“Here You Are” is the latest E-Mail Threat circulating around the internet in recent times. The subject of the Email will be "Here Yor Are". Effectively, the way it tricks to infect you, it appear to link be a link to PDF, but in reality, is an executable file. Once infected, then worm will automatically send email to your entire contact list and infect more systems.
Mr. Vasim Memon, working as technical guy in India has created a batch file that will solve this problem. This file will automatically perform some cleanup task in all affected areas and will make you feel happy; here is link to download the batch file.
And incase if you want to experiment and want to remove the worm mannually, here are the steps you need to follow. All The Best!
First of all kill below process: –
- %windows%\system\updates.exe
- %windows%\csrss.exe
- %windows%\ff.exe
- %windows%\gc.exe
- %windows%\hst.iq
- %windows%\ie.exe
- %windows%\im.exe
- %windows%\op.exe
- %windows%\pspv.exe
- %windows%\rd.exe
- %windows%\re.exe
- %windows%\re.iq
- %windows%\tryme1.exe
- %windows%\vb.vbs
- %system%\SendEmail.dll
Note: How to find the processes that are currently running. And If you want delete any running process, Press Ctrl+Alt+Del The Same Time and click on taskbar - Processes.
And then delete below registry entries: –
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options0hoeav.com
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsw.com
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6.bat
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6fnlpetp.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6×8be16.cmd
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BIOSREad.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BdSurvey.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CaVCmd.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CavaUd.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cavapp.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2cmd.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2free.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2service.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2upd.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aNtIaRP.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aNtS.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aPVxdWIN.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aVCONSOL.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aVENGINE.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aVP32.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aVPCC.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aVPM.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\abk.bat
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adobe Gamma Loader.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\algsrvs.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\algssl.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\angry.bat
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antihost.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apu-0607g.xml
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apu.stt
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arSwp.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashdisp.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswBoot.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoRun.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoRunKiller.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.bin
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.ini
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.reg
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.txt
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.wsh
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorunsc.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avMonitor.ExE
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastSS.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgamsvr.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgas.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avginet.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscan.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupsvc.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltd.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avzkrnl.dll
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bad1.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bad2.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bad3.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caiss.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caissdt.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\catcache.dat
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cauninst.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavasm.ExE
And restore the following registry keys back to their defaults
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
- EnableLUA=dword:00000000 to EnableLUA=dword:00000001
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- Shell= Explorer.exe %windows%\csrss.exe to Shell=Explorer.exe
No doubt, you have to do lot of manual work. This file will automatically perform some cleanup task in all affected areas and will make you feel happy; here is the link to download the batch file.
1 comments:
Write commentsI really like your blog.. very nice colors & theme.
ReplyDid you create this website yourself or did you
hire someone to do it for you? Plz reply as I'm looking to create my own blog and would
like to know where u got this from. kudos
Feel free to visit my website; bill bohack