uvla.exe, fdq072.exe
Last Updated on Tuesday, 07 August 2012 19:18 Sunday, 05 December 2010 08:09
The file names uvla.exe, fdq072.exe have appeared in an virus analysis report. You can see it
Symantec has a free removal tool for this virus. You can download it from this link.
- The installer is identified as a virus named W32.Virut.
- It modifies a lot of windows program files, you can see the list in the report below.
%CommonDocuments%\Server\admin.txt
%CommonDocuments%\Server\hlp.dat
C:\Windows\Temp\fdq072.exe
C:\Windows\Temp\uvla.exe
%Templates%\memory.tmp
C:\Windows\Temp\ebn0q.log
C:\Windows\Temp\explorer.dat
C:\Windows\Temp\winlogon.dat
%Temp%\5xb5y8f33.bat
%Temp%\ebn0q.log
%Temp%\fdq072.exe
%Temp%\tlztmw3rr.bat
%Temp%\uvla.exe
Folders
C:\System Volume Information\.
C:\System Volume Information\..
%CommonDocuments%\Server
It stops following services -
"Application Layer Gateway Service",
"Windows Firewall/Internet Connection Sharing (ICS)",
"Security Center".
There may be more files created by this virus program. You can find them out. First locate and note down the "date of creation" of any of the files mentioned above, and after that, search the hard disk for other files created on that date or onward. See image
Necessary steps required to remove this virus program
- To start the services that are stopped by the virus program
- To remove processes created by the virus program from the Task Manager
- To search and delete files created by the virus program from the hard disk. Enable to view "hidden files and folders" before you search. Otherwise files created by the virus program inside the hidden folders will not be found
- To remove obsolete registry keys using CCleaner
Detailed instructions and free Tools
Preventive steps to avoid virus programs
Reprinted with permission from Threatexpert.com
Vocabulary of the technical terms used in this article
| < Prev | Next > |
|---|
