HOW TO: Remove Facebook Virus W32/Obfuscated.D2!genr

Computer virus always using sociable technique to infecting their victims. When there is gossip virus creator always using this gossip to spreading their virus ex:paris hilton xxx movies, what FBI hidding from us, etc. This time they’re using facebook popularity to infect all facebook fans. This virus also has been reported bundled with FAKE antispyware security tools.

When you see this on your monitor that mean you’re already infected.

Just ignore this fake antispyware warning, if you follow it you will get more virus infected your computer or your operating system gonna be corrupt.

How to Remove Facebook Virus W32/Obfuscated.D2!genr :

1. It’s recommended to running windows in “safe mode” when in cleaning process, backup all your important data first!.

2. Disable “System Restore” when in cleaning process.

3. Disconnected your computers from local network.

4. Download “unlocker” and install it.

5. Download “security task manager” then kill virus process active in computer background.

[to_plus]

6. Download repair.inf then right click, choose “install”. Make sure repair.inf content same with this:

[Version]

Signature=”$Chicago$”
Provider=nobody

[DefaultInstall]
AddReg=inject
DelReg=rem

[inject]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe €œ%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, €œExplorer.exe”
HKCU, Software\Microsoft\Internet Explorer\Main, tart Page,0, €œabout:blank”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,userinit,0, €œuserinit.exe”

[rem]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,reader_s
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,47543326
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,PromoReg
HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,reader_s
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,EnableProfileQuota
HKLM, SOFTWARE\AGProtect
HKLM, SOFTWARE\47543326
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network, UID
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion, Rlist
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{8FFA689D-2C2B-2B2E-D865-74C04CA4EF06}

7. Delete this file list has been created by virus, before you doing this set your computers to show all hidden files.

%systemroot%\Documents and Settings\All Users\Application Data\47543326
%systemroot%\Documents and Settings\%user%\Start Menu\Programs\Security Tools.lnk
%systemroot%\Documents and Settings\%user%\Desktop\Security Tools.lnk
%systemroot%\Documents and Settings\%user%\Application Data\wiaservg.log
%systemroot%\Documents and Settings\%user%\Local Settings\Temp\*.tmp
%systemroot%\WINDOWS\Temp\wpv311256600826.exe
%systemroot%\WINDOWS\Temp\wpv411256806849.exe
%systemroot%\Documents and Settings\%user%\reader_s.exe
%systemroot%\Documents and Settings\%user%\Start Menu\Programs\Startup\isqsys32.exe
%systemroot%\WINDOWS\system32\reader_s.exe
%systemroot%\Windows\system32\wbem\proquota.exe
%systemroot%\windows\system32\sdra64.exe

%systemroot%\Windows\system32\lowsec
local.ds
user.ds
user.ds.lll

* NOTE: when you have problem deleted folder %systemroot%\Windows\system32\lowsec and file %systemroot%\windows\system32\sdra64.exe please use unlocker. Right click on folder/files then choose unlocker, choose deleted then click OK. If there any warning just ignore it.

7. Deleted all temporary files using ATF-Cleaner.

8. Update your best antivirus then scan full all your system, make sure there is no virus/worm/trojan left.

9. Subscribe to my blog… hehehe 😀

Good luck, have a great day 🙂

[Version]
Signature=”$Chicago$”
Provider=nobody[DefaultInstall]
AddReg=inject
DelReg=rem[inject]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe €œ%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, €œExplorer.exe”
HKCU, Software\Microsoft\Internet Explorer\Main, tart Page,0, €œabout:blank”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,userinit,0, €œuserinit.exe”

[rem]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,reader_s
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,47543326
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,PromoReg
HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,reader_s
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,EnableProfileQuota
HKLM, SOFTWARE\AGProtect
HKLM, SOFTWARE\47543326
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network, UID
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion, Rlist
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{8FFA689D-2C2B-2B2E-D865-74C04CA4EF06}

Similar Posts:

10 thoughts on “HOW TO: Remove Facebook Virus W32/Obfuscated.D2!genr”

  1. I can see which you are an expert at your field! I’m launching a online web site quickly, and your particulars will in all probability be fairly helpful for me.. Thanks for all your help and wishing you all of the success.

  2. plantas purificadoras de agua

    Maintain the excellent job mate. This web blog publish shows how well you comprehend and know this subject.

  3. หนังxฟรี

    Hello it’s me, Ι am also visіting this web site on a regulаr basis, this web page is in fact pleasant
    and the peоple are really sharing good thoughts.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.