Hvordan bli kvitt av Crypt Trojan Worm
Crypt trojan er den generelle navnet for trojanske virus med Crypt som en del av navnet. Disse trojanere er i stand til å koble til Internett og laste ned skadelige programmer på egenhånd. Den nedlastede spyware kan stjele din private sensitiv informasjon og bistå i identitetstyveri. Crypt er også en bakdør trojan, noe som betyr at det tillater ekstern tilkobling til datamaskinen av hackere. Dette kan resultere i stjålet informasjon, uautoriserte e-poster sendt fra innboksen og datamaskinen skade. Fjern Crypt umiddelbart hvis oppdaget.
Bruksanvisning
Avslutt systemprosesser
1 Trykk på \ "Ctrl, \" til \ "Shift \" og \ "Esc \" tastene samtidig starte Windows Oppgavebehandling.
2 Klikk på \ "Prosesser \" -kategorien, trykker du på \ "Ctrl \" og velg \ "wtemp32.exe \" og \ "new.exe \" systemprosesser.
3 Klikk på \ "End Process \" knappen og lukk Oppgavebehandling.
Slett registeroppføringer
4 Gå til \ "Start \" menyen og klikk på \ "Run. \"
5 Skriv inn \ "regedit \" og klikk på \ "OK \" for å starte Registerredigering.
6 Bla til og slette følgende registeroppføringer:
HKEY_CLASSES_ROOT \ SymantecFilterCheck
HKEY_CLASSES_ROOT \ CLSID \ {E3C1BC70-1607-43BD-A055 Orec-ACB4BF8DBA88}
HKEY_CLASSES_ROOT \ NewBopoMediumPop.PopBopo
HKEY_CLASSES_ROOT \ NexiAdPopup.DILogc
HKEY_CLASSES_ROOT \ NexiAdPopup.DILogc.1
HKEY_CLASSES_ROOT \ NexkAdPopup.DKLogc
HKEY_CLASSES_ROOT \ NexkAdPopup.DKLogc.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{E3C1BC70-1607-43BD-A055-ACB4BF8DBA88}
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ skyxpserver
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ lixrfy
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Abel
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ enqueue
HKEY_CLASSES_ROOT \ CLSID \ {75EA2845-EAD5-486E-A339-59FED49289A6}
HKEY_CLASSES_ROOT \ CLSID \ {C80F2C34-B4A7-4F23-A99E-D55DB29DC30D}
HKEY_CLASSES_ROOT \ Interface \ {3C563030-29AA-496A-85F9-2A91F3A7D203}
HKEY_CLASSES_ROOT \ TypeLib \ {9B74BBC9-9516-4C06-9A9B-4594386F429D}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ 60c2551e
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ pmnnNfCV
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ undzg
HKEY_CLASSES_ROOT \ CLSID \ {3229DFCD-3EAF-4712-ED45-4876FEDC170C}
HKEY_CLASSES_ROOT \ CLSID \ {1CBD78E7-DEF4-49F2-9B35-33130D278FFe}
HKEY_CLASSES_ROOT \ CLSID \ {3440A80C-343C-47A9-A316-D2421DE313E1}
HKEY_CLASSES_ROOT \ CLSID \ {52B1DFC7-AAFC-4362-B103-868B0683C697}
HKEY_CLASSES_ROOT \ CLSID \ {a04c370e-0f0a-4cc0-a898-145d19cb5136}
HKEY_CLASSES_ROOT \ CLSID \ {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}
HKEY_CLASSES_ROOT \ CLSID \ {e5c5fe36-0f5a-4368-9a77-be6f882a915e}
HKEY_CLASSES_ROOT \ MSEvents.MSEvents
HKEY_CLASSES_ROOT \ MSEvents.MSEvents.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CBD78E7-DEF4-49F2-9B35-33130D278FFe}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3440A80C-343C-47A9-A316-D2421DE313E1}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52B1DFC7-AAFC-4362-B103-868B0683C697}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a04c370e-0f0a-4cc0-a898-145d19cb5136}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF46BFB3-2ACC-441B-B82B-36B9562C7FF1}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C5FE36-0F5A-4368-9A77-BE6F882A915E}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ gebcy
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ geedc
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {1CBD78E7-DEF4-49F2-9B35-33130D278FFe}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {3440A80C-343C-47A9-A316-D2421DE313E1}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {52B1DFC7-AAFC-4362-B103-868B0683C697}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {a04c370e-0f0a-4cc0-a898-145d19cb5136}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Browser Helper Objects \ {e5c5fe36-0f5a-4368-9a77-be6f882a915e}
HKEY_CLASSES_ROOT \ CLSID \ {bfbc1a78-cddd-1672-876e-324d6c4686e9}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ c007C212
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ c00E2400
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Winlogon \ Varsle \ __ c00F26F
HKLM \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run Microsoft Updates wtemp32.exe
HKLM \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ RunServices Microsoft Updates wtemp32.exe
HKCU \ Software \ Microsoft \ OLE Microsoft Updates wtemp32.exe
HKLM \ SOFTWARE \ Microsoft \ Ole EnableDCOMN
HKLM \ SYSTEM \ CurrentControlSet \ Control \ Lsa RestrictAnonymous 1
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run@^cfmpgzwd.exe
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ WindowsUpdateManager
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ WindowsUpdateManager
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ 3572
7 Gjenta det samme for:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@^SymantecFilterCheck^=^C:\WINDOWS\system32\svhost.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@^C:\WINDOWS\system32\svhost.exe
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ foobar2000 \ komponenter \ foo_ui_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ The KMPlayer \ PlugIns \ gen_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ The KMPlayer \ PlugIns \ vis_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Yiqilai \ Temp \ foo_ui_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Yiqilai \ Temp \ gen_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Yiqilai \ Temp \ vis_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Svchost @ ^ lixrfy
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ policies \ Explorer \ Run @ ^ vinne aggior
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ Work modul bibliotek
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ Work modul bibliotek
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ livemgr
HKEY_CLASSES_ROOT \ PROTOKOLLER \ Filter \ text / html @ ^ CLSID ^ = ^ {75EA2845-EAD5-486E-A339-59FED49289A6}
HKEY_CURRENT_USER \ Software \ Microsoft @ ^ winId
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion@^dmdai.exe
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ mmva
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ SysDriver32
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ Windows Kjør service
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run @ ^ \ VIE2.exe
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ RunOnce @ ^ System
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ RunOnce @ ^ System Run
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ RunOnce @ ^ System Update
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ 360rpt.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ 360safe.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ 360safebox.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ 360tray.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ ANTIARP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ ArSwp.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Ast.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ AutoRun.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ AutoRunKiller.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ AvMonitor.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ AVP.COM@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ AVP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ CCenter.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
8 Fjern disse oppføringene:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Frameworkservice.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ GFUpd.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ GuardField.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ HijackThis.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ IceSword.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Iparmor.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KASARP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ kav32.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KAVPFW.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ kavstart.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ kissvc.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ kmailmon.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KPfwSvc.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KRegEx.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KVMonxp.KXP@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KVSrvXP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ KVWSC.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ kwatch.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Mmsk.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Navapsvc.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ nod32krn.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Nod32kui.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ PFW.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ QQDoctor.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RAV.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RavMon.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RavMonD.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
9 Endelig slette disse oppføringene:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Ravservice.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RavStub.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RavTask.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RAVTRAY.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Regedit.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ rfwmain.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ rfwProxy.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ rfwsrv.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Rfwstub.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RsAgent.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Rsaupd.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RsMain.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ rsnetsvr.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ RSTray.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Runiep.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ safeboxTray.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ ScanFrm.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ SREngLdr.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ TrojanDetector.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ Trojanwall.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ TrojDie.KXP@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ VPC32.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ VPTRAY.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ Image File Execution Options \ WOPTILITIES.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@^moffice^=^C:\WINDOWS\system32\moffice.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ MSMGS
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ \ VIE2.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@^C:\WINDOWS\system32\ivhokbkp.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@^C:\WINDOWS\system32\xaekaxdb.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ Redist32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@^WinDir^=^{bfbc1a78-cddd-1672-876e-324d6c4686e9}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Run @ ^ u3y5uhnu
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currentversion \ Run@^A00FCDEFF8.exe
10 Lukk Registerredigering.
Slett filer
11 Klikk på Start-menyen og klikk deretter \ "Søk. \"
12 Sjekk \ "Alle filer og mapper \" og velg harddisken fra rullegardinmenyen.
1. 3 Type \ "w32myztic-f.vxe \" og trykk \ "Enter. \" Slett alle søkeresultater og gjenta for \ "install_cong1.exe, \" \ "install_conga1.exe, \" \ "new.exe, \ "\" install_conga1.exe, \ "\" install_cong1.exe \ "og \" wtemp32.exe. \ "
14 Start datamaskinen på nytt.
Hint
- Manuell fjerning av Crypt trojan er beregnet for erfarne brukere. Hvis du ikke er komfortabel med foretaket denne oppgaven, klikk på \ "Download Crypt Removal Tool \" på den refererte nettstedet, lagre filen på harddisken din, og deretter kjøre den for å fjerne alle spor av Crypt trojan.
- Slett kun de registeroppføringer som vises og ikke noe annet å unngå skade på datamaskinen.