Showing posts with label instruction. Show all posts
Showing posts with label instruction. Show all posts

Tuesday, March 28, 2017

Win32 Bundpil Virus Removal Instruction

Win32 Bundpil Virus Removal Instruction



The worm Win32/Bundpil.s, Win32/Bundpil.a  or win32/ bundpil.xx or win32.agent bundpil  was added by eset on January 10, 2013. The indications that you are infected with this malicious worm is; when  opening the  flash drive, usb drive, external hard drive or any external storage device, you haven’t seen anything except thBundpil esete shortcut link file of the name of your external storage device.Example, if you have a 4 Gb removable drive and you try open it, the  drive letter of that certain drive would only show a shortcut  link  such as  xxxx(4gb).lnk (where xxxx is the name of the removable device) and (4gb is the size of the flash drive) and all of your files suddenly  disappear.  Sometimes you see nothing even the shortcut link icon because it is deleted with your anti virus software.Actually the files in the flash disk wasnt really disappear or deleted. It’s just move to  another folder, just click the shortcut link of the drive and you will be redirected to your  files. But be aware clicking the shortcut is equivalent of clicking a virus.To fix the problem, update the  anti-virus  into  it’s latest  signature. Then run a quick scan to  your computer including the infected external storage device . After the worm Win32/Bundpil.s win32/bundpil.xx has been remove, follow the steps below to completely fix and restore your external drive way back before the problem occurs.

But Before you proceed make sure you have select and unhide the following:



  • Select Show hidden files, folders, or drives

  • Uncheck Hide extensions for known file types

  • Unchecked Hide protected operating files (recommended)


All the selection is located in My Computer, Tools, Folder Options Menu.







Bundpil VirusOpen the removable drive and delete the  all files except the encircled one.

Then open the disk like icon, that is the place where all your file move by Win 32 Bundpil.S Worm.

After opening it, select all the files inside, and cut and paste it outside that encircled disk icon.

Delete the disk  icon to complete the recovery. Now remove your external drive and put it back again and check if the same problem occurs.  If you see your files again, you did it right. You have successfully completed the  instruction.

Note: the above procedure such as the disk like icon with no drive letter and the file autorun.inf and _Wq.init are hidden by default. Be sure to follow the above instructions.

Related Articles:


  • Watch  instruction of fixing infected usb drive video
  • Fix external storage device using the Virus Removal tools 
  • Detailed information of flash drive  worm infector

Available link for download

Read more »
Posted by at
Labels: , , , ,

Wednesday, November 9, 2016

Win32 Sality Worm Virus Complete Removal Instruction

Win32 Sality Worm Virus Complete Removal Instruction


When the Worm Win32 Sality strike into my computer, it causes me headache. All uncompressed  executable file I have save to my computer were all infected and cant used anymore. But the real problem wasnt stop there, all the computer connected in the network were also infected.

At that time of infection, there are limited updates and removal tool available in the web and most of the tools were only  good for prevention (not those computer already infected).The thing I did at that time was isolate the infected computer in the network ad backup all important files (win32 sality was not include at backup). Then I  Format and reprogram the computer; install and update antivirus definitions.


This solution comes into my mind  because its the fastest way to remove the win32 sality worm rather than removing entries in Windows Registry.

So what is Win32 Sality?


A Win32 Sality worn  is a family of polymorphic file infectors that target Windows executable files with win32/salityextensions .SCR or .EXE. They may execute a damaging payload that deletes files with for executable files and will attach its code previously processed. It will also infects computer connected to the network rapidly. It also infect the system such as telnet.exe, write.exe, regedt32.exe, cmd.exe, notepad.exe files and run in memory processes making it complicated to remove.

Causes

  • Installed via links in undesirable e-mail attachments

  • Infected Removable device inserted into good computer

  • Network computer is infected

The Symptoms

  • Blue screen when trying to enter in Safe Mode

  • When opening  executable files infected NSIS error appear

  • Removable disk drives contains Autorun.inf which have random strings and shell commands lines pointing to a file in same folder

  • For example the executable files of the installer is 20 Mb, It will be reduce or modified to around 160 Kbytes

Removal Instruction

  • Always Update the Virus Definitions

  • Run Win32 Sality Removal Tools
Removal instruction (with  extra caution)
Registry Editing:
  • Go to Start Menu

  • Click Run (Windows XP) Search (Windows Vista and Windows 7)

  • Type Regedit

  • Press Enter

  • Then locate and delete these registry entries.

Delete the  following registry key
  • amsint32 located at
    HKEY_LOCAL_MACHINESYSTEMControlSet001Services

  • amsint32 located at
    HKEY_LOCAL_MACHINESYSTEMControlSet002Services

  • amsint32 located at
    HKEY_LOCAL_MACHINESYSTEMControlSet003Services

  • Qurdk located at
    HKEY_CURRENT_USERSoftware

Note: Before removing the registry entries, you must have first update your antivirus or run a complete scan using the removal tools
Clik here to download removal tools

Available link for download

Read more »
Posted by at
Labels: , , , , , ,
Subscribe to: Posts (Atom)