Uvehia.exe [Trojan/Virus] Removal
Avira: TR/Dldr.Renos.DV
Uvehia.exe was detected by the Avira antivirus as a Trojan during the time of January 2011. Trojans don't usually corrupt your files but instead, they try to steal information like your personal accounts or passwords and thus may be dangerous in the other way. And like most of its kind, this one is also capable of affecting a computer having the new Windows 7 installed in it. In other words, it can run on all windows platforms, thus increasing its advantage.
The most frequent ways of this Trojan entering a computer is when the user visits malicious sites or by downloading files from mails sent by an unknown person. These mails usually consist of an attractive body and subject opening which the Trojan gets downloaded to the computer. There are chances of this Trojan entering a computer by being downloaded by another Trojan that is already there in the system. Most of the times, these downloaded files are saved in the temporary folder of the computer. So make sure its empty before following these download instructions.
When executed, this Trojan launches a process that modifies the Internet and the Security settings from the Registry. This way, it tries to bypass the restrictions of the Firewall. It also opens up one of the computer's ports, thus allowing itself to connect to malicious sites from which further viruses are downloaded. In most cases, these files are downloaded and executed from the temporary folder.
When you install an antivirus, it usually deletes the files related to the virus but some registry keys are left untouched. Due to this, an error appears at every startup or when you try launching a particular application. This virus modifies the registry keys assigned to the Internet settings and the Firewall. So error messages might crop up until you undo the changes done to these registry keys from the instructions given below. If you're finding trouble doing so, you might as well google for Registry cleaner or Hijackthis. These files are really good when you want to get rid of system errors.
Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.
What is Uvehia.exe?
Uvehia.exe was detected by the Avira antivirus as a Trojan during the time of January 2011. Trojans don't usually corrupt your files but instead, they try to steal information like your personal accounts or passwords and thus may be dangerous in the other way. And like most of its kind, this one is also capable of affecting a computer having the new Windows 7 installed in it. In other words, it can run on all windows platforms, thus increasing its advantage.
How did Uvehia.exe virus enter my system?
The most frequent ways of this Trojan entering a computer is when the user visits malicious sites or by downloading files from mails sent by an unknown person. These mails usually consist of an attractive body and subject opening which the Trojan gets downloaded to the computer. There are chances of this Trojan entering a computer by being downloaded by another Trojan that is already there in the system. Most of the times, these downloaded files are saved in the temporary folder of the computer. So make sure its empty before following these download instructions.
What does Uvehia.exe virus do?
When executed, this Trojan launches a process that modifies the Internet and the Security settings from the Registry. This way, it tries to bypass the restrictions of the Firewall. It also opens up one of the computer's ports, thus allowing itself to connect to malicious sites from which further viruses are downloaded. In most cases, these files are downloaded and executed from the temporary folder.
Why am I getting Uvehia.exe error?
When you install an antivirus, it usually deletes the files related to the virus but some registry keys are left untouched. Due to this, an error appears at every startup or when you try launching a particular application. This virus modifies the registry keys assigned to the Internet settings and the Firewall. So error messages might crop up until you undo the changes done to these registry keys from the instructions given below. If you're finding trouble doing so, you might as well google for Registry cleaner or Hijackthis. These files are really good when you want to get rid of system errors.
Instructions to remove Uvehia.exe:
- Always reboot your system in the Safe Mode before you try messing with a virus. If you're finding it difficult to do this, click here.
- Go to Start --> Run and type
regeditto open the Registry Editor. We're about to undo all the changes that the virus had done to your computer. Now go to the following locations and make sure these keys are the same in your registry.
HKey_Current_Users\Software\Microsoft\Internet Explorer\Main
Open the keyDisable Script Debuggeron the right side and change the value to No.
The Trojan also changes your internet settings. So you'll have to change them back to the following. To do this, go to
HKey_Current_Users\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
On your right, look for the key "1601" and change the value to 0. Make sure its value is 0 in all the zones except the 4th one. The default setting for zone 4 is 1. So change it back if you find any differences.
The Trojan also lowers the security settings from the Internet Explorer. So you'll have to edit this to get your security features back to work. So go to
HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
When you're there, look for the following keys on the right side, double-click them and change their values to the ones shown below:
• "ProxyBypass"=dword:00000001
• "IntranetName"=dword:00000001
• "UNCAsIntranet"=dword:00000001
HKey_Current_User\Software\[random character string]
This string cannot be predicted since it is randomly generated. So you'll have to identify it and delete it yourself. Just make sure you find a string that has a meaningless name. When you're sure of a key, delete the complete key from the left side itself. It consists of the following subkeys on the right when you click on it.
• "%four-digit random character string%"=dword:%hex values%
• "%four-digit random character string%"=dword:%hex values%
• "%four-digit random character string%"=dword:%hex values%
• "%four-digit random character string%"=%random character string%
• "%four-digit random character string%"=dword:%hex values%
• "%four-digit random character string%"=dword:00000001
• "%five-digit random character string%"=dword:00000001
• "%four-digit random character string%"=%random character string%
- Reboot your system again(in the Safe Mode) once again for the changes to take place. Now its time to manually delete the virus from the system. Go to Start --> Run and type
cmdto open the Command Prompt. Typecd %windir%to go to the Windows directory. Now type the following commands one after another to remove the virus.
• attrib -r -a -s -h Uvehia.exe
• del Uvehia.exe
• cd Tasks
Here, the virus creates a randomly lettered class name using which it executes its malicious code at every startup. So by typingdir /w/a, find out whichever job file is useless to you and delete them using the delete command like you had done before. - Restart your computer in the normal mode and you'll find the Trojan gone.
Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.