|
|
Remove Durlen |
|
Durlen is a dangerous macro virus that disables Microsoft Word security functions, infects Microsoft Word documents and deletes vital system and software files. Once executed, the parasite installs itself to the system and displays an image with the text "Have a nice day." Then it runs a payload. Durlen turns off Microsoft Word virus protection and deletes all the executable files from the root of the main hard disk and Windows system directories. This corrupts the entire system, prevents it from working properly and loading at computer startup. The virus also deletes some text and spreadsheet documents, images, archives, configuration and web files. It corrupts Microsoft Excel and Microsoft PowerPoint installations. Furthermore, Durlen disables the taskbar, the Windows Firewall, the Registry Editor and the Task Manager. It modifies essential system behavior and security settings, changes mouse options and drops several infected documents. Durlen manual removal:Delete registry values:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr=1 HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall=0 HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall=0 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall=0 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall=bx0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride=1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride=1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify=1 HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security\Level=1 HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Security\Level=1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun=1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose=5 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCloseKey=5 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose=5 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCloseKey=5 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop=3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu=2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind=5 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun=1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSaveSettings=3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders=2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar=2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu=3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop=2 HKEY_CURRENT_USER\Software\Microsoft\Windows\Lendur HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Lendur Delete files: exemple.doc, girls.doc, information.doc, joke.doc, list.doc, music.doc, news.doc Delete directories: C:\My Shared Folders C:\Windows\Application Data C:\Windows\Hzjl C:\Windows\Sgba C:\Windows\Texts C:\Windows\Vnbz
|
|
||||||
Previous: DUT Next: Du Remote PC |
|||||||
| | 1-9 | O | P | Q | R | S | T | U | V | W | X | Y | N | M | L | A | B | C | D | E | F | G | H | I | J | K | Z | |||||||
Copyright ©
SpywareDot 2004-2009| Spyware Removal. All rights reserved. |
|||||||