|
| How to remove VirusMelt |
|
| Author:VirusMelt Hits: UpdateTime:2009-3-17 16:44:09 |
|
|
For remove VirusMelt virus,please clean/delete all VirusMelt infected files and Delete/Modify any values VirusMelt added to the registry as following:
Behavior
The misleading application must be manually installed.
It displays the following warning of potential threats found:
The program reports false or exaggerated system security threats on the computer.
The risk reports the exaggerated security threats to be any of the following:
- BAT.Looper
- Packed.Win32.PolyCrypt
- SpamTool.Win32.Delf.h
- Trojan-IM.Win32.Faker.a
- Trojan-PSW.BAT.Cunter
- Trojan-PSW.VBS.Half
- Trojan-PSW.Win32.Antigen.a
- Trojan-PSW.Win32.Delf.d
- Trojan-PSW.Win32.Dripper
- Trojan-PSW.Win32.Fantast
- Trojan-PSW.Win32.Hooker
- Trojan-SMS.J2ME.RedBrowser.a
- Trojan-Spy.HTML.Bankfraud.ix
- Trojan-Spy.HTML.Bankfraud.ra
- Trojan-Spy.HTML.Bayfraud.hn
- Trojan-Spy.HTML.Citifraud
- Trojan-Spy.HTML.Paypal.hn
- Trojan-Spy.HTML.Sunfraud.a
- Trojan-Spy.Win32.WMPatch
- Trojan.BAT.AnitV.a
- Virus.BAT.Gray.705
- Virus.BAT.IBBM.ClsV
- Virus.Win32.Faker.a
It displays the user interface containing a system status warning to convince the user to purchase full protection:
The user is then prompted to pay for a full license of the application in order to remove the threats.
It connects to the following location and may download additional files:
[http://]updvms.cn:9666/Instruct[REMOVED]
Installation
When the program is executed, it creates the following files:
- C:\Documents and Settings\All Users\Application Data\System Data\vd952342.bd
- C:\Documents and Settings\All Users\Application Data\System Data\mscfg.ini
Next, the program creates the following registry entries so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Virus Melt" = "[PATH TO EXECUTABLE] /s"
It then creates the following registry subkeys:
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CLASSES_ROOT\[EXECUTABLE FILE NAME].DocHostUIHandler
It also creates the following registry entries:
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\"Default" = "[PATH TO EXECUTABLE]"
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\"Default" = "[EXECUTABLE FILE NAME].DocHostUIHandler"
- HKEY_CLASSES_ROOT\[EXECUTABLE FILE NAME].DocHostUIHandler\"Default" = "Implements DocHostUIHandler"
- HKEY_CLASSES_ROOT\[EXECUTABLE FILE NAME].DocHostUIHandler\Clsid\"Default" = "{3F2BBC05-40DF-11D2-9455-00104BC936FF}"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"CheckExeSignatures" = "no"
- HKEY_\Software\Microsoft\Internet Explorer\Download\"RunInvalidSignatures" = "1"
For successful remove VirusMelt virus,you may also need do as following:
1. Temporarily Disable System Restore .
2. Update the virus definitions. Reboot computer in SafeMode;
3. Delete the IE temp files,some VirusMelt temp file exisit there.
4.If you failed to remove VirusMelt,please go to our remove help forum:http://help.antiviruses123.com
|
| End Of The Article How to remove VirusMelt remove process |
|
Ghost Antivirus
Suspicious.IRCBot
VBS.Runauto.H
PCAntiMalware removal…
Swif AC removal instr…
Kiwee removal instruc…
PcClient ML removal i…
SillyDl HIX removal i…
SillyDl HIK removal i…
Kollah YW removal ins…
Pidief EZ removal ins…
Agent aelg removal in…
SillyDlScript BV remo…
SillyDlScript IA remo…
Objsnapt A removal in…
EXEDropper removal in…
Pidief EU removal ins…
Pidief EV removal ins…
Bancos LOQ removal in…
SillyDl HIZ removal i…
Belash E removal inst…
Keygen for Acronis Pro…
Norton Anti-Virus 2007…
Download Accelerator P…
Scofted F removal ins…
Pidief EW removal ins…
Pidief EY removal ins…
Pidief EX removal ins…
SpywareRemover2009 re…
QuickDownloadPack rem…
Pigeon AZVP removal i…
Pigeon AZVO removal i…
Pigeon AZUX removal i…
Pigeon AZUW removal i…
Pigeon AZUV removal i…
Pigeon AZUU removal i…
Swif AB removal instr…
Cutwail VN removal in…
Vundo BUK removal ins…
Treemz J removal inst…
|
