| Vcmgcd32.dll, pctsTray.exe seems corrupt removal process |
|
| Author:admin CopyFrom:azkaban.vbs Hits: UpdateTime:2008-3-24 12:18:58 |
1.DownloadGoogle recommend safer browser Web browser, For more safe , Stay Secure on the Web and stay far away virus,Download URL http://www.oral8.net/firefox/firefox.htm
2. Temporarily Disable System Restore (Windows Me/XP).
3. Update the virus definitions. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all Vcmgcd32.dll, pctsTray.exe seems corrupt infected files and Delete/Modify any values added to the registry.
Navigate to the subkey and delete the valuesas following:
Vcmgcd32.dll is not a valid windows image, pctsTray.exe seems corrupt
O4 - HKLM\..\Policies\Explorer\Run: [N3588c] "C:\WINDOWS\_default22962.pif"
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKCU\..\Policies\Explorer\Run: [f3444Adm] "C:\Documents and Settings\Administrator\Local Settings\Application Data\dv6211500x\yesbron.com"
O4 - HKUS\S-1-5-18\..\Run: [y3114SYS] "C:\WINDOWS\system32\n8127\sv711917030r.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [y3114SYS] "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [y3114SYS] "C:\WINDOWS\system32\n8127\sv711917030r.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [y3114SYS] "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'Default user')
5. Exit registry editor .
6.delete the IE temp files or you may download ATF temp files cleaner to run a full cleaning.and restart the computer.
8. Now you may remove Vcmgcd32.dll, pctsTray.exe seems corrupt successfully.
Download DrWebCureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
to your desktop.
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
O4 - HKLM\..\Policies\Explorer\Run: [N3588c] "C:\WINDOWS\_default22962.pif"
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKCU\..\Policies\Explorer\Run: [f3444Adm] "C:\Documents and Settings\Administrator\Local Settings\Application Data\dv6211500x\yesbron.com"
O4 - HKUS\S-1-5-18\..\Run: [y3114SYS] "C:\WINDOWS\system32\n8127\sv711917030r.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [y3114SYS] "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [y3114SYS] "C:\WINDOWS\system32\n8127\sv711917030r.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [y3114SYS] "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'Default user')
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
Reboot to Safe mode
Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
Open Folder Options in Controlpanel >view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Delete:
Files:
C:\WINDOWS\_default22962.pif
C:\Documents and Settings\Administrator\Local Settings\Application Data\dv6211500x\yesbron.com
C:\WINDOWS\system32\n8127\sv711917030r.exe
Folders:
C:\heap41a
Doubleclick the "drweb-cureit.exe" and click "Start" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the Options->Change settings.
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Rename
Click – Apply - OK
Click on Scan Tab. Move dot from Express scan to Complete Scan. Click on The Green arrow to the right. It will now scan your drive(s), say yes to all
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
|
| howtoremoveInputer:admin Editor:admin |
| End Of The Article how to remove Vcmgcd32.dll, pctsTray.exe seems corrupt |
|
Back 个howtoremove:VBS Malware
Next 个howtoremove: trojan Win32:OnLineGames-BRE |
