Come sbarazzarsi del Worm Cripta di Troia

May 22

Come sbarazzarsi del Worm Cripta di Troia


trojan Cripta è il nome generico per virus trojan con Cripta come parte del nome. Questi Trojan sono in grado di connettersi a Internet e il download di programmi dannosi per conto proprio. Lo spyware scaricato può rubare le tue informazioni private sensibili e assistere nel furto di identità. Cripta è anche un Trojan backdoor, il che significa che permette il collegamento remoto al computer da parte di hacker. Ciò può portare a informazioni rubate, e-mail non autorizzati inviati dal tua casella di posta e danni al computer. Rimuovere Cripta immediatamente se rilevato.

istruzione

Terminare i processi di sistema

1 Premere il \ "Ctrl, \" \ \ tasti "Esc \" allo stesso tempo "Shift \" e per avviare il Task Manager di Windows.

2 Clicca sulle \ "Processi \" scheda, premere il tasto \ "Ctrl \" e selezionare \ "wtemp32.exe \" e \ "\" new.exe processi di sistema.

3 Fare clic sul pulsante \ "Termina processo \" e chiudere il Task Manager.

Eliminare le voci del Registro di sistema

4 Vai al menu "Start \" \ e cliccare su \ "Esegui. \"

5 Digitare \ "regedit \" e cliccare su \ "OK \" per avviare l'editor del Registro.

6 Individuare ed eliminare le seguenti voci di registro:

HKEY_CLASSES_ROOT \ SymantecFilterCheck
HKEY_CLASSES_ROOT \ CLSID \ {E3C1BC70-1607-43BD-A055-ACB4BF8DBA88}
HKEY_CLASSES_ROOT \ NewBopoMediumPop.PopBopo
HKEY_CLASSES_ROOT \ NexiAdPopup.DILogc
HKEY_CLASSES_ROOT \ NexiAdPopup.DILogc.1
HKEY_CLASSES_ROOT \ NexkAdPopup.DKLogc
HKEY_CLASSES_ROOT \ NexkAdPopup.DKLogc.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{E3C1BC70-1607-43BD-A055-ACB4BF8DBA88}
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ skyxpserver
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ lixrfy
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Abel
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ enqueue
HKEY_CLASSES_ROOT \ CLSID \ {75EA2845-EAD5-486E-A339-59FED49289A6}
HKEY_CLASSES_ROOT \ CLSID \ {C80F2C34-B4A7-4F23-A99e-D55DB29DC30D}
HKEY_CLASSES_ROOT \ Interface \ {3C563030-29AA-496A-85F9-2A91F3A7D203}
HKEY_CLASSES_ROOT \ TypeLib \ {9B74BBC9-9516-4C06-9A9B-4594386F429D}
HKEY_LOCAL_MACHINE \ SOFTWARE Microsoft \ 60c2551e \
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notifica \ pmnnNfCV
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ undzg
HKEY_CLASSES_ROOT \ CLSID \ {3229DFCD-3EAF-4712-ED45-4876FEDC170C}
HKEY_CLASSES_ROOT \ CLSID \ {1CBD78E7-DEF4-49F2-9B35-33130D278FFe}
HKEY_CLASSES_ROOT \ CLSID \ {3440A80C-343C-47A9-A316-D2421DE313E1}
HKEY_CLASSES_ROOT \ CLSID \ {52B1DFC7-AAFC-4362-B103-868B0683C697}
HKEY_CLASSES_ROOT \ CLSID \ {a04c370e-0f0a-4cc0-a898-145d19cb5136}
HKEY_CLASSES_ROOT \ CLSID \ {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}
HKEY_CLASSES_ROOT \ CLSID \ {e5c5fe36-0f5a-4368-9a77-be6f882a915e}
HKEY_CLASSES_ROOT \ MSEvents.MSEvents
HKEY_CLASSES_ROOT \ MSEvents.MSEvents.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CBD78E7-DEF4-49F2-9B35-33130D278FFe}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3440A80C-343C-47A9-A316-D2421DE313E1}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52B1DFC7-AAFC-4362-B103-868B0683C697}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a04c370e-0f0a-4cc0-a898-145d19cb5136}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF46BFB3-2ACC-441B-B82B-36B9562C7FF1}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C5FE36-0F5A-4368-9A77-BE6F882A915E}
HKEY_LOCAL_MACHINE \ SOFTWARE Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ gebcy \
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notifica \ geedc
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {1CBD78E7-DEF4-49F2-9B35-33130D278FFe}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {3440A80C-343C-47A9-A316-D2421DE313E1}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {52B1DFC7-AAFC-4362-B103-868B0683C697}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {a04c370e-0f0a-4cc0-a898-145d19cb5136}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {e5c5fe36-0f5a-4368-9a77-be6f882a915e}
HKEY_CLASSES_ROOT \ CLSID \ {bfbc1a78-cddd-1672-876e-324d6c4686e9}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notifica \ c007C212
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notifica \ c00E2400
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ __ c00F26F
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run Microsoft Updates wtemp32.exe
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices Microsoft Updates wtemp32.exe
HKCU \ Software \ Microsoft \ OLE Microsoft Updates wtemp32.exe
HKLM \ SOFTWARE \ Microsoft \ Ole EnableDCOMN
HKLM \ SYSTEM \ CurrentControlSet \ Control \ Lsa restrictanonymous 1
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run@^cfmpgzwd.exe
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ WindowsUpdateManager
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ WindowsUpdateManager
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ 3572

7 Ripetere lo stesso per:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@^SymantecFilterCheck^=^C:\WINDOWS\system32\svhost.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@^C:\WINDOWS\system32\svhost.exe
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ foobar2000 \ Components \ foo_ui_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Il KMPlayer \ Plugins \ gen_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Il KMPlayer \ Plugins \ vis_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Yiqilai \ Temp \ foo_ui_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Yiqilai \ Temp \ gen_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager @ ^ PendingFileRenameOperations ^ = ^ \ ?? \ C: \ Program Files \ Yiqilai \ Temp \ vis_yqllyrics.dll
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ SvcHost @ ^ lixrfy
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run @ ^ vittoria aggior
HKEY_CURRENT_USER \ Software Microsoft \ Windows \ CurrentVersion \ Run biblioteca modulo \ @ ^ Framework
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion biblioteca modulo \ Run @ ^ Framework
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ livemgr
HKEY_CLASSES_ROOT \ PROTOCOLLI \ Filtro \ text / html @ ^ CLSID ^ = ^ {75EA2845-EAD5-486E-A339-59FED49289A6}
HKEY_CURRENT_USER \ Software \ Microsoft @ ^ WinID
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion@^dmdai.exe
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ MMVA
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ SysDriver32
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ Esegui di Windows Servizio
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ \ VIE2.exe
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce @ ^ Sistema
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce @ ^ Sistema Run
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce @ ^ Aggiornamento del sistema
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ 360rpt.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ 360safe.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ 360safebox.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ 360tray.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ ANTIARP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ ArSwp.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Ast.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ immagine File Execution Options \ AutoRun.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ immagine File Execution Options \ AutoRunKiller.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ AvMonitor.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ AVP.COM@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ AVP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ CCenter.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe

8 Rimuovere queste voci:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Frameworkservice.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ GFUpd.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ GuardField.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ HijackThis.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ IceSword.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ immagine File Execution Options \ Iparmor.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ immagine File Execution Options \ KASARP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ immagine File Execution Options \ kav32.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ immagine File Execution Options \ KAVPFW.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ immagine File Execution Options \ kavstart.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ kissvc.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ immagine File Execution Options \ kmailmon.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ KPfwSvc.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ KRegEx.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ KVMonxp.KXP@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ KVSrvXP.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ KVWSC.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ kwatch.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Mmsk.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Navapsvc.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ nod32krn.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Nod32kui.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ immagine File Execution Options \ PFW.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ QQDoctor.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ RAV.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ RavMon.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ RavMonD.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe

9 Infine, eliminare queste voci:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Ravservice.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ RavStub.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ RavTask.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ RAVTRAY.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Regedit.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ rfwmain.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ rfwProxy.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ rfwsrv.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Rfwstub.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ RsAgent.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Rsaupd.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ RsMain.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ rsnetsvr.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ RSTray.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Runiep.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ immagine File Execution Options \ safeboxTray.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ ScanFrm.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ SREngLdr.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ TrojanDetector.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ Trojanwall.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ TrojDie.KXP@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ VPC32.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ VPTRAY.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ WOPTILITIES.EXE@^debugger ^ = ^ C: \ WINDOWS \ system32 \ dllcache \ spoolsv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@^moffice^=^C:\WINDOWS\system32\moffice.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ MSMGS
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ \ VIE2.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@^C:\WINDOWS\system32\ivhokbkp.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@^C:\WINDOWS\system32\xaekaxdb.exe
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ Redist32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@^WinDir^=^{bfbc1a78-cddd-1672-876e-324d6c4686e9}
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run @ ^ u3y5uhnu
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run@^A00FCDEFF8.exe

10 Chiudere l'editor del Registro.

Cancella file

11 Fare clic sul pulsante Start e quindi fare clic su \ "ricerca \".

12 Controllare il "Tutti i file e le cartelle \" opzione \ e selezionare il disco rigido dal menu a discesa.

13 Tipo \ "w32myztic-f.vxe \" e premere il tasto \ "Enter. \" Elimina tutti i risultati della ricerca e ripetere per \ "install_cong1.exe, \" \ "install_conga1.exe, \" \ "new.exe, \ "\" install_conga1.exe, \ "\" install_cong1.exe \ "e \" wtemp32.exe. \ "

14 Riavvia il tuo computer.

Consigli e avvertenze

  • La rimozione manuale del trojan Cripta è destinato agli utenti più esperti. Se non si ha familiarità con impegno questo compito, cliccare sul \ "removal scaricare Crypt strumento \" link sul sito di riferimento, salvare il file sul disco rigido e quindi eseguire per rimuovere tutte le tracce di trojan Cripta.
  • Elimina solo le voci di registro riportate e niente altro per evitare danni al computer.