- > Imaut Worm Removal
- > Contains: Documentation of what it is
- Manual removal steps
- Helpful links
- +=======[ Document #1 ]========+
- >> http://www.srnmicro.com/procinfo/regsvr.htm
- Path: C:\WINDOWS\Regsvr.exe Quicklink: %WINDOWS%\Regsvr.exe
- Type: Worm
- Name: Worm.Win32.AutoIt
- Alias: Trojan.Win32.Autoit.ci, W32/Sohana-AZ, W32/YahLover.worm, W32.Imaut, TR/Autoit.CI.14 W32/Autorun-CG, WORM_DELF.FKZ
- Threat: Medium
- Detials: Regsvr.exe is dropped by AutoIt worm. It spreads by copying itself to removable storage devices like pen drives. It also drops several copies of itself in the
- infected system and network drives. Additionally it attempts to place autorun.inf in the root directory. So that infected file will be executed next time when the
- drive is accessed. When the worm file is executed, copies itself to Windows folder with a random file name in the background. Most of the AutoIt variants drops
- regsvr.exe as main file. Then it modifies registry to load automatically on the next startup. AutoIt worm creates following file in the removable drive like pen drive
- <Pen Drive Root>\autorun.inf.
- Several variants of AutoIt worm reported in the wild. It is also known as Trojan.Win32.Autoit.ci, W32/Sohana-AZ, W32/YahLover.worm, W32.Imaut,
- TR/Autoit.CI.14 W32/Autorun-GG, WORM_DELF.FKZ.
- +=======[ Document #2 ]========+
- >> http://www.scanforfree.com/19/w32-imaut-remover.html
- Details: W32.Imaut is a worm virus that spreads via Yahoo! and Windows Messenger and downloads mailicious programs and generates corrupt files in Windows
- system directories. W32.Imaut can also spread via file-sharing games, music and movie downloads or via undesirable bulk e-mails. Once inside the system,
- worm Imaut will activate corrupt regsvr.exe, regsvr.exe, winhelp.exe files and download additional malware infections onto the system.
- ** W32.Imaut is a severe worm that may hijack the system and download other threats that can steal confidential data and harm vital system files! **
- Common warning signs: Changed Windows desktop tray icons, shortcuts and background picture
- Especially hard to erase Imaut manually, patch up and reinstall its files after manual deletion
- Sluggish browser startup and Internet performance, sluggish Windows system
- Eradicated registry, dll's and system files causing "Blue Screen" error
- Porn advertisements pop ups appear with and without pop up blocker software
- Browser home page, error page and search page replaced with strange website
- Unusual Imaut running processes in the Windows task manager, can't turn off bleeping noise from tower speaker
- Common hijack activities: Imaut sends login names, passwords and other secret data to hackers by avoiding anti-virus, firewalls and other security programs
- Logs system settings, registry activity and captures browsing habits to install equivalent pop ups
- Imaut sneaks into the Pc via browser security leaks and infect the system with mischievous adware and spyware programs
- +=========[ Removal ]=========+
- How to remove W32.Imaut worm manually: http://www.ethicalhackers.in/operating-systems/how-to-remove-regsvr-exe-manually.html
- 1) First search for autorun.inf file.It would be in Read Mode normally you need to change it by right clicking the file , selecting the properties and un-check the read only
- 2) Now Open the file in notepad and delete everything and save it.
- 3) Change the file status to read only mode so that the virus could not get access again.
- 4) Click on Start->run and type msconfig
- 5) Search for regsvr and uncheck any options, click OK.
- 6) Now goto Control Panel -> Scheduled Tasks, and delete the At 1 task which would be listed here.
- 7) Now type regedit in the Run dialog to open the registry editor.
- 8) Select on Edit -> Find and search for regsvr.exe
- 9) Delete all the occurrences of regsvr.exe
- 10) Now browse to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the entry Shell = Explorer.exe regsvr.exe
- to delete the regsvr.exe from here also.
- 11) Now finally goto System 32 Folder and search for regsvr.exe. But before that uncheck Hide Protected System Files and Folders for viewing it.
- +=========[ Help Links ]========+
- Other methods: http://www.techtipsgeek.com/re-enable-registry-editor-disabled-virus/4392/
- Finding other viruses: Open drive with winrar, remove the unwanted bs from the drive.
a guest Oct 10th, 2012 50 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data