Livestock Virus Ramnit Watermark.exe

Starting from the act of my friends named 'Abol'. While stay at night, he secretly turned on my computer and download some games and his favorite porn video. As a result, he simply download a virus that originally I know named, W32.Ramnit! Html. And it turns out that computer viruses, it turns out there is a relationship with Watermark.exe virus. At first I was angry with his ​​act, but what could I do ..? The viruses infect files .exe, html, dll, etc. And anti-virus my friend, Aji recommend it not functioning properly. As a result, I tried to clean up after herself. After googling a while, I found the tools from pcmedia named 'RamnitKiller' and it's a normal scanner. Even make my computer totally dead. : (

I do not give up and decided to reinstall my computer. After the installation process is quite long, my computer is finally clean again. Although have to sacrifice some files that were deleted. But what happens ..??? watermark.exe virus was still stored in C:\Program Files\Microsoft\ .... WTF. Finally, I was googling again to find other ways to eradicate the virus, and found a solution. Here we go..!!

essentially remove WaterMark.exe then replaced WaterMark.exe folder in C: \ Program Files \ Microsoft \ ...

The steps are:

1. Open Task Manager by right-clicking on the Taskbar

2. On the Processes tab look for Image Name "scvhost.exe" the User Name was not the LOCAL SERVICES, NETWORK SERVICE or SYSTEM, so that run our pc scvhost last name - if you see click the End Process button - let it remain on the Task Manager

3. Start - Run - cmd - Enter

4. Type: cd\ - Enter up to drive to stay C:\

5. Type in: del watermark.exe /a /s - Enter

6. Go to the folder C:\Program Files\Microsoft by typing: cd program files\microsoft - Enter

7. To ensure WaterMark.exe was not in the folder C:\Program Files\Microsoft, type: dir /a

8. WaterMark.exe Create a folder by typing: md WaterMark.exe - Enter

9. Go to the folder C:\Program Files\Microsoft\WaterMark.exe by typing: cd watermark.exe,

10. Make con folder (the folder can not be removed) by typing: md con\\

11. To ensure the existing con folder in the folder C:\Program Files\Microsoft\WaterMark.exe, type: dir /a

12. With the WaterMark.exe folder, the virus does not exist to walk, plus there are con folder in it.

13. Restart Windows - see the folder C:\Program Files\Microsoft\ ... whether it contains WaterMark.exe or WaterMark.exe folder... if I was still in place despite WaterMark.exe folder pc restarted several times, means success for now.

14. Open the Registry Editor, START - RUN, then type "regedit" and press enter.

15. In the Registry editor, Find "Userinit" in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon], drag the scroll bar at the bottom of it... because userinit below.

16. Click 2 times on the "Userinit" it, see its data value "c:\ windows\system32\userinit.exe, c:\program files\microsoft\WaterMark.exe" replace with "c:\windows\system32\userinit.exe "or delete text behind the text.

17. Refresh Registry Editor, and then see if userinitnya changed again or not?

18. If the value data of this userinit means the virus has not changed... WaterMark.exe defunct since been replaced with a folder watermark.exe.

Finally install Deep Freeze... The best solution for personal computer who not connected to the Internet. source

Posted via email from Cyber Storage - Posterous