet Explorer and replaces the default home page URL. Then, it will attempt to connect to a remote location and establish a backdoor channel to perform the following tasks:
- This worm can change wallpaper settings on the infected computer.
- Unauthorized attacker can control the PC using a Remote Desktop application.
- It can disable keyboard functions.
- W32.Minudazash can record keystrokes and sound from the microphone of affected system.
- The worm can steal information such as lists of installed programs and Yahoo login accounts. Data is sent to a remote server of a specified time.
Distribution
The worm will spread by creating a copy of itself to all network drives and removable devices using the file: %DriveLetter%\cbclient.exe
How to Remove W32.Minudazash
NOTE: We suggest that you PRINT or BOOKMARK this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.
Step 1 : Run a scan with your antivirus program
1. Temporarily Disable System Restore if your system is running on Windows Me/XP. [how to]
2. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will boot loading only necessary drivers and system files. Expect that it will run with minimal features and low-resolution display.
3. Open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of W32.Minudazash.
Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.
4. Once updating is finished, run a full system scan. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.
Step 2: Run another test with Norton Power Eraser
1. Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.
4. Once the file is downloaded, navigate its location and double-click on the icon (NPE.exe) to launch the program.
5. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.
6. On NPE main window, click on Advanced. We will attempt to remove W32.Minudazash components without restarting the computer.
9. On next window, select System Scan and click on Scan now to perform standard scan on your computer.
10. NPE will proceed with the scan. It will search for Trojans, viruses, and malware like W32.Minudazash. This may take some time, depending on the number of files currently stored on the computer.
11. When scan is complete. All detected risks are listed. Remove them and restart Windows if necessary.
Alternative Removal Methods for W32.Minudazash
Option 1 : Use Windows System Restore to return Windows to previous state
If W32.Minudazash enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before W32.Minudazash infiltrates the PC, we highly encourage you to execute this procedure if none of the above works.
To verify if System Restore is active on your computer, you can type system restore into the Start menu search box. Typing rstrui on the same box and pressing Enter also opens this function.
If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.
Option 2 : W32.Minudazash manual uninstall guide
IMPORTANT! Manual removal of W32.Minudazash requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to W32.Minudazash.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for W32.Minudazash files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by W32.Minudazash.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.
Technical Reference
Associated Files and Folders:Added Registry Entries:Ways to Prevent W32.Minudazash Infection
Take the following steps to protect the computer from threats. Suggested tools and security setup within installed software helps prevent the same attack on your PC.
Install an effective anti-malware program
Your first line of defense would be an effective security program that provides real-time protection. We have a list of anti-malware program that are tried and tested. It does not only scan files but also monitors your Internet traffic and is extremely active on blocking malicious communication. Click on the button below to download our recommended anti-malware program.