Remove DeadLock Virus (W32/Tibs.DKKR)

This virus has strange master files, I don’t know why this virus creator choose apache.exe (popular web server) and mysql.exe (popular database) if users familiar with computer process they will found out this master files easily. Deadlock has been compressed by petite 2.x. with size 80KB, using application icon.

Spreading Technique:

No autorun.inf, Deadlock using desktop.ini then folder.htt to execute flashguard.exe, so… if you’re infected by this virus each folder will contains this 3 files.

1. Desktop.ini
2. Folder.htt
3. Flashguard.exe

Virus Affect:

This virus will deleted all files, not only data or document, virus will removing them all. If this happen to you I really don’t have smart solution for this… You can try using recovery programs, badly this programs not free. Maybe you can try to searching for free recovery programs, Anyway in my experience not all recovery programs working 100% sometimes you can’t get back lost files in 100% if you lost it in long time ago (ex: 1 year ago).

Virus also will deleted system files and make your computers fails to start, consult with your OS vendor how to fix this (In windows XP there is repair tools from CD but don’t know other) if there is no repair tools you have no choice to reinstall your OS then recover back your lost files.

HOW TO:Remove DeadLock Virus Manually:

1. Disable System Restore when in cleaning process.

2. Kill active virus in computer background, use process explorer kill process with name “apache.exe” and “mysql.exe“.

3. To prevent virus active back when you’re in cleaning process I suggest you to register this files into “software restriction police“.

Start -> Run -> Type “SECPOL.MSC” then following this images after that apply to make sure this new rules working.

NOTE: If you’re not using Windows XP Professional,2003 server,vista,2008 you can skip this step.

4. Repair your registry using repair.inf right click on files then click install.



HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

HKCU, Software\Microsoft\Windows\CurrentVersion\Run, apache
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, mysql

5. Delete Master files on:

* %SYSTEMROOT%/system32/apache.exe
* %SYSTEMROOT%/system32/mysql.exe

6. Scan with updated antivirus programs to make sure your computer clean, you can use Norman mallware cleaner for free, download it from here.

Source: Istanto

Bookmark and Share

5 komentar :

Anonim mengatakan... [Reply to comment]

Great article.

my website :: glucosamine tablets

Anonim mengatakan... [Reply to comment]

It's wonderful that you are getting thoughts from this article as well as
from our discussion made here.

Feel frse to visit my website - wyoming date ideas

Anonim mengatakan... [Reply to comment]

I'm impressed, I have to admit. Seldom do I encounter a blog
that's equally educative and amusing, and without a doubt, you have hit the
nail on the head. The issue is something too few folks are speaking intelligently about.
I'm very happy I found this during my hunt for something concerning this.

Feel free to visit my blog - house cleaning services norcross ga

Gege Dai mengatakan... [Reply to comment]

ray ban glasses
hollister clothing
oakley sunglasses outlet
nike tn pas cher
kate spade uk
true religion jeans
cheap oakleys
michael kors handbag
ed hardy clothing
nike tn
toms shoes outlet
snapback hats wholesale
ralph lauren uk
tory burch shoes
soccer jerseys
burberry outlet online
coach outlet online
replica watches
michael kors uk
pandora jewelry
toms outlet
gucci outlet
oakley sunglasses discount
kate spade bags
coach outlet
ray bans
ralph lauren
jordan pas cher
chaussure louboutin
air max 90
christian louboutin outlet
coach outlet online
michael kors bag
oakley sunglasses wholesale
fitflops outlet
mcm outlet
oakley sunglasses outlet
coach factory outlet
burberry outlet
chanel online shop

chenlina mengatakan... [Reply to comment]

ralph lauren outlet
true religion jeans
michael kors outlet
michael kors
coach outlet
replica rolex watches
michael kors outlet online
michael kors outlet
air max 95
toms promo code
coach outlet
louis vuitton outlet
michael kors outlet online
kobe bryant shoes 2015
michael kors handbags
hollister,hollister co,hollister jeans,hollister.com,hollister ca,hollister clothing
ed hardy clothing
michael kors outlet online
louis vuitton
toms wedges,toms.com,toms promo code,toms shoes outlet,toms canada,toms shoes sale
adidas uk
pandara jewelry
true religion jeans
michael kors handbags
tory burch outlet
polo ralph lauren uk
coach outlet
ray ban sunglasses
coach outlet
hollister uk
christian louboutin outlet
michael kors outlet
football shoes
coach outlet online
jordan 3s
toms shoes
oakley sunglasses sale
oakley sunglasses

Posting Komentar

Silahkan tinggalkan komentar anda disini...

Ujie Caprone | © 2011 Blogger Template by Ujiecaprone.com