Friday, October 19, 2012

Solution Express: How to Get Rid of Virus:Win32/Xorer.X Manually and Effectively?

 General Picture of Virus:Win32/Xorer.X

Win32/Xorer.X is a virus that is so polymorphic that has not only worm capabilities by dropping copies of itself in writable drives but also rookit components that enables it to avoid detection by antivirus program. Virus:Win32/Xorer.X takes slow speed to infect your computer yet it is destructive as it is able to encrypt and then append its virus code to the original file which potentially make it harder to restore the original file. It also runs the archiving program Winrar in an attempt to infect executables located in the archived files. From the above, you can tell that your system based files are simply destroyed. 

With such virus around, you find yourself waiting for a long time to operate your machine since it creates a mutex to ensure that only one copy of itself is running in memory at any given time, drops a batch of files and registries to disable system startup in Safe Mode and Safe Mode with Networking and modify system settings for handling files with the Hidden attribute, which make the deletion more complex. Besides, the files dropped enable Autorun for all drive types, so that if you are unfortunately have you external hard drive or flash drive attached to the infected PC that you don't detect, you are made to fall into its conspirator. What's more, Virus:Win32/Xorer.X may modify stored web pages by adding scripting code so as to download and install arbitrary programs from that website. In such case, to prevent more malware in your machine, please remove it right now! You'll have the clue on deletion with the steps shown below, or you can simply ask for professional help from Tee Support 24/7 online.


Prevention for Future Infections:

 1. Opening email attachments from unknown/untrusted senders
2. Installing pirated software without scanning it first
3. Not having a good firewall and virus protection
4. Putting any personal information (SS#, CC#, etc.) on your computer
5. Allowing anyone under the age of 18 unrestricted/unsupervised access to the internet
6. Send threatening emails or posting threats on your personal web page (Blog)
7. Impersonate another gender while in a chat room or other social networking site
8. Use CC to pay without being sure of the site or if they have a secure server
9. Not updating your virus/firewall protection automatically or manually
10.Posting 10 items when you really only have 5 or 6 that are worth while

 

Explicit Instruction to Tutor You How to Eradicate Virus:Win32/Xorer.X


Step1:Restart your system and get into the safe mode with networking As the computer is booting but before Windows launches, tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to highlight "Safe Mode with Networking" option and press Enter key.

 

Step2:Please stop the processes listed below Press CTRL+ALT+DEL key to open Task Manager

                 
random.exe


Step3:Go to the Registry Editor to delete all related entries listed below Click “Start” menu, hit “Run”, then type “regedit” click “OK”.
           

Related registry keys:

HKLM\SYSTEM\CurrentControlSet\Services\NetApi000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Image File Execution\Options
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects
HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Step4: Delete related files and folders
                
The presence of the following files:
<first hard disk:>\037589.log
<first hard disk:>\pagefile.pif
<first hard disk:>\netapi000.sys
%windir%\system32\dnsq.dll
%windir%\system32\<random numbers>.log
%windir%\system32\com\lsass.exe
%windir%\system32\com\smss.exe
%windir%\system32\com\netcfg.000
%windir%\system32\com\netcfg.dll
<first hard disk:>\037589.log - Virus:Win32/Xorer.X
<first hard disk:>\pagefile.pif - Virus:Win32/Xorer.X
<first hard disk:>\netapi000.sys - Virus:Win32/Xorer.H
%windir%\system32\dnsq.dll - Vius:Win32/Xorer.gen!dll
%windir%\system32\<GetTickCount()>.log - Virus:Win32/Xorer.X
%windir%\system32\com\lsass.exe - Virus:Win32/Xorer.X
%windir%\system32\com\smss.exe - Virus:Win32/Xorer.O
%windir%\system32\com\netcfg.000 - Virus:Win32/Xorer.E
%windir%\system32\com\netcfg.dll - Virus:Win32/Xorer.E


Video Guide on How to Deal with Processes and Registries





Note: instruction above pertains to experienced PC users. Due to its ability to invite other malware, you are very like to be under other PC attack even after the removal of Virus:Win32/Xorer.X. To get help instantly, you’re welcome to start a live chat with Tee Support expert 24/7 available here.

No comments:

Post a Comment