Here is steps for clean DeadLock Virus manually:
1. Disable [System Restore] during the cleaning process. Enter the Start menu>> Control Panel>> System>> System Restore>> Select turn off
2. Turn off the active virus process in memory, use Task Manager replacement tools, such as Process Explorer, and then turn off the process that has the name mysql.exe and apache.exe
Please download these tools at the following url:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
3. In order for this virus can not be active again should block these files so that can not be executed and registered with the Software Restriction Policies. This feature is only on computers with operating system Windows XP Professional / Windows Server 2003/Windows Vista and Windows Server 2008, by:
- Click the [Start]
- Click the [Run]
- In the RUN dialog box, type the command SECPOL.MSC then click the [OK]
- Having appeared Local Security Settings screen, right-click on Software Restriction Policies menu and click Create New Policies
- At the Software Restriction Policies menu, click Additional Rules
- Right-click on Additional Rules and select New Hash Rule ..., then the screen will display the New Hash Rule
- In the column hash file click the Browse button and navigate to the directory [C:-Windows-system32-apache.exe]
- Then click the [Open]
- In the Security field level select [Disallowed]
- The description field may be in the content or emptied only
- Click the [Apply]
- Click the [Ok]
Note:
If your computer is not installed Windows XP Professional/2003 Server/Vista/2008 passed this step.
4. Remove string registry that has been changed by the virus. To expedite the repair process copy the script below in notepad and then save with the name repair.inf then run the file in a way
- Right-click the file repair.inf
- Click [Install]
[Version]
Signature="$Chicago$"
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software-CLASSES-batfile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-comfile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-exefile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-piffile-shell-open-command,,,"""%1"" %*"
HKLM, Software-CLASSES-regfile-shell-open-command,,,"regedit.exe "%1""
HKLM, Software-CLASSES-scrfile-shell-open-command,,,"""%1"" %*"
HKLM, SOFTWARE-Microsoft-Windows NT-CurrentVersion-Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM-ControlSet001-Control-SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM-ControlSet002-Control-SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM-CurrentControlSet-Control-SafeBoot, AlternateShell,0, "cmd.exe"
HKCU, Software-Microsoft-Windows-CurrentVersion-Policies-Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE-Microsoft-Windows-CurrentVersion-policies-Explorer, NoDriveTypeAutoRun,0x000000ff,255
[del]
HKCU, Software-Microsoft-Windows-CurrentVersion-Run, apache
HKLM, Software-Microsoft-Windows-CurrentVersion-Run, mysql
5. Remove the parent virus files in the directory
- C:-Windows-system32-apache.exe
- C:-Windows-system32-mysql.exe
6. For optimal cleaning and prevent reinfection, install and use anti-virus scan with up-to-date.
You can also use Norman Malware Cleaner, please download these tools at the following address http://www.norman.com/support/support_tools/58732/en-us
Note:
If your computer is infected Deadlock can not boot Windows with the error message NTLDR Is Missing reinstall should do, while for the data that was deleted please your recovery by using recovery software like GetData Back / Easy Recovery / Recovery My Files, but this will not guarantee all data will be saved.
Nice info..thanks,
ReplyDeleteJust dropping by
ReplyDeleteFree Donwload Expert Advisor
Profitable Expert Advisor
Free Forex Education