How To Remove Win32 From Your Computer

Table of contents:

How To Remove Win32 From Your Computer
How To Remove Win32 From Your Computer

Video: How To Remove Win32 From Your Computer

Video: How To Remove Win32 From Your Computer
Video: How To Remove Win32/Uwamson.A!ml Virus From PC 2024, November
Anonim

Removing the Win32 / Conficker worm virus is a rather complex operation, the execution of which will require sufficient experience with the computer system. At the same time, this procedure can be carried out using standard tools of the Windows operating system and without the involvement of additional third-party software.

How to remove win32 from your computer
How to remove win32 from your computer

Instructions

Step 1

Click the "Start" button to bring up the main menu of the system and enter the value services.msc in the "Start Search" field to temporarily disable the server service.

Step 2

Specify the services.msc item in the "Programs" list and open the "Server" link with a double click of the mouse.

Step 3

Click the Stop button and specify Disabled in the Startup Type field.

Step 4

Click the "Apply" button to confirm the stop of the server service and return to the main "Start" menu.

Step 5

Go to Run and enter AT / Delete / Yes in the Open field to delete all autorun jobs created.

Step 6

Press Enter to apply the selected changes and return to the command line utility.

Step 7

Enter regedit in the Open box and click OK to complete the operation to stop the Task Scheduler service.

Step 8

Expand the HKEY_LOCAL_MACHINESystemCurrentControlSetServicesShedule registry branch and open the context menu of the Start parameter in the details pane of the registry editor window by right-clicking.

Step 9

Go to Change and enter 4.

Step 10

Click OK to apply the selected changes and restart your computer.

Step 11

Press the "Start" button to bring up the main menu of the system and go to the "Run" item to initiate the procedure for removing Win32 / Conficker manually.

Step 12

Enter regedit in the Open box and click OK.

Step 13

Expand the registry branch HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvcHost and open the context menu of the netsvcs parameter by right-clicking.

Step 14

Go to Edit and remove the line containing the name of the malicious service.

Step 15

Click OK to confirm the command and return to Registry Editor.

Step 16

Expand the HKEY_LOCAL_MACHINESystemCurrentControlSetServices registry key and find the name of the malicious service that you removed in the previous step.

Step 17

Select the section containing the required service and call the context menu by right-clicking on its field.

Step 18

Go to Permissions and click the Advanced button in the SvcHost Permission Items dialog box.

Step 19

Apply the check boxes for Inherit from parent permissions that apply to child objects by adding them to those explicitly set in this window and Replace permissions on all child objects with permissions set here that apply to child objects in the Advanced Security Settings dialog box.

Step 20

Press F5 to update the registry entries and return to the utility.

21

Expand the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersinRun registry key and remove any parameters beginning with rundll32.exe in both subkeys of the application window.

22

Check all disks on the system for Autorun.inf files and remove any that are in doubt.

23

Restart your computer and return to the command line tool.

24

Enter the following value:

reg.exe add

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL / v CheckedValue / t REG_DWORD / d 0x1 / f Then press Enter.

25

Select the Folder Options command from the Tools menu and go to the View tab.

26

Check the box next to "Show hidden files and folders" and click OK.

27

Return to Registry Editor and invoke the context menu of the malicious DLL that is loaded as ServiceDLL in the details pane of the Registry Editor window.

28

Select "Properties" and go to the "Security" tab.

29

Select "Everyone" and apply the check box in the "Full Control" field in the "Allow" column.

30

Click OK and delete the DLL file accessed by the malware.

31

Turn on Background Intelligent Transfer Service (BITS), Automatic Updates, Windows Defender, and Error Logging.

32

Go back to the command line tool and enter the following value: reg.exe add

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer / v NoDriveTypeAutoRun / t REG_DWORD / d 0xff / a Then press the Enter key to disable autorun.

33

Enter netsh interface tcp set global autotuning = normal. Press Enter to apply the selected changes.

34

Reboot your computer.

Recommended: