Expert Virus Removal Services and Technical advice.

We are Providing Computer users with Expert Virus Removal Services and Technical Advice.

Threats and their Removal.

Do you need a quick solution to a technical problem? With our live remote-assistance tool, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution.

Spywares and their Removal.

Are you worried that your computer might be nfected with Spywares? Then this is were you can find Support.

Advices for Protecting the Computer.

Expert Advices for Protecting your computer from attacks from all threats

Different Anti Virus Software and Tools.

Familiarizing different Anti Virus Software and removal Tools.

January 14, 2011

WORM_CORONEX.A

This is a worm that comes as an email with an attachment with a names sars.exe, Virus.exe, Corona.exe, death.exe, CV.exe from the emails sars2@hotmail.com, corona@hotmail.com.It is a very dangerous and spreads very fast when executed and slows down the PC.

Effects:
It does the following things when executed:
  • Changes the home page to http://www.who.int/csr/don/2003_04_19/en/ 
  • Drops its file CORONA.exe in windows folder 
  • Adds itself to the registry key HKLM\Software\Microsoft\Windows\Current Version\Run "PC-Config32" = "C:\corona.exe -A" 
  • Drops a file in C:\My Download or in the current directory where it is executed.
  • The corrupted file is filled with useless data that occupies unwanted space on the hard disk which goes up to Certain GB's.
It drops itself as any of the following

  • Age Of Mythology.exe
  • Battlefield 1942 (full).exe
  • Black Hawk Down (full).exe
  • Doom 3.exe
  • Grand Theft Auto 3 (full).exe
  • Medel Of Honor: Allied Assault.exe
  • Quake 3 Full Version.exe
  • Rainbow 6 Full.exe
  • Return to Castle Wolfenstien (Full).exe
  • Starcraft full.exe
  • The Lord of the Rings.exe
  • The Sims: Unleashed.exe
  • Unreal 2: The Awakening (full).exe
  • Warcraft III Full.exe 
  •  It checks this registry key to obtain list of addresses HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name 
  • Initiates its own SMTP engine to send emails with any of the names Corona.exe, hongkong.exe, Virus.exe, Sars.exe, Deaths.exe from senders virus2@china.com
  • It also modifies the home page as http://www.who.int/csr/don/2003_04_19/en/ which is a site on SARS 

Manual Removal of Security Tool

Security tool which is a rogue anti-virus program that automatically scans the computer and will show fake security alerts, and induces users in to purchasing a fake anti-virus. It will disable all the windows legitimate programs and shows them as infected which actually are not.

Removal Instructions:

  • The first and foremost thing we need to do is go to safe mode with networking.
  • Kill the processes that are running in the background using MS-config or download Rkill.exe from the site www.bleepingcomputer.com or Process explorer.exe and run it. It will kill all the processes. Don't restart the computer.
  • Open Run and type  %user profile%\desktop which will open desktop and click on Iexplore.exe
  • Download the Malware Bytes and rename it as Explorer.exe while saving  which is safe and does not give any code 2 error while execution as Security tool thinks it as a Windows Process.
  • Run the tool and perform a full system scan on it. It will complete and show results like this.
Malware bytes displaying the results of Security Tool
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system. In order to protect itself, Security Tool changes the permissions of the HOSTS file so you can't edit or delete it. To fix these permissions please download the file hosts-perm.bat file and save it to your desktop.When the file has finished downloading, double-click on the hosts-perm.bat file and click Ok. We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file. Once it is deleted, download the HOSTS file that corresponds to your version of Windows and save it in the C:\Windows\System32\Drivers\etc folder and delete the Explorer.exe program from your desktop.

Security Tool

This is a very frustrating Fake Anti-virus program that keeps on showing you fake threats on the computer and asks to purhcase. Security tool is a rogue anti-spyware program from the same family as System Security which is promoted through the use of Trojans and web pop-ups.

System Tool 2011



System Tool 2011 with an alias System Tool is a virus made to look like a legitimate anti-virus program but in reality it was a piece of fake application or commonly known as rogue security program. It will arrived on computers as a recommended virus removal tool from a fake online virus scanners. Instead of getting rid of computer threats, victims will experienced a more disturb computer system. A continuous pop-up alerts will be displayed accompanied by a promotion to get the licensed version of System Tool 2011. Some Windows functionality will be rendered unusable like task manager, registry editor and control panel. This was intended to prevent users from removing System Tool 2011 manually.

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More