|
|
Remove Xitram |
|
Xitram is an Internet worm that spreads by e-mail through messages with infected attachments. It also propagates by copying itself to local drives and removable media. Once executed, the parasite secretly installs itself to the system and runs a spreading routine. It sends bogus e-mails to addresses gathered from local web (.HTM) files. Xitram does not carry any destructive payload. It runs on every Windows startup. Xitram manual removal:Kill processes:nice sex.exe, recycled.exe, reply.exe, spoolsv.exe, 911.exe Delete registry values: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Task=C:\Documents and Settings\[Current User]\spoolsv.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Task=C:\Documents and Settings\[Current User]\spoolsv.exe HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe=%Windir%\matrix.scr Delete files: nice sex.exe, recycled.exe, reply.exe, spoolsv.exe, 911.exe, matrix.scr Delete directories: E:\Secret F:\Fuck G:\911 Death H:\VDO I:\Data Fair Misc: The reply.exe file arrives attached to Xitram e-mail messages. Exact file location: 911.exe - G:\911 Death matrix.scr - C:\WINDOWS or C:\WINNT recycled.exe - A:, E:, F:, G:, H:, I:, J: spoolsv.exe - C:\Documents and Settings\[Current User] nice sex.exe - E:\Secret, F:\Fuck, H:\VDO, I:\Data Fair, J: reply.exe - C:\Documents and Settings\[Current User]\Local Settings\Temp
|
|
||||||
Previous: XLocator Next: Xiro Trojan |
|||||||
| | 1-9 | O | P | Q | R | S | T | U | V | W | X | Y | N | M | L | A | B | C | D | E | F | G | H | I | J | K | Z | |||||||
Copyright ©
SpywareDot 2004-2009| Spyware Removal. All rights reserved. |
|||||||