Browse » Home
Sunday, January 22, 2012
How to Fix the Trojan Downloader Virus
End System Processes
1. Press the 'Ctrl,' 'Shift' and 'Esc' keys at the same time to start the Task Manager.
2. Click the 'Processes' tab in the Task Manager's window.
3. Select 'ac2_0003.exe' from the list of the processes and click 'End Process' at the bottom of the window.
4. Repeat Step 3 for 'Sys2621.exe,' 'lphc9m9j0e1a3.exe,' 'lphc110j0e78a.exe,' 'lphc9s1j0evd5.exe,' 'YUR2A7.exe,' 'lphc323j0en3c.exe,' 'EsnGOg2W.exe,' 'lsass.exe,' 'lphce5lj0e33g.exe,' 'WinAvXX.exe,' 'dls0523pmw.exe,' 'xpuupdate.exe,' 'svhost.exe,' 'HPAware.exe,' 'ajdnjhfo10.exe,' 'newname3.exe,' 'ecsiin.stub.exe,' 'bvt.exe,' 'installer.exe,' 'bretiuxh.exe,' 'wupeng.exe,' 'svchost.exe,' 'update_check.exe,' 'win32st.exe,' 'mgmrwmrv.exe,' 'wmsdkns.exe,' 'sysrxmfdksp.exe,' 'spools.exe,' 'glock32.exe,' 'mfc42.exe,' 'win32.exe,' 'userinit.exe,' 'wuauclt.exe,' 'sysmon.exe,' 'TempAA.exe,' 'gmillogof.exe,' 'lenveqvt.exe,' 'FD.exe,' 'winlogon.exe,' 'ie_updates3r.exe,' 'cmdbcs.exe,' 'perfs.exe,' 'yyk2954.exe,' 'routing.exe,' 'wupdater.exe,' 'oyhucntf.exe,' 'UGA6P_0001_N122M2802NetInstaller.exe,' 'X117.exe,' 'msn.exe,' 'svchost23.exe,' vbpdtvdp.exe,' 'GoogleDesktop.exe,' 'mrofinu1535.exe,' 'iftuyszv.exe,' 'cftmon.exe,' 'Sys77.exe,' 'msupdte.exe,' 'uoyzsydz.exe,' 'lphcnvtj0eve7.exe,' 'rundll32.exe,' 'SysE4E3.exe,' 'Sys2.exe,' 'Sys4.exe,' 'Sys3.exe,' 'Sys1.exe,' 'lphcgu6j0e9av.exe,' 'lphc942j0e9e7.exe,' 'lphc9dpj0e793.exe,' 'VIE7B09.exe,' '.ttE.tmp.exe,' 'adqnebaf.exe,' 'smss.exe,' 'kzgdudgj.exe,' 'braviax.exe,' 'qtmjcfsj.exe,' 'chslqbih.exe,' 'wcs.exe,' 'buritos.exe,' 'css.exe,' 'zgxwbank.exe,' 'lyryzgjs.exe,' 'c.exe,' '6LN0dYGS.exe,' 'a.exe,' 'lphcp4vj0et35.exe,' 'lphcrkkj0erbr.exe,' 'video233.cfg.exe,' 'video232.cfg.exe,' 'video1161.cfg.exe,' 'video1019.cfg.exe,' 'lphclq5j0e14p.exe,' 'g.exe,' '781.exe,' 'Player.exe,' 'lphcnfgj0ep7n.exe,' 'brastk.exe,' 'dmbsvwtk.exe,' 'video1086.cfg.exe,' 'video234.cfg.exe,' 'rkhdl.exe,' 'iebtm.exe,' 'iebtmm.exe,' 'Yy5v3068.exe,' 'xxx5366.exe,' '~tmpd.exe,' 'h8b3LvB2.exe,' 'vedxga3me2.exe,' 'rs32net.exe,' 'ppcb_32.exe,' '7Jv5vJhh.exe,' 'hpmon.exe,' 'hpmom.exe,' 'wini10894.exe,' 'qttaskm.exe,' 'qttask.exe,' 'msiconf.exe,' 'setup_241_3777_[2].exe,' 'uesiuqcr.exe,' 'frmwrk32.exe,' 'VIE2.exe,' 'yyy12351.exe,' 'yyy2010.exe,' '~tmpc.exe,' 'yyy15461.exe,' 'yyy9308.exe,' '~.exe,' 'yyy289.exe,' 'yyy12224.exe,' '~tmpb.exe,' 'mVM33I6b.exe,' 'yyy9902.exe,' 'BwNVxGhC.exe,' 'yyy2599.exe' and 'explorer32.exe.'
5. End the following processes: 'yyy10930.exe,' '~tmpf.exe,' 'ert56264.exe,' '2XKM2nX1.exe,' 'sysguard.exe,' '475.tmp.exe,' 'OPLlho18.exe,' 'alg.exe,' '~tmpi.exe,' '1rlkp3G3.exe,' 'pCo7V3H8.exe,' '~tmpx.exe,' '~tmp3.exe,' '~tmpp.exe,' 'ckzty22913935.exe,' 'wpiv.exe,' 'svcho.exe,' 'msj.exe,' 'mschr.exe,' 'b1jl2V0m.exe,' '4115.exe,' 'Terry Santi.exe,' 'msa.exe,' 'msb.exe,' 'userload.exe,' 'svcnost.exe,' 'TpScrex.exe,' 'KAVStart.exe,' 'reader_s.exe,' 'soundmix.exe,' 'Msxrs.exe,' 'syst.exe,' 'licao_de_vida.exe,' 'NeroCheck.exe,' 'leia.exe,' 'xydzyh.exe,' '2183.exe,' 'theof.exe,' '5765.exe,' '18163.exe,' 'ContraVirusPro.exe,' 'bkhujyxs.exe,' 'csrssc.exe,' '664575600.exe,' 'video.avi[1].exe,' '_A00F299C205.exe,' 'lphcamlj0ea8a.exe,' 'qbynahkr.exe,' 'jiryrclc.exe,' 'wdarqxox.exe,' 'maxpaynow.exe,' 'lahmtcho.exe,' 'xpupdate.exe,' 'setup73.exe,' '8764.exe,' 'setup.exe,' 'TXPlatform.exe,' 'ubodh.exe,' 'scit.exe,' 'scm.exe,' 'sbmntr.exe,' 'sbsm.exe,' 'ati2evxx.exe,' 'ieupdates.exe,' 'nod32se.exe,' 'tujwbkbm.exe,' 'edwnghyb.exe,' 'nabmlare.exe,' 'Firewall.exe,' 'wserving.exe,' 'winupdate.exe,' 'Dot1XCfg.exe,' 'wprcaw.exe,' 'exp.exe,' 'servicelayer.exe,' 'amoumain.exe,' 'ctfmon.exe,' 'nvsvc32.exe,' 'bios.exe,' 'winpad32.exe,' 'r56ujxftyrsdjsxrgf46i5sgheh44.exe,' 'qgipz2469937.exe,' 'CbEvtSvc.exe,' 'lwpwer.exe,' 'empa.exe,' 'Sakora.exe,' 'kbdpo.exe,' 'autodisc.exe,' 'odbcconf.exe,' '~tmp1174.exe,' 'pornivideo03y45i[1].exe,' 'gEehlDA9.exe,' 'l[1].exe,' 'g[1].exe,' 'nJJG.exe,' 'visfdw.exe,' 'load[1].exe,' 'install[1].exe,' 'winvijhq.exe,' 'tisgvi.exe,' 'windsn.exe,' 'adobe_flash[1].exe,' 'AdobeFlash[1].exe,' 'ert51791.exe,' 'new23[1].exe,' 'gr[2].exe,' 'adv111[1].exe,' 'Test.exe,' 'loader[1].exe,' '~tmpa.exe,' 'c-setup[2].exe,' 'movie434.avi.exe,' 'load1.exe,' 'ni1mg2b5.exe,' 'A4-tmpaoi.exe,' 'ptssvc.exe,' 'zchMiB.exe,' 'psvrr.exe,' 'scvhost.exe,' 'oopuqq1.exe,' '_A00F220AD.exe,' 'winjmxy.exe,' 'ak1[1].exe,' 'g13dyr.exe,' 'avast!antivirus.exe,' 'ashevtsvc.exe,' '93679526.exe,' '13035004.exe,' '93044996.exe,' 'avp.exe,' 'win2A.tmp.exe,' 'keyboard.exe,' 'mrofinu572.exe,' 'mrofinu1188.exe,' 'gadcom.exe,' 'nidle.exe,' '99068276.exe,' '97179996.exe,' '91724226.exe,' '11714234.exe,' 'xpa.exe,' 'jpssoft[1].exe,' 'MapEDC.exe,' 'WinAvX.exe,' 'ms050862618809.exe,' 'sclick.exe,' 'servhist.exe,' '9eabcdc8.exe,' 'dfndr.exe,' 'defender24.exe,' 'keyboard24.exe,' 'newname24.exe,' 'defender20.exe,' 'ipue32.exe,' 'sqldata1.exe,' 'ctdbrr.exe,' 'updmgr.exe,' 'qejdhnvg.exe,' 'sncntr.exe,' 'nvsvca32.exe' and 'nsdlua.exe.'
6. End these processes as well: 'conscorr.exe,' '27.exe,' 'rxjddnvj.exe,' 'sysahbecjh.exe,' 'sysavxjgdu.exe,' 'sysutrnez.exe,' 'wind32.exe,' 'csrss.exe,' 'clfmon.exe,' 'sixyahbi.exe,' 'antivirusinstallfull_en[1].exe,' 'mmc.exe,' 'audiohq.exe,' 'spool.exe,' 'sysi.exe,' 'vip_master_orkut.exe,' 'bsyys.exe,' 'msmsgxs.exe,' 'jrevm.exe,' 'kutorkt.exe,' 'ixplorer.exe,' 'Sys5457.exe,' 'Sys5BE6.exe,' '1000675417.exe,' 'lphcpevj0elag.exe,' 'lphc783j0eveg.exe,' 'lphcr49j0ea81.exe,' 'lphct1hj0ep35.exe,' 'lphcg9bj0e7e9.exe,' 'lphc71lj0e94p.exe,' 'lphc5mlj0ev7c.exe,' 'lphcva1j0epb9.exe,' 'lphca5sj0ee31.exe,' 'lphct1sj0ele5.exe,' 'lphcv4rj0en23.exe,' 'lphcp19j0e3ac.exe,' 'lphcnn0j0e7c5.exe,' 'lphcej5j0ee4e.exe,' 'lphc1tdj0ea77.exe,' 'lphc5vwj0erb3.exe,' 'lphca35j0ee3c.exe,' 'lphcr6aj0e11v.exe,' 'lphclp6j0ev5p.exe,' 'lphcruaj0e355.exe,' 'lphcpghj0ecfl.exe,' 'lphc5rfj0eg89.exe,' 'lphc3erj0elav.exe,' 'lphcv49j0ejdl.exe,' 'lphcp72j0e1dr.exe,' 'lphc1qtj0ege1.exe,' 'lphcj7cj0ea59.exe,' 'lphc3f8j0eaaa.exe,' 'lphcvhoj0e33t.exe,' 'lphc9v2j0ecfj.exe,' 'lylopybc.exe,' 'gtolsbef.exe,' '33.tmp.exe,' 'javclcte.exe,' 'lphc59hj0eab1.exe,' 'Cpl32ver.exe,' 'lphc3q4j0epca.exe,' 'qhqrmbyz.exe,' 'telghgtw.exe,' 'Manager.exe,' 'arubinuj.exe,' 'YUR205F.exe,' 'lphccpaj0ec7g.exe,' 'YUR507A.exe,' 'xrg1.exe,' 'lphcl2sj0ep0c.exe,' 'lphcnjcj0e92j.exe,' 'yvudcbaf.exe,' 'wcm.exe,' 'lphcem0j0e72a.exe,' 'video88.cfg.exe,' 'video1140.cfg.exe,' 'video1055.cfg.exe,' 'd.exe,' 'lphcguej0eaep.exe,' 'sft_ver1.1454.0.exe,' 'e.exe,' 'pas.exe,' 'x1psul5R.exe,' 'izwum.exe,' 'sv.exe,' 'svhoster.exe,' 'svzip.exe,' 'runsql.exe,' 'DTProAgent.exe,' 'setup_241_3777_21347_.exe,' '5rR0NYTX.exe,' '7.tmp.exe,' 'qUSOWf4S.exe,' 'yyy1022.exe,' 'BC50DF28.exe,' 'yyy3175.exe,' 'EmuleInstaller.exe,' 'yyy10695.exe,' 'yyy4430.exe,' '891.tmp.exe,' '~tmpk.exe,' 'yyy14869.exe,' 'yyy10084.exe,' 'yyy8022.exe,' 'lphcavej0epd9.exe,' 'torbjne.exe,' 'yyy6517.exe,' 'vamsoft.exe,' 'ert52014.exe,' '~tmpy.exe,' 'ert58253.exe,' 'wini10251.exe,' '0xf9.exe,' '~tmpn.exe,' 'scvhost32.exe,' 'svchostw.exe,' 'a6.exe,' 'loader.exe,' 'Msmsgs.exe,' 'orkutkut.exe,' 'CdbgEvtSvc.exe,' 'G-Buster.exe,' 'sprof.exe,' 'b.exe,' 'KB75.exe,' 'pidle.exe,' 'Update.exe,' 'msCMTSrvc.exe,' 'ms031779298.exe,' 'dfndrff_e5.exe,' 'dfndref_7.exe,' 'elitelsd32.exe,' 'wupdt.exe,' 'ctfmona.exe,' 'sbwltbxa.exe,' 'sysawpbkvnq.exe,' 'sysnxcphmgy.exe,' 'dnlsvc.exe,' '77.exe,' 'winsys3.exe,' 'system.exe,' 'winsystem.exe,' 'lphc1gjj0eg45.exe,' 'ivozwzsl.exe,' 'zqfclgjc.exe,' 'wupda.exe,' 'yyy11314.exe,' 'e1GuF5Id.exe,' 'yyy13219.exe,' 'ert59692.exe,' 'ert516368.exe,' 'ert5244.exe,' 'SpeedRunner.exe,' 'brastia.exe,' 'DLD.exe,' 'maxpaynowti1.exe,' 'Facegame.exe,' 'tsitra11.exe,' 'qwinondt.exe,' 'Apoint.exe,' '~tmpo.exe,' 'promo.exe,' 'Ib2G3XJQ.exe,' 'ahiaw.exe,' 'Owner.exe,' 'svchosb.exe,' 'mslsrv32.exe,' 'k4stl7tuwv80.exe,' 'winxp.exe,' 'restorer32_a.exe,' 'restorer64_a.exe,' 'sorry.exe,' 'ocprg23017248.exe,' 'wmcenraoxs.exe,' 'wpv831257179558.exe,' 'winupdate86.exe,' 'pburpatufdoc .exe,' '6e3511.exe,' '66e41.exe,' '777.exe,' '675.exe,' 'propa.exe,' 'mwoxsrance.exe,' 'sysl123.exe,' 'setup_225_509_[1].exe,' 'setup_241_3777_1054_[1].exe,' '_ex-08.exe,' 'qdpack.exe,' 'smss32.exe,' 'winsmss.exe,' 'services.exe,' 'winntR1.exe,' 'ubpr01.exe,' 'mserdv32.exe,' 'mrofinu1423.exe,' 'mrofinu72.exe,' 'EliBaglA[1].exe,' 'mrofinu1000106.exe' and 'aaaaaaaa§.exe.'
7. Close the Task Manager.
Remove Registry Entries
8. Go to the 'Start' menu, type 'Regedit' in the Start Search box and press 'Enter' to start the Registry Editor.
9. Browse to and delete the following registry entries:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{54629298-47B2-4F79-BC62-7B3648D70020}HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\CatalHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Sys2621.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ lphc9m9j0e1a3HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ lphc110j0e78aHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ lphc9s1j0evd5HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gkglqoueHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ \YUR2A7.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ lphc323j0en3cHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNNING PROGRAM\EsnGOg2W.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNNING PROGRAM\tempo-139421.tmp
10. Close the Registry Editor.
Unregister DLLs
11. Go to the 'Start' menu, type 'Cmd' in the Start Search box and press 'Enter' to start the command line window.
12. Type 'regsvr32 /u aklsp.dll' in the command line window and press 'Enter' to unregster the DLL.
13. Repeat Step 2 for 'msvidc32.dll,' 'gkglqoue.dll,' 'dmintf32.dll,' 'had73sfdfd.dll,' 'kzpkwj.dll,' 'igzxwrl.dll,' 'nexpegp.dll,' 'iesbpl.dll,' 'atzrdada.dll,' 'dpksakgm.dll,' 'd3acdb.dll,' 'iesplg.dll,' 'czxtyx.dll,' 'isadd.dll,' 'iesplugin.dll,' 'isaddon.dll,' 'ixt0.dll,' 'senssrv.dll,' 'aphj.dll,' 'jgdi.dll,' 'bhomod00.dll,' 'BHOmod.dll,' 'cjuvwa.dll,' 'xskmoqx.dll,' 'alofkmn.dll,' 'apdqnxp.dll,' 'altvxvm.dll,' 'btrklfr.dll,' 'bokpkov.dll,' 'vadokmxt.dll,' 'wdpoefan.dll,' 'WLCtrl32.dll,' 'WinNt32.dll,' 'sbmdl.dll,' 'IEBHO.dll,' 'bxsbang.dll,' 'WinCtrl32.dll,' 'zgyhw.dll,' 'euwoeu.dll,' 'actxprxy.dll,' 'qmafxprs.dll,' 'crypts.dll,' 'mipinu.dll,' 'qnflkotm.dll,' 'vwnskbot.dll,' 'getsn32.dll,' 'wndutl32.dll,' 'dmusic32.dll,' 'gtckad.dll,' 'eventlog32.dll,' 'haozs1.dll,' 'haozs0.dll,' 'afmain1.dll,' 'nmdfgds1.dll,' 'inte1b.dll,' 'gpkcsp32.dll,' 'hhsa.dll,' 'kiago32a.dll,' 'comaddin32.dll,' 'davclnt32.dll,' 'cnetcfg32.dll,' 'dompifgn.dll,' 'd3dim32.dll,' 'bxvkyrly.dll,' 'ntspknlg.dll,' 'byxyvtq.dll,' 'secieaddin.dll,' 'xpupdate.dll,' 'dsaip32b.dll,' 'wmpdxm.dll,' 'getfn32.dll,' 'hpmun.dll,' 'iebt.dll,' 'qipauzax.dll,' 'ifsndu.dll,' 'msxml71.dll,' 'rmd-.dll,' 'ns28kut1.dll,' 'gpatbs.dll,' 'supsafe.dll,' 'xrdwbfgn.dll,' 'dgksvbpn.dll,' 'pdoskegl.dll,' 'rqbmvpso.dll,' 'drvvoj.dll,' 'tsxngabr.dll,' 'videoa32.dll,' 'vtqnxfko.dll,' 'eqvwamkl.dll,' 'wnslvxtf.dll,' 'Gtool.dll,' 'xokvrpwg.dll,' 'pntqkflv.dll,' 'domie.dll,' 'evgratsm.dll,' 'hpi.dll,' 'qegbdmwf.dll,' 'okmdepgb.dll,' 'gnowmebk.dll,' 'z_view.dll,' 'xvorfwbd.dll,' 'asc94.dll,' 'sigma64.dll,' 'wpvmqosg.dll,' 'vregfwlx.dll,' 'pxgdslro.dll,' 'dsound3dd.dll,' 'winsrc.dll,' 'wmsetup.dll,' 'PnE3bw28.dll,' 'xaczweo.dll,' 'digeste.dll,' 'usp10.dll,' 'Omahonafazeq.dll,' 'ipv6sp.dll,' 'ieocx.dll,' 'sysloc.dll,' '304434.dll,' 'zoply.dll,' '734914.dll,' '788309.dll,' '890166.dll,' '512686.dll,' '367770.dll,' '124909.dll,' '311496.dll,' '912525.dll,' '119987.dll,' '590075.dll,' '848700.dll,' '768890.dll,' '242112.dll,' '907465.dll,' '857060.dll,' '709598.dll,' '804031.dll,' '931928.dll,' '788877.dll,' '814810.dll,' '892267.dll,' '238044.dll,' 'altcmd32.dll,' 'guxmhcd.dll,' 'nsduo.dll,' 'vtr357.dll,' 'duocore.dll,' 'vtr441.dll,' 'bgwttyl.dll,' 'gsrnxgh.dll,' 'egzcqg.dll,' 'bpvol.dll,' 'msnhlp32.dll,' 'qch29sr.dll,' 'cfltygd.dll,' 'qxfgcg.dll,' 'adobepnl.dll,' 'tejotilyd.dll,' 'bubbj.dll,' 'isfmdl.dll,' 'gfopyhkh.dll,' 'tvtpwp.dll,' 'bnbs.dll,' 'dcggain.dll,' 'fkdnrwsv.dll,' 'dwnrpofk.dll,' 'pmsoarbf.dll,' 'qadovnel.dll,' 'bdkpfxqw.dll,' 'mmmxgzxg.dll,' 'fshqaln.dll,' 'omlbpkaw.dll,' '{b91413db-d88a-a499-2661-f9f9441c9f46}.dll,' 'mpfanvqg.dll,' 'wetkadmr.dll,' 'gbplib.dll,' 'gbppdist.dll,' 'winscok.dll,' 'afontext.dll,' 'vbksrofa.dll,' 'blbpeoy.dll,' 'jkqvjzl.dll,' 'ouhzw.dll,' 'mgxfebsq.dll,' 'pikavn.dll,' 'hare32.dll,' 'xappit.dll,' 'sysbas~1.dll,' 'sdetcs.dll,' 'vszynz.dll,' 'rgf.dll,' 'gopfa.dll,' 'gcqltg.dll,' 'qfrmwmq.dll,' 'rtenazot.dll,' 'hcwxds32.dll,' 'ssqomll.dll,' 'mxduo.dll,' 'sconf32.dll,' 'vtr351.dll,' 'zkpssqa.dll,' 'vpccw.dll,' 'jfbakvqj.dll,' 'dooep.dll,' 'lapmvzf.dll,' 'igpfced.dll,' 'uimcu.dll,' 'axlet.dll,' 'vwfps.dll,' 'se_spoof.dll,' 'nsq2B.dll,' 'rldyt.dll,' 'ivrllc.dll,' 'ljhebby.dll,' 'axdpfl.dll,' 'iinqyl.dll,' 'admggxp.dll,' 'tdomgafw.dll,' 'gnmguxh.dll,' 'cxbrk.dll,' 'kcekz.dll,' 'sjrggq.dll,' 'dtseqrxk.dll,' 'zafhemm.dll,' 'bcxjqr.dll,' 'deskmon32.dll,' 'HPIEAddOn.dll,' 'odsaps.dll,' 'iqswi.dll,' 'WLXxeq.dll,' 'WuMO.dll,' 'gsdrgfdrrgnd.dll,' 'rah3b8ffdnd.dll,' 'xwr38547.dll,' 'cy37722.dll,' 'Z4k3bSNu.dll,' '393340.dll,' '120237.dll,' 'iehost.dll' and 'qmuoe.dll.'
14. Close the command line window.
Find and Delete Files
15. Go to the 'Start' menu, type 'ac2_0003.exe' in the 'Start Search' box and press 'Enter.' Delete all search results.
16. Repeat Step 1 for ''Sys2621.exe,' 'lphc9m9j0e1a3.exe,' 'lphc110j0e78a.exe,' 'lphc9s1j0evd5.exe,' 'YUR2A7.exe,' 'lphc323j0en3c.exe,' 'EsnGOg2W.exe,' 'lsass.exe,' 'lphce5lj0e33g.exe,' 'WinAvXX.exe,' 'dls0523pmw.exe,' 'xpuupdate.exe,' 'svhost.exe,' 'HPAware.exe,' 'ajdnjhfo10.exe,' 'newname3.exe,' 'ecsiin.stub.exe,' 'bvt.exe,' 'installer.exe,' 'bretiuxh.exe,' 'wupeng.exe,' 'svchost.exe,' 'update_check.exe,' 'win32st.exe,' 'mgmrwmrv.exe,' 'wmsdkns.exe,' 'sysrxmfdksp.exe,' 'spools.exe,' 'glock32.exe,' 'mfc42.exe,' 'win32.exe,' 'userinit.exe,' 'wuauclt.exe,' 'sysmon.exe,' 'TempAA.exe,' 'gmillogof.exe,' 'lenveqvt.exe,' 'FD.exe,' 'winlogon.exe,' 'ie_updates3r.exe,' 'cmdbcs.exe,' 'perfs.exe,' 'yyk2954.exe,' 'routing.exe,' 'wupdater.exe,' 'oyhucntf.exe,' 'UGA6P_0001_N122M2802NetInstaller.exe,' 'X117.exe,' 'msn.exe,' 'svchost23.exe,' 'vbpdtvdp.exe,' 'GoogleDesktop.exe,' 'mrofinu1535.exe,' 'iftuyszv.exe,' 'cftmon.exe,' 'Sys77.exe,' 'msupdte.exe,' 'uoyzsydz.exe,' 'lphcnvtj0eve7.exe,' 'rundll32.exe,' 'SysE4E3.exe,' 'Sys2.exe,' 'Sys4.exe,' 'Sys3.exe,' 'Sys1.exe,' 'lphcgu6j0e9av.exe,' 'lphc942j0e9e7.exe,' 'lphc9dpj0e793.exe,' 'VIE7B09.exe,' '.ttE.tmp.exe,' 'adqnebaf.exe,' 'smss.exe,' 'kzgdudgj.exe,' 'braviax.exe,' 'qtmjcfsj.exe,' 'chslqbih.exe,' 'wcs.exe,' 'buritos.exe,' 'css.exe,' 'zgxwbank.exe,' 'lyryzgjs.exe,' 'c.exe,' '6LN0dYGS.exe,' 'a.exe,' 'lphcp4vj0et35.exe,' 'lphcrkkj0erbr.exe,' 'video233.cfg.exe,' 'video232.cfg.exe,' 'video1161.cfg.exe,' 'video1019.cfg.exe,' 'lphclq5j0e14p.exe,' 'g.exe,' '781.exe,' 'Player.exe,' 'lphcnfgj0ep7n.exe,' 'brastk.exe,' 'dmbsvwtk.exe,' 'video1086.cfg.exe,' 'video234.cfg.exe,' 'rkhdl.exe,' 'iebtm.exe,' 'iebtmm.exe,' 'Yy5v3068.exe,' 'xxx5366.exe,' '~tmpd.exe,' 'h8b3LvB2.exe,' 'vedxga3me2.exe,' 'rs32net.exe,' 'ppcb_32.exe,' '7Jv5vJhh.exe,' 'hpmon.exe,' 'hpmom.exe,' 'wini10894.exe,' 'qttaskm.exe,' 'qttask.exe,' 'msiconf.exe,' 'setup_241_3777_[2].exe,' 'uesiuqcr.exe,' 'frmwrk32.exe,' 'VIE2.exe,' 'yyy12351.exe,' 'yyy2010.exe,' '~tmpc.exe,' 'yyy15461.exe,' 'yyy9308.exe,' '~.exe,' 'yyy289.exe,' 'yyy12224.exe,' '~tmpb.exe,' 'mVM33I6b.exe,' 'yyy9902.exe,' 'BwNVxGhC.exe,' 'yyy2599.exe,' 'explorer32.exe,' 'yyy10930.exe,' '~tmpf.exe,' 'ert56264.exe,' '2XKM2nX1.exe,' 'sysguard.exe,' '475.tmp.exe,' 'OPLlho18.exe,' 'alg.exe,' '~tmpi.exe,' '1rlkp3G3.exe,' 'pCo7V3H8.exe,' '~tmpx.exe,' '~tmp3.exe,' '~tmpp.exe,' 'ckzty22913935.exe,' 'wpiv.exe,' 'svcho.exe,' 'msj.exe,' 'mschr.exe,' 'b1jl2V0m.exe,' '4115.exe,' 'Terry Santi.exe,' 'msa.exe,' 'msb.exe,' 'userload.exe,' 'svcnost.exe,' 'TpScrex.exe,' 'KAVStart.exe,' 'reader_s.exe,' 'soundmix.exe,' 'Msxrs.exe,' 'syst.exe,' 'licao_de_vida.exe,' 'NeroCheck.exe,' 'leia.exe,' 'xydzyh.exe,' '2183.exe,' 'theof.exe,' '5765.exe,' '18163.exe,' 'ContraVirusPro.exe,' 'bkhujyxs.exe,' 'csrssc.exe,' '664575600.exe,' 'video.avi[1].exe,' '_A00F299C205.exe,' 'lphcamlj0ea8a.exe,' 'qbynahkr.exe,' 'jiryrclc.exe,' 'wdarqxox.exe,' 'maxpaynow.exe,' 'lahmtcho.exe,' 'xpupdate.exe,' 'setup73.exe,' '8764.exe,' 'setup.exe,' 'TXPlatform.exe,' 'ubodh.exe,' 'scit.exe,' 'scm.exe,' 'sbmntr.exe,' 'sbsm.exe,' 'ati2evxx.exe,' 'ieupdates.exe,' 'nod32se.exe,' 'tujwbkbm.exe,' 'edwnghyb.exe,' 'nabmlare.exe,' 'Firewall.exe,' 'wserving.exe,' 'winupdate.exe,' 'Dot1XCfg.exe,' 'wprcaw.exe,' 'exp.exe,' 'servicelayer.exe,' 'amoumain.exe,' 'ctfmon.exe,' 'nvsvc32.exe,' 'bios.exe,' 'winpad32.exe,' 'r56ujxftyrsdjsxrgf46i5sgheh44.exe,' 'qgipz2469937.exe,' 'CbEvtSvc.exe,' 'lwpwer.exe,' 'empa.exe,' 'Sakora.exe,' 'kbdpo.exe,' 'autodisc.exe' and 'odbcconf.exe.'
17. Remove these files as well: 'lphc5vwj0erb3.exe,' 'lphca35j0ee3c.exe,' 'lphcr6aj0e11v.exe,' 'lphclp6j0ev5p.exe,' 'lphcruaj0e355.exe,' 'lphcpghj0ecfl.exe,' 'lphc5rfj0eg89.exe,' 'lphc3erj0elav.exe,' 'lphcv49j0ejdl.exe,' 'lphcp72j0e1dr.exe,' 'lphc1qtj0ege1.exe,' 'lphcj7cj0ea59.exe,' 'lphc3f8j0eaaa.exe,' 'lphcvhoj0e33t.exe,' 'lphc9v2j0ecfj.exe,' 'lylopybc.exe,' 'gtolsbef.exe,' '33.tmp.exe,' 'javclcte.exe,' 'lphc59hj0eab1.exe,' 'Cpl32ver.exe,' 'lphc3q4j0epca.exe,' 'qhqrmbyz.exe,' 'telghgtw.exe,' 'Manager.exe,''arubinuj.exe,' 'YUR205F.exe,' 'lphccpaj0ec7g.exe,' 'YUR507A.exe,' 'xrg1.exe,' 'lphcl2sj0ep0c.exe,' 'lphcnjcj0e92j.exe,' 'yvudcbaf.exe,' 'wcm.exe,' 'lphcem0j0e72a.exe,' 'video88.cfg.exe,' 'video1140.cfg.exe,' 'video1055.cfg.exe,' 'd.exe,' 'lphcguej0eaep.exe,' 'sft_ver1.1454.0.exe,' 'e.exe,' 'pas.exe,' 'x1psul5R.exe,' 'izwum.exe,' 'sv.exe,' 'svhoster.exe,' 'svzip.exe,' 'runsql.exe,' 'DTProAgent.exe,' 'setup_241_3777_21347_.exe,' '5rR0NYTX.exe,' '7.tmp.exe,' 'qUSOWf4S.exe,' 'yyy1022.exe,' 'BC50DF28.exe,' 'yyy3175.exe,' 'EmuleInstaller.exe,' 'yyy10695.exe,' 'yyy4430.exe,' '891.tmp.exe,' '~tmpk.exe,' 'yyy14869.exe,' 'yyy10084.exe,' 'yyy8022.exe,' 'lphcavej0epd9.exe,' 'torbjne.exe,' 'yyy6517.exe,' 'vamsoft.exe,' 'ert52014.exe,' '~tmpy.exe,' 'ert58253.exe,' 'wini10251.exe,' '0xf9.exe,' '~tmpn.exe,' 'scvhost32.exe,' 'svchostw.exe,' 'a6.exe,' 'loader.exe,' 'Msmsgs.exe,' 'orkutkut.exe,' 'CdbgEvtSvc.exe,' 'G-Buster.exe,' 'sprof.exe,' 'b.exe,' 'KB75.exe,' 'pidle.exe,' 'Update.exe,' 'msCMTSrvc.exe,' 'ms031779298.exe,' 'dfndrff_e5.exe,' 'dfndref_7.exe,' 'elitelsd32.exe,' 'wupdt.exe,' 'ctfmona.exe,' 'sbwltbxa.exe,' 'sysawpbkvnq.exe,' 'sysnxcphmgy.exe,' 'dnlsvc.exe,' '77.exe,' 'winsys3.exe,' 'system.exe,' 'winsystem.exe,' 'lphc1gjj0eg45.exe,' 'ivozwzsl.exe,' 'zqfclgjc.exe,' 'wupda.exe,' 'yyy11314.exe,' 'e1GuF5Id.exe,' 'yyy13219.exe' and 'ert59692.exe.'
18. Delete these files the same way: 'ert516368.exe,' 'ert5244.exe,' 'SpeedRunner.exe,' 'brastia.exe,' 'DLD.exe,' 'maxpaynowti1.exe,' 'Facegame.exe,' 'tsitra11.exe,' 'qwinondt.exe,' 'Apoint.exe,' '~tmpo.exe,' 'promo.exe,' 'Ib2G3XJQ.exe,' 'ahiaw.exe,' 'Owner.exe,' 'svchosb.exe,' 'mslsrv32.exe,' 'k4stl7tuwv80.exe,' 'winxp.exe,' 'restorer32_a.exe,' 'restorer64_a.exe,' 'sorry.exe,' 'ocprg23017248.exe,' 'wmcenraoxs.exe,' 'wpv831257179558.exe,' 'winupdate86.exe,' 'pburpatufdoc .exe,' '6e3511.exe,' '66e41.exe,' '777.exe,' '675.exe,' 'propa.exe,' 'mwoxsrance.exe,' 'sysl123.exe,' 'setup_225_509_[1].exe,' 'setup_241_3777_1054_[1].exe,' '_ex-08.exe,' 'qdpack.exe,' 'smss32.exe,' 'winsmss.exe,' 'services.exe,' 'winntR1.exe,' 'ubpr01.exe,' 'mserdv32.exe,' 'mrofinu1423.exe,' 'mrofinu72.exe,' 'EliBaglA[1].exe,' 'mrofinu1000106.exe,' 'aaaaaaaa§.exe,' 'msvidc32.dll,' 'gkglqoue.dll,' 'dmintf32.dll,' 'had73sfdfd.dll,' 'kzpkwj.dll,' 'igzxwrl.dll,' 'nexpegp.dll,' 'iesbpl.dll,' 'atzrdada.dll,' 'dpksakgm.dll,' 'd3acdb.dll,' 'iesplg.dll,' 'czxtyx.dll,' 'isadd.dll,' 'iesplugin.dll,' 'isaddon.dll,' 'ixt0.dll,' 'senssrv.dll,' 'aphj.dll,' 'jgdi.dll,' 'bhomod00.dll,' 'BHOmod.dll,' 'cjuvwa.dll,' 'xskmoqx.dll,' 'alofkmn.dll,' 'apdqnxp.dll,' 'altvxvm.dll,' 'btrklfr.dll,' '97179996.exe,' '91724226.exe,' '11714234.exe,' 'xpa.exe,' 'jpssoft[1].exe,' 'MapEDC.exe,' 'WinAvX.exe,' 'ms050862618809.exe,' 'sclick.exe,' 'servhist.exe,' '9eabcdc8.exe,' 'dfndr.exe,' 'defender24.exe,' 'keyboard24.exe,' 'newname24.exe,' 'defender20.exe,' 'ipue32.exe,' 'sqldata1.exe,' 'ctdbrr.exe,' 'updmgr.exe,' 'qejdhnvg.exe,' 'sncntr.exe,' 'nvsvca32.exe,' 'nsdlua.exe,' 'conscorr.exe,' '27.exe,' 'rxjddnvj.exe,' 'sysahbecjh.exe,' 'sysavxjgdu.exe,' 'sysutrnez.exe,' 'wind32.exe,' 'csrss.exe,' 'clfmon.exe,' 'sixyahbi.exe,' 'antivirusinstallfull_en[1].exe,' 'mmc.exe,' 'audiohq.exe,' 'spool.exe,' 'sysi.exe,' 'vip_master_orkut.exe,' 'bsyys.exe,' 'msmsgxs.exe,' 'jrevm.exe,' 'kutorkt.exe,' 'ixplorer.exe,' 'Sys5457.exe,' 'Sys5BE6.exe,' '1000675417.exe,' 'lphcpevj0elag.exe,' 'lphc783j0eveg.exe,' 'lphcr49j0ea81.exe,' 'lphct1hj0ep35.exe,' 'lphcg9bj0e7e9.exe,' 'lphc71lj0e94p.exe,' 'lphc5mlj0ev7c.exe,' 'lphcva1j0epb9.exe,' 'lphca5sj0ee31.exe' and 'lphct1sj0ele5.exe.'
19. Find and erase this files: 'vbksrofa.dll,' 'blbpeoy.dll,' 'jkqvjzl.dll,' 'ouhzw.dll,' 'mgxfebsq.dll,' 'pikavn.dll,' 'hare32.dll,' 'xappit.dll,' 'sysbas~1.dll,' 'sdetcs.dll,' 'vszynz.dll,' 'rgf.dll,' 'gopfa.dll,' 'gcqltg.dll,' 'qfrmwmq.dll,' 'rtenazot.dll,' 'hcwxds32.dll,' 'ssqomll.dll,' 'mxduo.dll,' 'sconf32.dll,' 'vtr351.dll,' 'zkpssqa.dll,' 'vpccw.dll,' 'jfbakvqj.dll,' 'dooep.dll,' 'lapmvzf.dll,' 'igpfced.dll,' 'uimcu.dll,' 'axlet.dll,' 'vwfps.dll,' 'se_spoof.dll,' 'nsq2B.dll,' 'rldyt.dll,' 'ivrllc.dll,' 'ljhebby.dll,' 'axdpfl.dll,' 'iinqyl.dll,' 'admggxp.dll,' 'tdomgafw.dll,' 'gnmguxh.dll,' 'cxbrk.dll,' 'kcekz.dll,' 'sjrggq.dll,' 'dtseqrxk.dll,' 'zafhemm.dll,' 'bcxjqr.dll,' 'deskmon32.dll,' 'HPIEAddOn.dll,' 'odsaps.dll,' 'iqswi.dll,' 'WLXxeq.dll,' 'WuMO.dll,' 'gsdrgfdrrgnd.dll,' 'rah3b8ffdnd.dll,' 'xwr38547.dll,' 'cy37722.dll,' 'Z4k3bSNu.dll,' '393340.dll,' '120237.dll,' 'iehost.dll,' 'lphcv4rj0en23.exe,' 'lphcp19j0e3ac.exe,' 'lphcnn0j0e7c5.exe,' 'lphcej5j0ee4e.exe,' 'lphc1tdj0ea77.exe,' 'qmuoe.dll,' 'aklsp.dll,' '~tmp1174.exe,' 'pornivideo03y45i[1].exe,' 'gEehlDA9.exe,' 'l[1].exe,' 'g[1].exe,' 'nJJG.exe,' 'visfdw.exe,' 'load[1].exe,' 'install[1].exe,' 'winvijhq.exe,' 'tisgvi.exe,' 'windsn.exe,' 'adobe_flash[1].exe,' 'AdobeFlash[1].exe,' 'ert51791.exe,' 'new23[1].exe,' 'gr[2].exe,' 'adv111[1].exe,' 'Test.exe,' 'loader[1].exe,' '~tmpa.exe,' 'c-setup[2].exe,' 'movie434.avi.exe,' 'load1.exe,' 'ni1mg2b5.exe,' 'A4-tmpaoi.exe,' 'ptssvc.exe,' 'zchMiB.exe,' 'psvrr.exe,' 'scvhost.exe,' 'oopuqq1.exe,' '_A00F220AD.exe,' 'winjmxy.exe,' 'ak1[1].exe,' 'g13dyr.exe,' 'avast!antivirus.exe,' 'ashevtsvc.exe,' '93679526.exe,' '13035004.exe,' '93044996.exe,' 'avp.exe,' 'win2A.tmp.exe,' 'keyboard.exe,' 'mrofinu572.exe,' 'mrofinu1188.exe,' 'gadcom.exe,' 'nidle.exe' and '99068276.exe.'
20. Delete the following files too: 'bokpkov.dll,' 'vadokmxt.dll,' 'wdpoefan.dll,' 'WLCtrl32.dll,' 'WinNt32.dll,' 'sbmdl.dll,' 'IEBHO.dll,' 'bxsbang.dll,' 'WinCtrl32.dll,' 'zgyhw.dll,' 'euwoeu.dll,' 'actxprxy.dll,' 'qmafxprs.dll,' 'crypts.dll,' 'mipinu.dll,' 'qnflkotm.dll,' 'vwnskbot.dll,' 'getsn32.dll,' 'wndutl32.dll,' 'dmusic32.dll,' 'gtckad.dll,' 'eventlog32.dll,' 'haozs1.dll,' 'haozs0.dll,' 'afmain1.dll,' 'nmdfgds1.dll,' 'inte1b.dll,' 'gpkcsp32.dll,' 'hhsa.dll,' 'kiago32a.dll,' 'comaddin32.dll,' 'davclnt32.dll,' 'cnetcfg32.dll,' 'dompifgn.dll,' 'd3dim32.dll,' 'bxvkyrly.dll,' 'ntspknlg.dll,' 'byxyvtq.dll,' 'secieaddin.dll,' 'xpupdate.dll,' 'dsaip32b.dll,' 'wmpdxm.dll,' 'getfn32.dll,' 'hpmun.dll,' 'iebt.dll,' 'qipauzax.dll,' 'ifsndu.dll,' 'msxml71.dll,' 'rmd-.dll,' 'ns28kut1.dll,' 'gpatbs.dll,' 'supsafe.dll,' 'xrdwbfgn.dll,' 'dgksvbpn.dll,' 'pdoskegl.dll,' 'rqbmvpso.dll,' 'drvvoj.dll,' 'tsxngabr.dll,' 'videoa32.dll,' 'vtqnxfko.dll,' 'eqvwamkl.dll,' 'wnslvxtf.dll,' 'Gtool.dll,' 'xokvrpwg.dll,' 'pntqkflv.dll,' 'domie.dll,' 'evgratsm.dll,' 'hpi.dll,' 'qegbdmwf.dll,' 'okmdepgb.dll,' 'gnowmebk.dll,' 'z_view.dll,' 'xvorfwbd.dll,' 'asc94.dll,' 'sigma64.dll,' 'wpvmqosg.dll,' 'vregfwlx.dll,' 'pxgdslro.dll,' 'dsound3dd.dll,' 'winsrc.dll,' 'wmsetup.dll,' 'PnE3bw28.dll,' 'xaczweo.dll,' 'digeste.dll,' 'usp10.dll,' 'Omahonafazeq.dll,' 'ipv6sp.dll,' 'ieocx.dll,' 'sysloc.dll,' '304434.dll,' 'zoply.dll,' '734914.dll,' '788309.dll,' '890166.dll,' '512686.dll,' '367770.dll,' '124909.dll,' '311496.dll,' '912525.dll,' '119987.dll,' '590075.dll,' '848700.dll,' '768890.dll,' '242112.dll,' '907465.dll,' '857060.dll,' '709598.dll,' '804031.dll,' '931928.dll,' '788877.dll,' '814810.dll,' '892267.dll,' '238044.dll,' 'altcmd32.dll,' 'guxmhcd.dll,' 'nsduo.dll,' 'vtr357.dll,' 'duocore.dll,' 'vtr441.dll,' 'bgwttyl.dll,' 'gsrnxgh.dll,' 'egzcqg.dll,' 'bpvol.dll,' 'msnhlp32.dll,' 'qch29sr.dll,' 'cfltygd.dll,' 'qxfgcg.dll,' 'adobepnl.dll,' 'tejotilyd.dll,' 'bubbj.dll,' 'isfmdl.dll,' 'gfopyhkh.dll,' 'tvtpwp.dll,' 'bnbs.dll,' 'dcggain.dll,' 'fkdnrwsv.dll,' 'dwnrpofk.dll,' 'pmsoarbf.dll,' 'qadovnel.dll,' 'bdkpfxqw.dll,' 'mmmxgzxg.dll,' 'fshqaln.dll,' 'omlbpkaw.dll,' '{b91413db-d88a-a499-2661-f9f9441c9f46}.dll,' 'mpfanvqg.dll,' 'wetkadmr.dll,' 'gbplib.dll,' 'gbppdist.dll,' 'winscok.dll' and 'afontext.dll.'
21. Restart your computer.