| Antivirus | Spyware & Adware removal | Registry Cleaner | Windows updates | Web Protection |

    ¤ Solutions
 »  Security Main Page
 »  Virus Removal
 »  Spywares Removal
 »  Trojans Removal
 »  Our Forums
 »  Our Blogs
    ¤ Populer Threads
 »  Remove fake Antivirus
 »  Rmov SpywareGuard 2008
 »  Remove Sinowal trojan
 »  Remove Virtumonde
 »  Remove Vundo troajn
 »  Google Search redirect
 »  Trojan Downloader
 »  Trojan Dropper
 »  Trojan Generic
 »  Worm32 NetBooster
 »  Zlob trojan removal
 »  Generic Host Proccess
 »  Remove Winweb Security
 »  Virus Trigger Removal
 »  Spyware CyberLog-x
 »  Cookies - 207.net
 »  AdWare.Adrotator
 »  See Other virus removal
    ¤ Tweaks
 »  Proxy Sites
 »  Computer & Internet
 »  Folder Lock
 »  Hack Windows Admin
 »  Windows Utilities - Tips

    ¤ Downloads
 »  Super Anti Spyware
 »  MalwareBytes
 »  Threat Fire
 »  Anti Viruses
 »  Firewalls
 »  Registry Cleaners
 »  See all Downloads

 
Remove Trojan.Fiala.a worm

W32.Fiala.A is a worm that spreads itself through your removable drives. W32.Fiala.A blocks certain applications from launching, and, as an early birthday gift, W32.Fiala.A may drop Trojans on your PC (think Trojan Horse, Hacktool.Rootkit or Trojan.KillAV).

Thanks, W32.Fiala.A.

Block W32.Fiala.A sites:
wuc8.com
wuc9.com

Get rid of W32.Fiala.A files:
%DriveLetter%\JR.PIF

%DriveLetter%\AUTORUN.INF

%System%\dllcache\linkinfo.dll (a clean file that may already be present)

%System%\mfc1.dll (a legitimate copy of Microsoft’s MSVCR71.dll)

%SystemDrive%\AUTORUN.INF

%SystemDrive%\bps.dll (a copy of Trojan Horse)

%ProgramFiles%\henaji.pif (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)

%Windir%\Fonts\bat.sys (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)

%Windir%\Fonts\kpsp.sys (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)

%Windir%\Fonts\lstis.sys (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)

AS21a669aS

Delete W32.Fiala.A registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravservice.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\”CheckedValue” = “2?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nod32kui.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonxp.KXP\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVTRAY.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfwstub.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ast.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.COM\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMain.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTray.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Runiep.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.EXE\”debugger” = “%System%\dllcache\spoolsv.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngLdr.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.KXP\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”




 

 
 
eXTReMe Tracker
Anti Virus - Spyware Removal - Trojan Removal - Registry Repair

         About DARFUN INC © Copyright darfuns.com
                 DARFUN CORPORATION. 2004 est