Hvordan bli kvitt av Crypt Trojan Worm

Hvordan bli kvitt av Crypt Trojan Worm


Crypt trojan er den generelle navnet for trojanske virus med Crypt som en del av navnet. Disse trojanere er i stand til å koble til Internett og laste ned skadelige programmer på egenhånd. Den nedlastede spyware kan stjele din private sensitiv informasjon og bistå i identitetstyveri. Crypt er også en bakdør trojan, noe som betyr at det tillater ekstern tilkobling til datamaskinen av hackere. Dette kan resultere i stjålet informasjon, uautoriserte e-poster sendt fra innboksen og datamaskinen skade. Fjern Crypt umiddelbart hvis oppdaget.

Bruksanvisning

Avslutt systemprosesser

1 Trykk på \ "Ctrl, \" til \ "Shift \" og \ "Esc \" tastene samtidig starte Windows Oppgavebehandling.

2 Klikk på \ "Prosesser \" -kategorien, trykker du på \ "Ctrl \" og velg \ "wtemp32.exe \" og \ "new.exe \" systemprosesser.

3 Klikk på \ "End Process \" knappen og lukk Oppgavebehandling.

Slett registeroppføringer

4 Gå til \ "Start \" menyen og klikk på \ "Run. \"

5 Skriv inn \ "regedit \" og klikk på \ "OK \" for å starte Registerredigering.

6 Bla til og slette følgende registeroppføringer:

HKEY_CLASSES_ROOT \ SymantecFilterCheck
HKEY_CLASSES_ROOT \ CLSID \ {E3C1BC70-1607-43BD-A055 Orec-ACB4BF8DBA88}
HKEY_CLASSES_ROOT \ NewBopoMediumPop.PopBopo
HKEY_CLASSES_ROOT \ NexiAdPopup.DILogc
HKEY_CLASSES_ROOT \ NexiAdPopup.DILogc.1
HKEY_CLASSES_ROOT \ NexkAdPopup.DKLogc
HKEY_CLASSES_ROOT \ NexkAdPopup.DKLogc.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{E3C1BC70-1607-43BD-A055-ACB4BF8DBA88}
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ skyxpserver
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ lixrfy
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Abel
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ enqueue
HKEY_CLASSES_ROOT \ CLSID \ {75EA2845-EAD5-486E-A339-59FED49289A6}
HKEY_CLASSES_ROOT \ CLSID \ {C80F2C34-B4A7-4F23-A99E-D55DB29DC30D}
HKEY_CLASSES_ROOT \ Interface \ {3C563030-29AA-496A-85F9-2A91F3A7D203}
HKEY_CLASSES_ROOT \ TypeLib \ {9B74BBC9-9516-4C06-9A9B-4594386F429D}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ 60c2551e
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ pmnnNfCV
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ undzg
HKEY_CLASSES_ROOT \ CLSID \ {3229DFCD-3EAF-4712-ED45-4876FEDC170C}
HKEY_CLASSES_ROOT \ CLSID \ {1CBD78E7-DEF4-49F2-9B35-33130D278FFe}
HKEY_CLASSES_ROOT \ CLSID \ {3440A80C-343C-47A9-A316-D2421DE313E1}
HKEY_CLASSES_ROOT \ CLSID \ {52B1DFC7-AAFC-4362-B103-868B0683C697}
HKEY_CLASSES_ROOT \ CLSID \ {a04c370e-0f0a-4cc0-a898-145d19cb5136}
HKEY_CLASSES_ROOT \ CLSID \ {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}
HKEY_CLASSES_ROOT \ CLSID \ {e5c5fe36-0f5a-4368-9a77-be6f882a915e}
HKEY_CLASSES_ROOT \ MSEvents.MSEvents
HKEY_CLASSES_ROOT \ MSEvents.MSEvents.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CBD78E7-DEF4-49F2-9B35-33130D278FFe}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3440A80C-343C-47A9-A316-D2421DE313E1}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52B1DFC7-AAFC-4362-B103-868B0683C697}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a04c370e-0f0a-4cc0-a898-145d19cb5136}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF46BFB3-2ACC-441B-B82B-36B9562C7FF1}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C5FE36-0F5A-4368-9A77-BE6F882A915E}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ gebcy
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ geedc
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {1CBD78E7-DEF4-49F2-9B35-33130D278FFe}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {3440A80C-343C-47A9-A316-D2421DE313E1}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {52B1DFC7-AAFC-4362-B103-868B0683C697}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {a04c370e-0f0a-4cc0-a898-145d19cb5136}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {e5c5fe36-0f5a-4368-9a77-be6f882a915e}
HKEY_CLASSES_ROOT \ CLSID \ {bfbc1a78-cddd-1672-876e-324d6c4686e9}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ c007C212
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ c00E2400
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ __ c00F26F
HKLM \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run Microsoft Updates wtemp32.exe
HKLM \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ RunServices Microsoft Updates wtemp32.exe
HKCU \ Software \ Microsoft \ OLE Microsoft Updates wtemp32.exe
HKLM \ SOFTWARE \ Microsoft \ Ole EnableDCOMN
HKLM \ SYSTEM \ CurrentControlSet \ Control \ Lsa RestrictAnonymous 1
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run@^cfmpgzwd.exe
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ WindowsUpdateManager
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ WindowsUpdateManager
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ 3572

7 Gjenta det samme for:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@^SymantecFilterCheck^=^C:\WINDOWS\system32\svhost.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@^C:\WINDOWS\system32\svhost.exe
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ foobar2000 \ komponenter \ foo_ui_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ The KMPlayer \ PlugIns \ gen_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ The KMPlayer \ PlugIns \ vis_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Yiqilai \ Temp \ foo_ui_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Yiqilai \ Temp \ gen_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Yiqilai \ Temp \ vis_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Svchost @ ^ lixrfy
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ policies \ Explorer \ Run @ ^ vinne aggior
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ Work modul bibliotek
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ Work modul bibliotek
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ livemgr
HKEY_CLASSES_ROOT \ PROTOKOLLER \ Filter \ text / html @ ^ CLSID ^ = ^ {75EA2845-EAD5-486E-A339-59FED49289A6}
HKEY_CURRENT_USER \ Software \ Microsoft @ ^ winId
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion@^dmdai.exe
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ mmva
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ SysDriver32
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ Windows Kjør service
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ \ VIE2.exe
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ RunOnce @ ^ System
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ RunOnce @ ^ System Run
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ RunOnce @ ^ System Update
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ 360rpt.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ 360safe.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ 360safebox.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ 360tray.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ ANTIARP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ ArSwp.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Ast.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ AutoRun.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ AutoRunKiller.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ AvMonitor.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ AVP.COM@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ AVP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ CCenter.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe

8 Fjern disse oppføringene:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Frameworkservice.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ GFUpd.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ GuardField.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ HijackThis.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ IceSword.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Iparmor.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KASARP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ kav32.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KAVPFW.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ kavstart.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ kissvc.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ kmailmon.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KPfwSvc.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KRegEx.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KVMonxp.KXP@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KVSrvXP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KVWSC.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ kwatch.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Mmsk.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Navapsvc.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ nod32krn.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Nod32kui.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ PFW.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ QQDoctor.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RAV.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RavMon.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RavMonD.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe

9 Endelig slette disse oppføringene:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Ravservice.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RavStub.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RavTask.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RAVTRAY.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Regedit.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ rfwmain.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ rfwProxy.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ rfwsrv.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Rfwstub.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RsAgent.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Rsaupd.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RsMain.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ rsnetsvr.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RSTray.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Runiep.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ safeboxTray.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ ScanFrm.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ SREngLdr.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ TrojanDetector.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Trojanwall.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ TrojDie.KXP@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ VPC32.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ VPTRAY.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ WOPTILITIES.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@^moffice^=^C:\WINDOWS\system32\moffice.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ MSMGS
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ \ VIE2.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@^C:\WINDOWS\system32\ivhokbkp.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@^C:\WINDOWS\system32\xaekaxdb.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ Redist32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@^WinDir^=^{bfbc1a78-cddd-1672-876e-324d6c4686e9}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ u3y5uhnu
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run@^A00FCDEFF8.exe

10 Lukk Registerredigering.

Slett filer

11 Klikk på Start-menyen og klikk deretter \ "Søk. \"

12 Sjekk \ "Alle filer og mapper \" og velg harddisken fra rullegardinmenyen.

1. 3 Type \ "w32myztic-f.vxe \" og trykk \ "Enter. \" Slett alle søkeresultater og gjenta for \ "install_cong1.exe, \" \ "install_conga1.exe, \" \ "new.exe, \ "\" install_conga1.exe, \ "\" install_cong1.exe \ "og \" wtemp32.exe. \ "

14 Start datamaskinen på nytt.

Hint

  • Manuell fjerning av Crypt trojan er beregnet for erfarne brukere. Hvis du ikke er komfortabel med foretaket denne oppgaven, klikk på \ "Download Crypt Removal Tool \" på den refererte nettstedet, lagre filen på harddisken din, og deretter kjøre den for å fjerne alle spor av Crypt trojan.
  • Slett kun de registeroppføringer som vises og ikke noe annet å unngå skade på datamaskinen.