W32.Imaut.CN is a dreadful computer worm that targets removable and network drives. To stop the worm from spreading, remove it using the guide on this page.
W32.Imaut.CN is a worm that will propagate on unsafe network-shared folders and drives. It also spreads by means of malicious links sent out from an infected computer through Instant messaging software. It may also spread on other computers via removable drives. It will drop a file called NewFolder.exe and autorun.inf to all removable drives that are attached to the affected computer. W32.Imaut.CN will connect to a remote computer and download malware files and codes.
Alias: W32/Sohana-AX, W32/Sohana-AZ, W32/Sohana-BA, Win32/Spideyit.A, W32/AutoRun-HA, W32/Imaut-F, W32/AutoIt-HI
Damage Level: Medium
Systems Affected: Windows 95/98/Me, Windows NT/2000/Server 2003/, Windows XP/Vista
When this worm executes on the computer, it will mimic itself into System folder of Windows. Then, it will create valid DLL files and register them into the system. See complete list of files under Files and Folders section. Aside from inserting files, W32.Imaut.CN also alters some registry entries in order for the worm to load on each time Windows starts. Unlike any other threats, this worm will not initiate a function immediately; instead, it will run on a scheduled basis. As observe, it initiates every day at exactly 9:00 am. To accomplish this, a job file is created as another Windows task.
Next, this worm will proceed on executing other payload including the following:
- The worm will alter Windows registry entries so that it runs on each Windows boot up.
- It is capable of concealing its presence on the infected computer.
- W32.Imaut.CN will check for any shared folders and makes a copy of itself whenever possible.
- To automatically run the worm if drive is accessed, it will create an autoun.inf file on same location.
- In will end processes containing strings such as game_y.exe and cmder.exe.
The worm will send instant messages containing malicious link to a random contacts gathered on infected computer. It also copies itself to network shared drives and removable drives. To execute the main file when user accesses the infected drive, the worm will exploit Windows Autorun functions, thus, you may observed an autorun.inf file on each affected drives.
How to Remove W32.Imaut.CN
Step 1 : Run a scan with your antivirus program
1. Temporarily Disable System Restore if your system is running on Windows Me/XP. [how to]
2. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will boot loading only necessary drivers and system files. Expect that it will run with minimal features and low-resolution display.
3. Open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of W32.Imaut.CN.
Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.
4. Once updating is finished, run a full system scan. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.
Step 2: Run another test with online virus scanner
Another way to remove W32.Imaut.CN without the need to install additional antivirus software is to perform a thorough scan with free online virus scanner. It can be found on websites of legitimate antivirus and security provider.
1. Click the button below to proceed to the list of suggested Online Virus Scanner. Choose your desired provider. You can run each scan individually, one at a time, to ensure that all threats will be removed from the computer. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
2. After completing the necessary download, your system is now ready to scan and remove W32.Imaut.CN and other kinds of threats.
3. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
4. Remove or delete all detected items.
5. When scanning is finished, you may now restart the computer in normal mode.
Alternative Removal Procedures for W32.Imaut.CN
Option 1 : Use Windows System Restore to return Windows to previous state
If W32.Imaut.CN enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before W32.Imaut.CN infiltrates the PC, we highly encourage you to execute this procedure if none of the above works.
To verify if System Restore is active on your computer, you can type system restore into the Start menu search box. Typing rstrui on the same box and pressing Enter also opens this function.
If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.
Option 2 : W32.Imaut.CN manual uninstall guide
IMPORTANT! Manual removal of W32.Imaut.CN requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to W32.Imaut.CN.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for W32.Imaut.CN files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by W32.Imaut.CN.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.
Technical ReferenceAssociated Files and Folders:Added Registry Entries:
Ways to Prevent W32.Imaut.CN Infection
Take the following steps to protect the computer from threats. Suggested tools and security setup within installed software helps prevent the same attack on your PC.