Browse » Home
Friday, November 11, 2011
How to Remove the Services.exe Trojan Virus
End System Process
1. Press \"Ctrl,\" \"Shift\" and \"Esc\" keys at the same time to start the Windows Task Manager.
2. Click on the \"Processes\" tab and select \"services.exe.\"
3. Click \"End Process\" and close the window.
Delete Registry Entries
4. Go to the \"Start\" menu and click \"Run.\"
5. Type \"regedit\" and hit \"Enter\" to start the Registry Editor.
6. Find and remove the following registry entries:<br /><br />F949D095-16D2-0276-9929-9026ED9B7AA5<br />B58A2FBE-5744-D2AD-DCBC-F5D84F027C2A<br />AFF84E78-CBFB-4221-95CB-4A353DC1B463<br />AC29943E-756D-4B89-9A83-C13CF83AFF76<br />pmv1s4.Main<br />AD99E521-90B0-4B9B-BD99-2CD0E5123F64<br />92F476F5-A7A6-458E-BDAF-5B302D8D4265<br />11735F21-5127-4C2E-BD5E-9B3A6904B997<br />a31o9nhawv.class<br />C1299AC9-3277-4B23-9F6D-C9037A7A4C84<br />A1511F4E-4107-4904-97BC-2F953DA06132<br />3F143C3A-1457-6CCA-03A7-7AA23B61E40F<br />SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler\\3F143C3A-1457-6CCA-03A7-7AA23B61E40F<br />TMKSoft<br />B0B1E678-1825-4889-B36E-C52DCA08C3A8<br />5F2BD607-9849-4E9B-AC43-056D2F3F263B<br />4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB<br />DNLDC.DNLDCCtrl.1<br />XPlugin.XFilter.1<br />XPlugin.XFilter<br />399FE428-BC1C-4902-A8EB-006E59F17F39<br />204CC9B5-882F-4BDF-8470-0E15D16E880C<br />EE79D398-AAAF-47B1-8C9E-11F7D4C9111B<br />C9ECA160-055F-4725-A394-C328F5C0DF1B<br />ShowSearch.ViewSource.1<br />ShowSearch.ViewSource<br />Image.Image.1<br />Image.Image<br />searchhook.searchhookobject.1<br />searchhook.searchhookobject<br />0B40A54D-BEC3-4077-9A33-701BD6ACDEB2<br />5297E905-1DFB-4A9C-9871-A4F95FD58945<br />ToolBand.StartBHO.1<br />ToolBand.StartBHO<br />ToolBand.ToolBandObj.1<br />ToolBand.ToolBandObj<br />1DE9EE01-DF51-49DB-9BDD-5990B35C1C2A<br />30192F8D-0958-44E6-B54D-331FD39AC959<br />0E1230F8-EA50-42A9-983C-D22ABC2EED3B<br />B94B4225-E02E-4D3F-BADB-026F1E2F3AD7<br />Replace.HBO.1<br />Replace.HBO<br />E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6<br />SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6<br />E2DDF680-9905-4dee-8C64-0A5DE7FE133C<br />fd9bc004-8331-4457-b830-4759ff704c22<br />93674FCF-119D-EBAC-174F-9BA8737F9ADD<br />E89097ED-3400-411D-9647-D368C3311C98<br />5321E378-FFAD-4999-8C62-03CA8155F0B3<br />SoftwareMicrosoftWindowsCurrentVersionRunServicesImage<br />SoftwareMicrosoftWindowsCurrentVersionRunServicesImageSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRunImage<br />SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRunImage
7. Close the Registry Editor.
Delete Files and Folders
8. Click the \"Start\" menu and select \"Search.\"
9. Select the hard drive from the drop-down menu and check the \"All Files and Folders\" option.
10. Type \"systemcritical.exe\" and hit \"Enter.\" Delete all of the search results.
11. Repeat step 3 for \"systeem.exe,\" \"sistem.exe,\" \"rundll16.exe,\" \"quicken.exe,\" \"olehelp.exe,\" \"otepad32.exe,\" \"inetinf.exe,\" \"helpcvs.exe,\" \"astctl32.ocx,\" \"winajbm.dll,\" \"searchword.dll,\" \"mtwirl32.dll,\" \"mswsc20.dll,\" \"mswsc10.dll,\" \"msspi.dll,\" \"msconfd.dll,\" \"gfmnaaa.dll,\" \"dnsrelay.dll,\" \"cpan.dll,\" \"avpcc.dll,\" \"javaef.dll,\" \"sp.exe,\" \"aimee2[2].exe,\" \"rsysinit.exe,\" \"tksrv99.exe,\" \"3.02.00.dll,\" \"coolwebsearch-info.dll,\" \"3.03.00.dll,\" \"regedit -s sys.reg,\" \"Image,\" \"xpsystem,\" \"HOMEOldSP,\" \"SysA,\" \"Sys,\" \"mnaa,\" \"Otnlbbxa,\" \"crqf32.exe,\" \"sp,\" \"DNLDC.ocx,\" \"update911.js,\" \"xplugin.dll,\" \"mssearch.dll,\" \"mslq32.dll,\" \"mshp.dll,\" \"image.dll,\" \"iekp32.dll,\" \"tmksrvu.exe,\" \"DownloaderEXE.exe,\" \"DNLDC.ocxservices.exe,\" \"update911.js\" and \"SexDownloader.cab.\"
12. Restart your computer.