How to get rid of _.ex-08.exe Trojan

on Saturday, December 5, 2009

A good friend of mine's computer is infected by _ex-08.exe trojan and asked me to help him remove it from the computer.


About _ex-08.exe  : Technical name Trojan/Dropper/Win-NV
It changes/deletes the wallpaper on your desktop. It can can spread by sending an email containing links to copies of itself, and it is capable of sending out email messages with the built-in SMTP client engine.

Now to delete it


1.   Go to Registry editor and find the following key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

2.  Check for the key named PromoReg and delete it.

3.  Now try deleting the file named _ex-08.exe in your Temp folder under Windows.
If it is not allowing to be deleted you can use a software called unlocker.



4.  Find the following files too and delete them
C:\Documents and Settings\All Users\Application Data\78641329\78641329.exe
C:\Documents and Settings\%username%\Desktop\Security Tool.lnk
C:\Documents and Settings\%username%\Start Menu\Programs\Security Tool.lnk

Please check my following entry for that
http://tricksntipscomputersninternet.blogspot.com/2009/11/delete-any-files-and-folders.html

Hope this will serve the problem.

Kit yourself with a good and updated Antivirus

While I have typed what I know, I request you to key in your knowledge on the subject as comments.
Home


Subscribe via RSS