TR/Disabler.i.50:

Identified as a Trojan in March 2009, Flashy.exe has been creating high damage to several computers these days. The damage caused by this Trojan is not much but still a Trojan is still dangerous to keep. It was seen disabling the Windows security services such as the Windows Firewall and also adds itself to the registry in order to execute itself at every boot-up. It was also seen opening ports in the target's computer and connecting to other servers where they can get the control of most of your applications. It also disables your Registry Editing Tools, Windows Task Manager and doesn't allow the user to view the hidden files and folders. Follow the below mentioned instructions to remove this Trojan.

Manual instructions to remove Flashy.exe:

1. Rebooting your system in safe mode is always recommended before you plan to delete any virus (click here to know how to enable safe mode booting). Don't forget to Disable your System Restore. This is because the Trojan might be saved in your Hard disk drive in the System Restore points and there is a possibility of the Trojan being launched from there (Know how to Disable System Restore here).
2. Lets start by repairing the Registry. If your Registry has been disabled already, click here to know how to get it back. You may also need your Task Manager. This tut will tell you how to enable your Task Manager in case it is also disabled.
3. Open Start --> Run and type Regedit in the box. Once you're inside the Registry, Navigate to the following key
   
   [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   
   On the right-hand side, you'll find a key containing the value "Flashy Bot="%SYSDIR%\Flashy.exe". Delete it or atleast remove the path from it. By doing this, you're disabling it from running at the Windows Start-up.
4. Now goto the following key
   
   [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   
   On the right-hand side, delete the "NoFolderOptions=dword:00000001" key or set it to 0.
5. Now lets get back your Firewall. To do this, goto the following key
   
   [HKLM\SYSTEM\ControlSet001\Services\SharedAccess]
   
   Set the value of the Start Hexadecimal from 4 to 2 or 1.
6. Now navigate to this one
   
   [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   
   On the right-hand side, check whether the value of "HideFileExt" is 00000001 and make sure that "Hidden" DWord is set to 00000001.
   
7. Restart your computer again in the Safe mode and delete the following files
   
   C:\Documents and Settings\User\Start Menu\Programs\Startup\systemID.pif
C:\WINDOWS\System32\Flashy.exe



8. Now you're finally done. Restart your system to enjoy the changes.