{"id":1159,"date":"2013-07-30T03:37:30","date_gmt":"2013-07-30T08:37:30","guid":{"rendered":"http:\/\/swildow.darktech.org\/wp\/?p=1159"},"modified":"2013-07-30T03:37:30","modified_gmt":"2013-07-30T08:37:30","slug":"fbi-virus-manual-removal","status":"publish","type":"post","link":"http:\/\/www.wildow.com\/blog\/?p=1159","title":{"rendered":"FBI virus manual removal:"},"content":{"rendered":"<h3>FBI virus manual removal:<\/h3>\n<div>\n<div>\n<div><a href=\"http:\/\/www.2-spyware.com\/news\/ask-a-question\"><img decoding=\"async\" alt=\"forum\" src=\"http:\/\/www.2-spyware.com\/styles\/forum_dark.png\" \/>ASK US:<br \/>\n<\/a><a href=\"http:\/\/www.2-spyware.com\/news\/ask-a-question\">Submit question<\/a>\u00a0about FBI virus<\/div>\n<div><a href=\"http:\/\/www.2-spyware.com\/remove-fbi-virus.html\">http:\/\/www.2-spyware.com\/remove-fbi-virus.html<\/a><\/div>\n<div><!--more--><\/div>\n<\/div>\n<\/div>\n<p>Kill processes:<br \/>\ntpl_0_c.exe<br \/>\nch810.exe<br \/>\n0_0u_l.exe<br \/>\n[random].exe<br \/>\njork_0_typ_col.exe<br \/>\nvsdsrv32.exe<br \/>\nProtector-[rnd].exe<br \/>\nInspector-[rnd].exe<\/p>\n<div><a href=\"http:\/\/www.2-spyware.com\/articles\/tutorials\/91.html\"><img decoding=\"async\" alt=\"help\" src=\"http:\/\/www.2-spyware.com\/styles\/help.gif\" \/>HELP:<br \/>\nhow to kill malicious processes<\/a><\/div>\n<p>Delete registry values:<br \/>\nHKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\[random].exe<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\FBI Moneypak Virus<br \/>\nHKEY_CURRENT_USER \\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System \u2018DisableRegistryTools\u2019 = 0<br \/>\nHKEY_LOCAL_MACHINE \\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system \u2018EnableLUA\u2019 = 0<br \/>\nHKEY_CURRENT_USER \\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings \u2018WarnOnHTTPSToHTTPRedirect\u2019 = 0<br \/>\nHKEY_CURRENT_USER \\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System \u2018DisableRegedit\u2019= 0<br \/>\nHKEY_CURRENT_USER\\Software\\FBI Moneypak Virus<br \/>\nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run \u2018Inspector\u2019<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\FBI Moneypak Virus<br \/>\nHKEY_CURRENT_USER \\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System \u2018DisableTaskMgr\u2019 = 0<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\protector.exe<br \/>\nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Inspector %AppData%\\Protector-[rnd].exe<br \/>\nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnHTTPSToHTTPRedirect 0<br \/>\nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings\\ID 4<br \/>\nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings\\UID [rnd]<br \/>\nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings\\net [date of installation]<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system\\ConsentPromptBehaviorAdmin 0<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system\\ConsentPromptBehaviorUser 0<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system\\EnableLUA 0<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AAWTray.exe<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AAWTray.exe\\Debugger svchost.exe<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVCare.exe<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVCare.exe\\Debugger svchost.exe<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVENGINE.EXE<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVENGINE.EXE\\Debugger svchost.exe<br \/>\nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System \u201cDisableRegistryTools\u201d = 0<br \/>\nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System \u201cDisableTaskMgr\u201d = 0<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system \u201cConsentPromptBehaviorAdmin\u201d = 0<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system \u201cConsentPromptBehaviorUser\u201d = 0<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system \u201cEnableLUA\u201d = 0<\/p>\n<div><a href=\"http:\/\/www.2-spyware.com\/articles\/security\/46.html\"><img decoding=\"async\" alt=\"help\" src=\"http:\/\/www.2-spyware.com\/styles\/help.gif\" \/>HELP:<br \/>\nhow to remove registry entries<\/a><\/div>\n<p>Unregister DLLs:<br \/>\nwpbt0.dll<\/p>\n<div><a href=\"http:\/\/www.2-spyware.com\/articles\/security\/54.html\"><img decoding=\"async\" alt=\"help\" src=\"http:\/\/www.2-spyware.com\/styles\/help.gif\" \/>HELP:<br \/>\nhow to unregister malicious DLLs<\/a><\/div>\n<p>Delete files:<br \/>\n%Program Files%\\FBI Moneypak Virus<br \/>\n%AppData%\\Protector-[rnd].exe<br \/>\n%AppData%\\Inspector-[rnd].exe<br \/>\n%AppData%\\vsdsrv32.exe<br \/>\n%AppData%\\result.db<br \/>\n%AppData%\\jork_0_typ_col.exe<br \/>\n%appdata%\\[random].exe<br \/>\n%Windows%\\system32\\[random].exe<br \/>\n%Documents and Settings%\\[UserName]\\Application Data\\[random].exe<br \/>\n%Documents and Settings%\\[UserName]\\Desktop\\[random].lnk<br \/>\n%Documents and Settings%\\All Users\\Application Data\\FBI Moneypak Virus<br \/>\n%CommonStartMenu%\\Programs\\FBI Moneypak Virus.lnk<br \/>\n%Temp%\\0_0u_l.exe<br \/>\n%Temp%\\[random].exe<br \/>\n%StartupFolder%\\wpbt0.dll<br \/>\n%StartupFolder%\\ctfmon.lnk<br \/>\n%StartupFolder%\\ch810.exe<br \/>\n%UserProfile%\\Desktop\\FBI Moneypak Virus.lnk<br \/>\nWARNING.txt<br \/>\nV.class<br \/>\ncconf.txt.enc<br \/>\ntpl_0_c.exe<\/p>\n<div><a href=\"http:\/\/www.2-spyware.com\/articles\/tutorials\/91.html\"><img decoding=\"async\" alt=\"help\" src=\"http:\/\/www.2-spyware.com\/styles\/help.gif\" \/>HELP:<br \/>\nhow to remove harmful files<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>FBI virus manual removal: ASK US: Submit question\u00a0about FBI virus http:\/\/www.2-spyware.com\/remove-fbi-virus.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1159"}],"collection":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1159"}],"version-history":[{"count":2,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1159\/revisions"}],"predecessor-version":[{"id":1161,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1159\/revisions\/1161"}],"wp:attachment":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1159"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}