W32.Minera.A
W32.Minerv.A is a worm that propagates by means of infected removable drives and unsecured network shares. W32.Minera.A will create a copy of itself on drives as Minerva Game.exe and New_Games.exe. This worm will also drop malicious files that will be injected to explorer.exe and record worm’s activity.
Other Alias: W32/Minerv-A
Threat Level: Low
Systems Affected: Windows – All
Manually Remove W32.Minera.A
1. Temporarily Disable System Restore. [how to]
2. Update the virus definitions.
3. Reboot Windows in Safe Mode. [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Minerva” = “%Temp%\minerva.com”
Restore the following registry entries to their original values, if required:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansav.exe\”Debugger” = “%System%\Minerva.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansavgd.exe\”Debugger” = “%System%\Minerva.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspoold.exe\”Debugger” = “%System%\Minerva.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe\”Debugger” = “%System%\Minerva.exe”
6. Exit registry editor and restart Windows.
7. In order to make sure that threat is completely eliminated, carry out a full scan of your system using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.