Spyware Removal

Remove Usbalex


What is Usbalex and removal instructions

Usbalex is a worm that spreads through floppy disks and mapped network drives. It also creates multiple copies of itself in some local folders and disks. Once executed, the parasite secretly installs itself to the system and starts spreading. Then it attempts to gather some system information and transfer it to its author. Usbalex does not carry any destructive payload. It runs on every Windows startup.

Usbalex manual removal:

Kill processes:
application.exe, csrss.exe, data.exe, documents.exe, folderdata.exe, girls.exe, lsass.exe, msinfo.exe, mstordb0.exe, my cv.exe, my data.exe, my girls.exe, pictures.exe, recycled.exe, regedit.exe, temp.exe, winlogon.exe
Delete registry values:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msinfo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msinfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tempservices
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tempservices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Default=C:\Documents and Settings\[Current User]\csrss.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load=C:\Recycler\lsass.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System=C:\Documents and Settings\[Current User]\csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=%System%\userinit.exe,C:\Documents and Settings\[Current User]\csrss.exe
Delete files:
application.exe, csrss.exe, data.exe, documents.exe, folderdata.exe, girls.exe, lsass.exe, msinfo.exe, mstordb0.exe, my cv.exe, my data.exe, my girls.exe, pictures.exe, recycled.exe, regedit.exe, temp.exe, winlogon.exe, services.reg, tempservices.reg
Misc:
Exact file location:
data.exe - A:
my cv.exe - J:
recycled.exe - D:
application.exe - I:
girls.exe - H:\Images
lsass.exe - C:\Recycler
my girls.exe - E:\Private
pictures.exe - G:\My Picture
msinfo.exe - C:\Recycler\MsInfo
documents.exe - F:\Data Documents
regedit.exe - C:\WINDOWS\System or C:\WINNT\System
mstordb0.exe - C:\Program Files\Microsoft Office\Office11
csrss.exe, winlogon.exe - C:\Documents and Settings\[Current User]
my data.exe - C:\Documents and Settings\[Current User]\My Documents
folderdata.exe, temp.exe, services.reg, tempservices.reg - C:\WINDOWS\Temp or C:\WINNT\Temp

      
Related Spyware Removal

 

 
Previous: Usblog   Next: UrlKiller Trojan
| 1-9 | O | P | Q | R | S | T | U | V | W | X | Y | N | M | L | A | B | C | D | E | F | G | H | I | J | K | Z
Copyright © SpywareDot 2004-2009| Spyware Removal.  All rights reserved.