Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

Removal of W32.Xabot.Worm and wininit32.exe


Removal of W32.Xabot.Worm and wininit32.exe
orkut is sending viruses to your pc. To protect your pc close the windoworkut is infected by jammer worm

W32.Xabot.Worm is a Trojan/Backdoor that attempts to spread itself through the IRC and file-sharing networks. It also has backdoor Trojan Horse capabilities, which allows a hacker to gain control of a compromised computer. The existence of the file wininit32.exe is an indication of a possible infection.

Related Articles


Method of Installation
When executed, the worm copies self to: %System%\wininet32.exe.

It then adds the following keys to the registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysInit = "%System%\wininet32.exe -drivers"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ SysInit = "%Syste
m%\wininet32.exe -drivers"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ SysInit =
"%System%\wininet32.exe -drivers"

to ensure that the worm is executed at each Windows start.

Note: '%System%' is a variable location. The worm determines the location of the current System folder by querying the operating system. The default installation location for the System directory for Windows 2000 and NT is C:\Winnt\System32; for 95,98 and ME is C:\Windows\System; and for XP is C:\Windows\System32.

This worm is also known as:
• Backdoor.IRCBot.gen - named by Kaspersky.
• Win32.Xabot.B - named by Computer Associates.
• Win32/IRCBot.S trojan - named by Eset.

Name : W32.Xabot.Worm
Type : Trojan/Backdoor
Affected : Windows 2000, Windows 95, Windows 98, Windows Me,Windows NT, Windows Server 2003, Windows XP
Risk : Level 2: Low
Discovered : November 9, 2003
Update : February 13, 2007 12:13:35 PM
Wild Level : Low
Number of Infections : 0 - 49
Number of Sites : 0 - 2
Geographical Distribution: Low
Threat Containment : Easy
Removal : Moderate
Threat Assessment : Damage
Damage Level : Medium
Distribution Level : Medium
Writeup By : Robert X Wang


Manual Removal
Open Windows Task Manager, choose Process Tab, find and kill process “Wininit32.exe”.
Search your Hard Disk Partitions for “Wininit32.exe”, if found permanentally delete the file. (Note there is a system file called Wininit.exe, do not delete that file or it make you repair you OS).
Open registry editor and remove the following entries.
Navigate through both HKLM as well as HKCU to find the below mentioned
keys.

Key: Software\Microsoft\Windows\Active Setup\Installed Components\SysInit

Value:StubPath

Key:

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 1

Key:

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value:10

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 11

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 12

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 13

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 14

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 15

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 16

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 17

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 18

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 19

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 2

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 20

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 21

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 22

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 23

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 24

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 25

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 26

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 27

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 28

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 29

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 3

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 4

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 5

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 6

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 7

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 8

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value: 9

Key: Software\Microsoft\Windows\CurrentVersion\RunOnce

Value:SysInit


Close the registry editor and Restart your computer.
Now open your Web browser and open Orkut. Enjoy


This post first appeared on Prince The Prince, please read the originial post: here

Share the post

Removal of W32.Xabot.Worm and wininit32.exe

×

Subscribe to Prince The Prince

Get updates delivered right to your inbox!

Thank you for your subscription

×