AlxRes061230.exe Removal

Downloader.MDW:

This backdoor Trojan was detected in November 2008 and is still seen around damaging several systems. As mentioned earlier, it is a Backdoor-Trojan and thus reduces your system's security. This way, it becomes an easy job for hackers to take over your system. However, the damage caused by Downloader.MDW is not much and hence can be easily removed. It may also download several malicious files to your system and save them in the "C:\WINDOWS\System" directory. Like all the other Trojans, this one also creates a registry entry to be sure of being launched at the startup. It also injects itself into several processes that are frequently run by the User. As of now, it was seen affecting only processes like IEXPLORE.exe and Winlogon.exe. It even saves itself in the System Restore points to make itself ready to launch as soon as the clever User tries to Restore the system. But this Trojan can become dangerous if it is kept in your system for longer period. So lets get rid of it immediately.

Manual instructions to remove AlxRes061230.exe:

  1. As told before, the Trojan isn't that damageable. So it doesn't do much modifications. Just to be sure, lets start the system in Safe mode.
  2. The Trojan creates a Registry entry in crucial Windows System processes like the Winlogon.exe. So lets goto Start --> Run and regedit. Navigate to the following Registry key

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    and open the Userinit.exe string on your right-side. It consists of several paths separated with a comma(,). Make sure you delete the paths with name as rundll32.exe and winsys16_061230.dll along with the Start(if you don't find it, then its okay).  Now when you delete a path, remember to remove the C:\WINDOWS\System along with the name of that file.
  3. Phew, that was a long procedure but we are not done yet. Now its time to remove the Trojan from your registry completely. To do that, you'll need to press Ctrl+F and search for the name "winsys16_061230.dll". When you find any Key with that name, don't delete the whole key. Just remove the path. Because you never know, it could turn out to be an important Process.
  4. Now you are almost done. Using the Windows Explorer, goto the "C:\WINDOWS\System" directory and delete the file with the name "AlxRes061230.exe", "scrsys061230.scr" and scrsys16_061230.scr. Make sure you turn on your View hidden files and folders option in the Folder Options of your Explorer.
  5. Its time to take out the trash. Just unregister the following DLLs in the same folder

    %System%\winsys32_061230.dll
    %System%\winsys16_061230.dll

    Click here to know how to Unregister DLLs.

  6. You are done.
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme