Saturday, May 5, 2007

MSRundll.exe

From Symantec this virus is called W32.Vibmaru
Try to fix it by the following golden rules for virus removing:
1. Disable System Restore, if you are using XP
2. Update virus defintions
3. Run a full scan
4. Delete some registry

4. To delete the value from the registry
  1. Delete these entries

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"System" = "system.exe (74295303)"

  2. Restore the following registry entries to their original values, if required:

    HKEY_CLASSES_ROOT\scrfile\"(default)" = ""
    HKEY_CLASSES_ROOT\inifile\shell\open\command\"(default)" = "system32.exe %1"
    HKEY_CLASSES_ROOT\txtfile\shell\open\command\"(default)" = "msrundll.exe %1"
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\"ActiveTimeBias" = "420"
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\"ActiveTimeBias" = "480"

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)