Virus:W32/Alman.A

Name : Virus:W32/Alman.A
Detection names : Virus.Win32.Alman.a
Category : Malware
Type : Virus
Type : Net-Worm
Platform : W32


Details

Registry Modifications :
Creates these keys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RioDrvs
DisplayName = "RioDrvs Usb Driver"
ImagePath = "system32\Drivers\RioDrvs.sys"

Virus:W32/Alman.A infects all executable files in the system. The virus propagates over a network. It also has rootkit capabilities and is capable of contacting a remote server to forward information about the infected system.

A later variant of this virus, Virus:W32/Alman.B is also in the wild.

Variants of this family may be detected by the Generic Detection, Virus:W32/Alman.gen!A.


Infection

Alman.A infects all .EXE files in the affected system. It appends its code to the target file and sets this as an additional code section. It searches for files to infect in all fixed, shared, and removable drives.

It skips infecting files located in the following directories:

• Local Settings\Temp

• Windows

• WinNT

Execution

Upon execution, this network-propagating virus drops the following files:

• [Windows Directory]\linkinfo.dll - infector component

• [Windows System Directory]\drivers\DKIS6.sys - rootkit component

• [Windows System Directory]\drivers\RioDrvs.sys - rootkit component

The dropped file RioDrvs.sys is registered as a service. The file linkinfo.dll is injected into explorer.exe and is hidden by the rootkit components.

This virus terminates processes with names that match the following strings:
c0nime.exe,cmdbcs.exe, ctmontv.exe,explorer.exe,fuckjacks.exe, iexpl0re.exe,iexplore.exe,internat.exe,logo_1.exe,logo1_.exe, lsass.exe,lying.exe,msdccrt.exe,msvce32.exe,ncscv32.exe,nvscv32.exe, realschd.exe,rpcs.exe,run1132.exe,rundl132.exe,smss.exe,spo0lsv.exe, spoclsv.exe,ssopure.exe,svch0st.exe,svhost32.exe,sxs.exe,sysbmw.exe, sysload3.exe,tempicon.exe,upxdnd.exe,wdfmgr32.exe, wsvbs.exe.

However, the path of the files associated with the above mentioned processes should not contain the following strings:

• \com\

• \program files\

• \system\

• \windows\

• \winnt\

Once the process is terminated, the corresponding file is also deleted.

You Can Download Win32/Alman here : (Download the following two files)
Alman Removal.exe
Alman Removal.nt

You can also specify the disks (or partitions) to heal as a command parameters, e.g.: "rmalman C: D:". If the command is used without parameters, it heals all disks (partitions) on computer.

Note:
Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmalman.nt into the same folder as rmalman.exe. After the healing process please run the AVG Complete Test to make sure your computer is virus-free.

Win32.Tanatos

Win32.Tanatos.M, also detected as Tanatos.M is a harmful worm threat that infects Windows operating system. Generally, Win32.Tanatos.M is installed after clicking on annoying adsin spam e-mail or via pornographic related sites and P2P downloads. After infecting the
computer Tanatos worm will use exploit to disable security and drop harmful Dll and Exe
files into Windows system. The Win32.Tanatos.M worm is a critical security risk!

Aliases / Asociated Infections:
Win32/Tanatos, Win32.Tanatos.k, Win32.Tanatos.l, Win32.Tanatos.b.dam, Win32.Tanatos.b, W32/Bugbear.gen@MM, W32/Bugbear-B, Win32.Tanatos.p, Trojan.PWS.Hooker, I-Worm/Bugbear.G, Win32.HLLM.Bugbear.2, Win32.BugBear.1.Gen@mm, Win32.Tanatos.c,W32.Bugbear@mm, Worm/BugBear.B.dll, Win32.Tanatos.r

Symptoms of Win32.Tanatos.M worm threat:

* Abnormal Tanatos.M malware files running in system task manager, endless tower speaker beep sounds
* Corrupt system files, registry keys and dlls files causing "Blue Screen Of Death"
* Desktop screen saver and background picture hijacked by irritating messages
* Pc flooded with irritating adult related pop-ups, inactivated pop up blocker tool
* Redirected search engine results and Web browser home page
* Especially difficult to delete Tanatos.M manually, repair and reactivate its files after manual erasure
* Decreased Internet bandwidth, sluggish connection and surfing speed

Behaviors of Win32.Tanatos.M:

* Tanatos.M infects Windows system through security holes via e-mail attachments, messenger and freeware programs
* Tracks system activity and registry settings, tracks surfing activity to generate equivalent popup advertisements
* Infects system in stealth mode to bypass antivirus and firewall programs and sends private financial records to outlying hackers

You can Download Tanatos Removal :
Tanatos Removal

This virus removal tool helps you with Win32/Tanatos infection - A, H, I, M variants

If the infected computer is connected to LAN, disconnect it and re-connect only after all other computers have been checked and cleaned.

Download Tanatos Removal.

• Then run the tool for removal of infected files. The tool will automatically scan all available discs and will try to heal the infected files. If an active virus is found in memory, the tool will ask the user to reboot the computer. Healing will be performed during operating system boot-up sequence, so any active virus cannot interfere with the healing process.

• Update you AVG if you have after restart and run a complete test.

Win32.Virut.ce

Virus.Win32.Virut.ce can also block access to security websites by modifying the Windows Hosts file and will inject a malicious iframe on web files such as .HTM, .PHP or .ASP. Virus. Win32.Virut.ce tend to communicate with a server outside the user's computer.

This step-by-step guide can help you completely removeVirus.Win32.Virut.ce.

Step 1: End the relative process toVirus. Win32.Virut.ce with Windows Task Manager.

1 Use the following key combination: press CTRL+ALT+DEL or CTRL+SHIFT+ESC.

2 Click Start button and then go to Run. Type in taskmgr in the open box and press OK.

3 Right-click on the blank area of the Task Bar and then select Windows Task Manager.

Step 2: Download and install the latest version of Malwarebytes' Anti-Malware to your desktop and update it.

Step 3: Open the main interface of Malwarebytes' Anti-Malware and make sure the the Perform full scan option is selected. Then press Scan button .



















Step 4: After the scanning process you will be presented with a dialogue box like below:










Click Yes to go on scanning.

Step 5: After the scan, you should be promoted by a dialogue box saying: The scan completed successfully, click Show Results to display all objects found. Click Yes to proceed.

Step 6: Click Show Results to export the scanning results. Then click Remove Selected to get rid of Virus.Win32.Virut.ce.

Step 7: The scanning results should be displayed in a notepad. Close and then the log will be saved to the logs folder.

Step 8: Then you will be prompted to restart your computer to completely remove Virus.Win32.Virut.ce. Click Yes to allow the reboot.

Step 9: After the reboot, scan again with Malwarebytes' Anti-Malware, after that reboot again to make sure your system clean.

Trojan W32/Virut.CE

Virus.Win32.Virut.ce

Type: Trojan

The infected system will be Very slow, and infected computer Shuts down after a couple of minutes when user logged in with a dialog box showing an Red X mark and countdown timer. This Trojan infects or copies its files to *.dll and *.exe windows\system32 folder and to C, D drives.

Some Known files names for Virus. Win32.Virut.ce are perrdlm.exe, klpllsm.exe and more

This trojan makes Startup Registry entries at
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
“cdmmslpo”=”C:\\WINDOWS\\system32\\klpllsm.exe”
“qaswww”=”C:\\WINDOWS\\system32\\perrdlm.exe”
“shccde”=”C:\\WINDOWS\\system32\\ipismd.exe”

If you delete these files and entries, it will restore again after a system restart, Since virus infected on other files. So it is very hard to remove this trojan manually. So here we can use this removal.

you can Download the following two files removal tools :
rmvirut.exe
rmvirut.nt

run the rmvirut.exe file.


Note:
You can also specify the disks (or partitions) to heal as a command parameters.
e.g.: “rmvirut C: D:”. If the command is used without parameters, it heals all disks (partitions) on computer.

For example you want to scan a folder in d drive, folder name is tools
d:\rmvirut.exe D:\tools
this command is executed from
Start – Run, In the run Command Menu box type Full path including rmvirut.exe with path of folder or drive to scan.
type Command, Press Ok to run ( In vista Confirm Allow to continue)

For Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmvirut.nt into the same folder as rmvirut.exe.

How To Remove Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah Win32/Sality.q

a lot of people visiting us to find about Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah
so we now put a way for how to remove and clean the infected PC from Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah just follow these steps :

1- If you have an anti virus that detected the infected files don’t delete any of infected file because if you did the system will be broken. so you must use an anti virus to clean virus not for delete virus with that files.

2- Go to any clean PC and download an anti virus to clean virus from files. you can use anti virus likes miscrosoft security essentials, kapersky tools, etc...

3- When you finish the download an anti virus put the exe file of anti virus in a compressed file zip file recommended (we put it in compressed file to protect the exe file from getting infected ).

4- Now go back to the infected PC and reboot with the safe mode some viruses disable the safe mode you can download a registry file from ( here ) to fix the safe mode problem.

5- start and scan your computer and clean all virus.

you can download Microsoft Security Essentials:

Microsoft Security Essentials for XP

Microsoft Security Essentials for Vista - 64bit

Microsoft Security Essentials for Vista

you can download Kapersky Removal Tools :

Kapersky removal tools