[Remove worm sohanat manually]

Do you ever heard about worm sohanat?..
This worm also known as:

-Autoit.G, Autoit.A
– Trojan.Win32.VB.anm
– W32.Yautoit.N
– W32/SillyFDC-G
– W32/Sohanat.BD.worm
– Win32.Worm.Sohanat.AB
– Worm.AutoIt.d
– Worm.Hakaglan.B

Nowadays, majority of the antivirus can detect and delete this worm. But now I want to tell you how to remove this worm manually..

To remove this worm, you can use process explorer such as ibprocman (i will insert the link later) and kill all rvhost.exe processes. After that, delete all these files:

C:\WINDOWS\SYSTEM32\RVHOST.exe
c:\windows\rvhost.exe
%allDrive%\new folder.exe
C:\Windows\Tasks\At1.job

Then change this registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
dlt entry RVHOST.exe at right panel.

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System
“DisableTaskManager” = 1 (change to 0 )
“DisableRegistryTools” = 1 (change to 0 )

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer
“nofolderoptions” = 1 (change to 0)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Schedule
“attaskmaxhours” = 0 (change to 24)

Now you’re done 😀

Advertisements

~ by iFFa on November 4, 2008.

2 Responses to “[Remove worm sohanat manually]”

  1. Thanks for your help i have successfully removed the virus from my system

  2. That’s good for you (^_^)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: