W32.Minudazash is a computer worm that propagates by duplicating itself to a mapped network drives and USB removable drives. The worm utilizes autorun functions to run itself whenever the drive is accessed. W32.Minudazash can steal sensitive information and allow a remote attacker to gain control of the computer using a backdoor port. It can also hide its presence on the affected system through registry modifications.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
When W32.Minudazash executes, it will drop a copy of itself under Systems folder of Windows. Then, it will adjust the registry so that it will load whenever Windows starts. It will carry additional registry changes so that it can bypass Windows firewall and be able to communicate with a remote server.
Next, this worm will make changes to the default settings of Internet Explorer and replaces the default home page URL. Then, it will attempt to connect to a remote location and establish a backdoor channel to perform the following tasks:
- This worm can change wallpaper settings on the infected computer.
- Unauthorized attacker can control the PC using a Remote Desktop application.
- It can disable keyboard functions.
- W32.Minudazash can record keystrokes and sound from the microphone of affected system.
- The worm can steal information such as lists of installed programs and Yahoo login accounts. Data is sent to a remote server of a specified time.
The worm will spread by creating a copy of itself to all network drives and removable devices using the file: %DriveLetter%\cbclient.exe
How to Remove W32.Minudazash
NOTE: We suggest that you PRINT or BOOKMARK this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.
Step 1 : Run a scan with your antivirus program
1. First thing you should do is reboot the computer in Safe Mode with Networking to avoid W32.Minudazash from loading at start-up.
Remove all media such as Memory Card, cd, dvd, and USB devices. Then, restart the computer and please do the following:
Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode.
Start computer in Safe Mode using Windows 8 and Windows 10
a) Close any running programs on your computer.
b) Get ready to Start Windows. On your keyboard, Press and Hold Shift key and then, click on Restart button.
c) It will prompt you with options, please click on Troubleshoot icon.
d) Under Troubleshoot window, select Advanced Options.
e) On next window, click on Startup Settings icon.
f) Lastly, click on Restart button on subsequent window.
g) When Windows restarts, present startup options with numbers 1 - 9. Select "Enable Safe Mode with Networking" or number 5.
h) Windows will now boot on Safe Mode with Networking. Proceed with virus scan as the next step.
2. Once Windows is running under Safe Mode with Networking, open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of W32.Minudazash.
Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.
3. Once updating is finished, run a full system scan. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.
Step 2: Run another test with Norton Power Eraser
1. Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.
4. Once the file is downloaded, navigate its location and double-click on the icon (NPE.exe) to launch the program.
5. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.
6. On NPE main window, click on Advanced. We will attempt to remove W32.Minudazash components without restarting the computer.
7. On next window, select System Scan and click on Scan now to perform standard scan on your computer.
8. NPE will proceed with the scan. It will search for Trojans, viruses, and malware like W32.Minudazash. This may take some time, depending on the number of files currently stored on the computer.
9. When scan is complete. All detected risks are listed. Remove them and restart Windows if necessary.
Alternative Removal Methods for W32.Minudazash
Option 1 : Use Windows System Restore to return Windows to previous state
During an infection, W32.Minudazash drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.
To verify if System Restore is active on your computer, please follow the instructions below to access this feature.
Access System Restore on Windows XP, Windows Vista, and Windows 7
a) Go to Start Menu, then under 'Run' or 'Search Program and Files' field, type rstrui.
b) Then, press Enter on the keyboard to open System Restore Settings.
Open System Restore on Windows 8
a) Hover your mouse cursor to the lower left corner of the screen and wait for the Start icon to appear.
b) Right-click on the icon and select Run from the list. This will open a Run dialog box.
c) Type rstrui on the 'Open' field and click on OK to initiate the command.
If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.
Option 2 : W32.Minudazash manual uninstall guide
IMPORTANT! Manual removal of W32.Minudazash requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to W32.Minudazash.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for W32.Minudazash files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by W32.Minudazash.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.
Ways to Prevent W32.Minudazash Infection
Take the following steps to protect the computer from threats. Suggested tools and security setup within installed software helps prevent the same attack on your PC.
Install an effective anti-malware program
Your first line of defense would be an effective security program that provides real-time protection. We have a list of anti-malware program that are tried and tested. It does not only scan files but also monitors your Internet traffic and is extremely active on blocking malicious communication. Click on the button below to download our recommended anti-malware program.
Always update your installed software
Software vendors constantly releases updates for programs whenever a flaw is discovered. Getting the updates makes the computer more secured and help prevents Trojan, virus, malware, and W32.Minudazash similar attacks. If in case your program is not set for instant update, it usually offered from vendor's web site, which you can download anytime.
Maximize the security potential of your Internet browser
Each browser has their own feature where in you can adjust the security settings that fit your browsing habit. We highly encourage you to maximize the setup to tighten the security of your browser.
Apply full caution when using the Internet
Internet is full of fraud, malware, and many forms of computer threats including W32.Minudazash. Implement full caution with links that you may receive from emails, social networking sites, and instant messaging programs. It might lead you to malicious sites that can cause harm to your computer. Avoid strange web sites that offers free services and software downloads.