twitty.exe removal

W32.Koobface.C:

This one is a Trojan-downloader and a worm that was seen in July of 2009. Was basically created to steal the passwords of social networking sites such as Twitter, Facebook, hi5, etc. This worm enters your computer when you visit certain URLs. The worm also pings to several servers from which it downloads malicious files and sends the passwords of the above mentioned sites. It may inject itself into the Windows processes and update itself regularly. It also creates and modifies many registry keys. The latest updated worm of this kind is capable of breaking the Windows Firewall. It may reside in any place of your "C:WINDOWS" directory. The only clue that we get to find this worm is that it consists of the prefixed name "twitt" with a .exe extension. The person who is responsible for creating this virus gets your password by mail. This worm may also create a file in your temporary folder. Now lets get to its removal. 

Instruction to remove W32.Koobface.C :

  1. The worm is capable of recovering itself from the System restore points. So disable your System restore option(know how to do that here).
  2. Don't forget to reboot in the Safe Mode again. After you're done, go to Start --> Run and type "regedit". Navigate to the following key

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"systwtray" = "%Windir%\twitt[something].exe"

    Delete the key but remember the Windir path.

  3. Just to be sure that the worm is removed from the registry, type Ctrl+F and search for the name of the virus. For example, if you find a virus with the name "%Windir%\twitty34.exe", just type the twitty34.exe in the find box. If you don't find any keys, well and good. If you did, open the key and just remove the path of the virus.
  4. Reboot your system once again. I hope you still remember the path that you saw in the registry. So, using the explorer, navigate to that path and delete the files. Also delete the files with the prefixed name as "twitt" (if you find any). Empty your cache and the Temporary folder. 
  5. Now you're free from the worm. 
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme