W32/Mydoom.cf / W32.Dozer Removal


W32.Dozer:

Born in July of 2009, this Worm was seen downloading Malicious threats to the infected computer. People always warn us on not opening the e-mails that is received from an unknown host. But due to curiosity, many of us open such mails and download them. This Trojan downloader spreads the same way. However, it is not much complicated to remove until it downloads further Trojans to your computer. The worm works pretty well on all the platforms of Microsoft Windows and starts by creating a random named file with .nls extension. It also modifies the registry such that a separate process is run with a random name. But just to be sure, the worm also modifies the registry of the Windows Services process so that the worm becomes easy to delete. Here is the removal method of this Trojan downloader.

Manual instructions to remove W32/Mydoom.cf:

  1. As mentioned above, the virus affects the Windows services of your computer. Hence, the system should be started in the safe mode where some of the services are disabled (Click here to know how to enable safe mode).
  2. Go to Start --> Run and type regedit. Now navigate to the following registry points.

     HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\"wmiconf" = "WmiConfig&#" 

  3. Now restore the following registry keys or make sure they don't consist of any content

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiConfig
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiConfig

  4. Close the Registry and return back to Start --> Run and type Services.msc. On the right  side of the window, look for the service with the name " WmiConfig service" and disable it. 
    To do this, just change the startup to manual 

  5. Now go to the following directories and delete the files

    %System%\[RANDOM CHARACTERS].nls
    %System%\wmcfg.exe
    %System%\wmiconf.dll
    %System%\dllcache\npptools.dll
    %System%\drivers\npf.sys
    %System%\npptools.dll
    %System%\Packet.dll
    %System%\WanPacket.dll
    %System%\wpcap.dll

  6. Restart your system in the normal mode and you're free from this worm.
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme