How To Remove Win32/Olmarik.TDL4 Trojan

[tOONEY_bOY]

Yesterday at night when I turned on my computer then I saw that all desktop icons are missing and it is completely blacked out. The start menu and folders are empty and along with that task manager was also disabled. After scanning the system with antivirus I found that my computer was infected with n32/Olmarik.TDL4 Trojan and it is not getting removed. So if anyone knows how to remove this nasty from my pc then please help me out. Thanks

[Bjork]

I would like to know which variant do you have in your system. So for knowing that, you need to download a tool called aswMBR.exe from here and save it to your desktop. It is only a 4.8mb file. After the download gets completed you need to double click the aswMBR.exe file to run it and then click on Scan buttong to start the scan. Once the process is complete then click save log and then save it to your desktop and post it here in your next reply.

[shetty]

I would like to ask you to download the latest version of TDSSKiller from internet and save it to your desktop. Now double click on TDSSKiller.exe to run it and then click on Change Parameters. After that tick the boxes beside Verify Driver Digital Signature and Detect TDLFS file system and then click ok. Now click Start Scan button. If anything suspicious is found then the default action will be Skip and click on Continue. Make sure that Cure is selected and then click Continue and then Rboot to finish the cleaning process. Incase Cure is not available then do no choose delete unless you are said.

[Kakashi Hatake]

To remove this virus, first boot your pc to Safe Mode with Networking. After that open Control Panel and seach for Folder Options. Go to View tab and tick Show hidden files and folders and untick Hide protected operating system files and then press ok. Now click on Start > Search and then delete the below files created by this virus:

%AllUsersProfile%\Application Data\
%AllUsersProfile%\Application Data\.exe
%UserProfile%\Start Menu\Programs\ Win32/01marik.TDL4 \
Software\Microsoft\Windows\CurrentVersion\Run “.exe”

After that stop any processes of win32/olmarik.tdl4 in Task Manager. Then open Registry editor and delete the below entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’