This time-bomb virus will deleted all your data in your hard-disk and flash-disk  including system files for each file founded on date 12-13 around 8-9 AM each month. If you got this message in your computer then you have infected by this Deadlock Virus.

deadlock-1

This virus has strange master files, I don’t know why this virus creator choose apache.exe (popular web server) and mysql.exe (popular database) if users familiar with computer process they will found out this master files easily. Deadlock has been compressed by petite 2.x. with size 80KB, using application icon.

deadlock-2

Spreading Technique:

No autorun.inf, Deadlock using desktop.ini then folder.htt to execute flashguard.exe, so… if you’re infected by this virus each folder will contains this 3 files.

  1. Desktop.ini
  2. Folder.htt
  3. Flashguard.exe

deadlock-4

deadlock-5

Virus Affect:

This virus will deleted all files, not only data or document, virus will removing them all. If this happen to you I really don’t have smart solution for this… You can try using recovery programs, badly this programs not free. Maybe you can try to searching for free recovery programs, Anyway in my experience not all recovery programs working 100% sometimes you can’t get back lost files in 100% if you lost it in long time ago (ex: 1 year ago).

Virus also will deleted system files and make your computers fails to start, consult with your OS vendor how to fix this (In windows XP there is repair tools from CD but don’t know other) if there is no repair tools you have no choice to reinstall your OS then recover back your lost files.

HOW TO:Remove DeadLock Virus Manually:

1. Disable System Restore when in cleaning process.

2. Kill active virus in computer background, use process explorer kill process with name “apache.exe” and “mysql.exe“.

deadlock-6

3. To prevent virus active back when you’re in cleaning process I suggest you to register this files into “software restriction police“.

Start -> Run -> Type “SECPOL.MSC” then following this images after that apply to make sure this new rules working.

deadlock-7

deadlock-8

deadlock-9

deadlock-10

NOTE: If you’re not using Windows XP Professional,2003 server,vista,2008 you can skip this step.

4. Repair your registry using repair.inf right click on files then click install.

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, apache
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, mysql

5. Delete Master files on:

  • %SYSTEMROOT%/system32/apache.exe
  • %SYSTEMROOT%/system32/mysql.exe

6. Scan with updated antivirus programs to make sure your computer clean, you can use Norman mallware cleaner for free, download it from here.

DONE, if you meet problem let’s discuss it in here :D

Similar Posts:

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!