Printable View
I am using Windows Xp. Due to some strange behavior of my system, i came to know that i am infected by W32.Babelloh virus. And i got sure when i saw all these files:
%DriveLetter%:\RECYCLER
%DriveLetter%:\autorun.inf
%DriveLetter%:\RECYCLER\desktop.exe
%DriveLetter%:\RECYCLER\desktop.ini
%SystemDrive%\spoolsv32.exe
%SystemDrive%\wmiprvse.exe
I tried to remove it by running antivirus, but no response.Guys i need urgent help regarding the same from you all.
Its very long processto Remove W32.Babelloh Virus, so do it carefully because it need some changes in registry:-
1. First of all right click on My Computer, click on Properties and go to System Restore tab and tick the option saying “Turn off system restore”.
2. Update the virus definitions.
3. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry.Navigate to and delete the following registry entries:
Quote:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
\”PolicyRun” = “%SystemDrive%\spoolsv32.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
\”winmgmt” = “%SystemDrive%\wmiprvse.exe”
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Windows
\CurrentVersion\Run\”winmgmt” = “%SystemDrive%\wmiprvse.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\”Shell” = “Explorer.exe %SystemDrive%\spoolsv32.exe”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks
\”ImagePath” = “%SystemDrive%\spoolsv32.exe”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks
\”ImagePath” = “%SystemDrive%\spoolsv32.exe”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks
\”ImagePath” = “%SystemDrive%\spoolsv32.exe”
6. Navigate to and restore the following registry entries to their original values, if needed:
6. Exit registry editor and restart the computer.Quote:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\”ServiceCurrent” = “11″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks\”Type” = “10″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\”ServiceCurrent” = “11″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\”Type” = “10″
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Windows
\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “0″
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Windows
\CurrentVersion\Policies\Explorer\”NoDriveTypeAutoRun” = “B5″
If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it is possible that it created them for every user on the compromised computer.In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software.
Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
The best way to prevent your computer is through constantly updating your antivirus, and spyware software. It is beyond critical that you have both Virus and Spyware Software, and Keep them up to date and run regular scans.