Remove Falsu

What is Falsu and removal instructions

Falsu is a worm that spreads through the Kazaa file sharing network and IRC chat channels using the mIRC client. Once executed, the parasite silently installs itself to the system, modifies Kazaa settings, creates infected files with meaningful names in the Kazaa shared folder and attempts to send itself to IRC users. However, the latter function doesn't work due bugs in Falsu code. The worm is designed only to spread and therefore does not carry any destructive payload. Falsu automatically runs on every Windows startup.

Falsu manual removal:

Kill processes:
commando.exe, my_sister_nude.exe, winexec.exe, winsys.exe, winupdate.exe
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winexec
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\DisableSharing=0
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir0=012345:%Windir%\Shared
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir1=012345:%Windir%\Shared
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir2=012345:%Windir%\Shared
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir3=012345:%Windir%\Shared
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir4=012345:%Windir%\Shared
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir5=012345:C:\
HKEY_CURRENT_USER\Software\KAZAA\ResultsFilter\firewall_filter=0
HKEY_CURRENT_USER\Software\KAZAA\ResultsFilter\virus_filter=0
Delete files:
commando.exe, my_sister_nude.exe, winexec.exe, winsys.exe, winupdate.exe, command.pif, command.scr, srvwin.scr
Delete directories:
C:\Windows\Shared
C:\Winnt\Shared
Misc:
Exact file location:
commando.exe, command.scr - C:
winexec.exe, command.pif, srvwin.scr - C:\Windows or C:\Winnt
winupdate.exe, winsys.exe - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
my_sister_nude.exe - C:\Program Files\mIRC\Download

Related Spyware Removal

Previous: FamilyCam Next: Falling Star

| 1-9 | O | P | Q | R | S | T | U | V | W | X | Y | N | M | L | A | B | C | D | E | F | G | H | I | J | K | Z