I can't delete W32.Spyrat virus.

[Aandaleeb]

Hi everybody,
I am having problem with the W32.Spyrat virus in my computer. Because of this virus my computer is every now and then giving blue screen problem and system also restarts. It alerts me through fake balloons popup. I have already tried to delete it from the Add and Remove but still it comes back again. This virus is making my system very slow and it also takes time to shut down my pc. Can anyone tell me how do I get rid of this virus from my pc? Thanks

[Milton.J]

When the worm is executed, it creates the following files:

• %Temp%\UuU.uUu
• %Temp%\XX--XX--XX.txt
• %Temp%\XxX.xXx
• C:\Dir\install\server.exe

It then creates the following registry entry, so that it starts everytime when Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\"Policies" = "c:\dir\install\server.exe"

The worm then opens a backdoor using a predetermined port, allowing an attacker to perform the following actions on the compromised computer:

• Read, write, and execute files
• Steal stored passwords
• Issue commands
• Activate and view a webcam, if present
• Log keystrokes
• Create a HTTP proxy to route traffic through the compromised computer

To get rid of this issue you should immediately format your pc completely.

[Spyrus]

Below are some of the W32.Spyrat virus associated files that you will need to delete, you can search that by going to Start > Search and search for the below files:
%Temp%\Windows 7 Validation.exe
%Temp%\Windows Update.dat
%Temp%\Windows Update.exe
%System%\install\server.exe
%System%\wbem\Performance\WmiApRpl_new.ini

After that you should also remove the below registry entries of W32.Spyrat which has to be removed:

HKEY_CURRENT_USER\Software\NoxiousAgent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{X22A05IH-EVVT-MRI6-7B8E-5J057P0N0G1C}

[Big Fish]

You can use a program called AdwCleaner that is a powerful tool which allows you to remove the spyware, adware and other malware equivalent from your computer. A program that is not intended as an alternative to a virus itself, but it is also to be used as a verification system that is further to be used when the virus does not seem to eradicate all threats. AdwCleaner is a free program, also developed to be simple to use. However, touching the keys to the Windows registry during its cleaning, it is to be used with caution if you have at least minimal knowledge in computer.