Remove DeadLock Virus (W32/Tibs.DKKR)

This time-bomb virus will deleted all your data in your hard-disk and flash-disk including system files for each file founded on date 12-13 around 8-9 AM each month. If you got this message in your computer then you have infected by this Deadlock Virus.

deadlock-1

This virus has strange master files, I don’t know why this virus creator choose apache.exe (popular web server) and mysql.exe (popular database) if users familiar with computer process they will found out this master files easily. Deadlock has been compressed by petite 2.x. with size 80KB, using application icon.

deadlock-2

Spreading Technique:

No autorun.inf, Deadlock using desktop.ini then folder.htt to execute flashguard.exe, so… if you’re infected by this virus each folder will contains this 3 files.

  1. Desktop.ini
  2. Folder.htt
  3. Flashguard.exe

deadlock-4

deadlock-5

Virus Affect:

This virus will deleted all files, not only data or document, virus will removing them all. If this happen to you I really don’t have smart solution for this… You can try using recovery programs, badly this programs not free. Maybe you can try to searching for free recovery programs, Anyway in my experience not all recovery programs working 100% sometimes you can’t get back lost files in 100% if you lost it in long time ago (ex: 1 year ago).

Virus also will deleted system files and make your computers fails to start, consult with your OS vendor how to fix this (In windows XP there is repair tools from CD but don’t know other) if there is no repair tools you have no choice to reinstall your OS then recover back your lost files.

HOW TO:Remove DeadLock Virus Manually:

1. Disable System Restore when in cleaning process.

2. Kill active virus in computer background, use process explorer kill process with name “apache.exe” and “mysql.exe“.

deadlock-6

3. To prevent virus active back when you’re in cleaning process I suggest you to register this files into “software restriction police“.

Start -> Run -> Type “SECPOL.MSC” then following this images after that apply to make sure this new rules working.

deadlock-7

deadlock-8

deadlock-9

deadlock-10

NOTE: If you’re not using Windows XP Professional,2003 server,vista,2008 you can skip this step.

4. Repair your registry using repair.inf right click on files then click install.

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, apache
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, mysql

5. Delete Master files on:

  • %SYSTEMROOT%/system32/apache.exe
  • %SYSTEMROOT%/system32/mysql.exe

6. Scan with updated antivirus programs to make sure your computer clean, you can use Norman mallware cleaner for free, download it from here.

DONE, if you meet problem let’s discuss it in here 😀

Similar Posts:

11 thoughts on “Remove DeadLock Virus (W32/Tibs.DKKR)”

  1. I Got shortcut virus….damn…i try to remove them as u teach…i hope.i give u know later…when i finished.thx alot

  2. waaaah bos , saya ikutin cara boss dngan merubah MKLM kaya yg d contohin bos di atas kok , pc sya jadi aneh !!
    smua shortcut nya ga bsa dibuka ! knpa tu yah ??
    tolongin doooong…. please solusunya ???

  3. smua shortcut klo d klik , kluarnya kya gini “open with” msuk register jga sma kluarnya “open with” jaga
    tolong dong…

  4. rapid weight loss

    Simply wish to say your article is as amazing. The clearness in your publish is simply cool and that i could assume you
    are a professional on this subject. Well with your permission
    let me to seize your feed to keep updated with imminent
    post. Thank you 1,000,000 and please carry on the rewarding
    work.

  5. I am regular visitor, how are you everybody?
    This piece of writing posted at this site
    is genuinely fastidious.

  6. Hello There. I discovered your blog the use of msn. That is a very well written article.
    I’ll be sure to bookmark it and come back to learn more of your useful info.
    Thanks for the post. I’ll certainly return.

  7. Everyone loves what you guys tend to be up too.
    Such clever work and coverage! Keep up the excellent
    works guys I’ve you guys to my own blogroll.

  8. Pingback: Google

  9. Pingback: Google

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.