Spyware Removal

Remove Autosky


What is Autosky and removal instructions

Autosky is a worm that spreads through removable media and shared drives. The parasite also hides all the folders it finds and creates executable copies of itself with names of hidden folders. It disables Task Manager and Registry Editor, modifies some system settings and terminates certain system tools. The worm may also delete disk image files. Autosky secretly runs on every Windows startup.

Autosky manual removal:

Kill processes:
explore.exe, explorer.exe, skynet.exe, svchoist.exe, svchost.exe
Delete registry values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dll link
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winnt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dll link
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\graphics
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell="%Windir%\explorer.exe %System%\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit="%System%\userinit.exe, C:\Documents and Settings\[Current User]\Application Data\explore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr=1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayItemsDisplay=1
Delete files:
explore.exe, explorer.exe, skynet.exe, svchoist.exe, svchost.exe, winnt.com, _default.pif
Misc:
Exact file location:
svchoist.exe, _default.pif - C:\WINDOWS or C:\WINNT
explorer.exe - C:\WINDOWS\System32 or C:\WINNT\System32
svchost.exe - C:\Documents and Settings\[Current User]\Favorites
explore.exe - C:\Documents and Settings\[Current User]\Application Data
winnt.com - C:\Documents and Settings\[Current User]\Application Data\Microsoft
skynet.exe - C:\Program Files; C:\Program Files\Common Files; C:\Documents and Settings\All Users; C:\Documents and Settings\[Current User]; removable media and shared drives

      
Related Spyware Removal

 

 
Previous: AutoStartup   Next: AutoSearch
| 1-9 | O | P | Q | R | S | T | U | V | W | X | Y | N | M | L | A | B | C | D | E | F | G | H | I | J | K | Z
Copyright © SpywareDot 2004-2009| Spyware Removal.  All rights reserved.