May 14, 2010

W32.Imaut.A Virus

Today I found virus W32.Imaut.A in handdy drive on plan and public relations development division of The Public Relations Department region 3 Chiang Mai. When I search for how to remove W32.Imaut.A with google search engine I found this information on web site.
โค๊ด:
http://www.precisesecurity.com/computer-virus/imaut-oct07.htm

So you can remove W32.Imaut.A virus by your self with manual or use free online scan.

Description:

W32.Imaut.A is a propagating worm on messaging services such as Yahoo! Instant Messenger and Microsoft Windows Live Messenger.

W32.Imaut.A procedures requires technical know-how on  computer troubleshooting. It is better to consult your LAN Administrator or Technical Persons to avoid additional damage on your computer if modifications on Services and Registry have to be done.



MANUAL REMOVAL:

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]

4. Run a full system scan and clean/delete all infected files
5. Delete any values added to the registry. [how to edit registry]
Navigate to the subkey and delete the value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: "Task Manager" = "%Windir%\svhost32.exe"

Navigate to the subkey and delete the value:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
Value: "Homepage" = "1"

Navigate to the subkey and delete the values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Values:
"DisableTaskMgr" = "1"
"DisableRegistryTools" = "1"

Navigate to the subkey and delete the value:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Value: "Start Page" = "[http://]concerto4.net/[REMOVED]"

Navigate to the subkey and delete the value:
HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz
Value: "content url" = "[http://]concerto4.net/[REMOVED]"

Navigate to the subkey and delete the value:
HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast
Value: "content url" = "[http://]concerto4.net/[REMOVED]"

6. Exit the Registry Editor and restart the computer.

7. In order to make sure that W32.Imaut.A is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.



  FREE ON-LINE VIRUS SCANNER

โค๊ด:
http://www.precisesecurity.com/antivirus/online-scan.htm


  SPYWARE REMOVAL TOOLS:

Download and run any of these Anti-Spyware:
โค๊ด:
http://www.precisesecurity.com/computer-antispy.htm
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)