This is script worm that affects only Windows operating systems. It spreads itself on removable storage devices such as diskettes, CDs, USB Flash Drives and the like and installs itself on the Registry, thus affecting the system and it will continually display this error:
Windows - No Disk Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c
As it turns out, his computer had a virus, quite a new one, which is called IMGKULOT, or VBS/Capiz-A.
Here are the following steps to remove it manually.
1. Open Windows Task Manager by presssing Ctrl-Alt-Del and clicking on the Task Manager button on the dialog box that appears.
2. In the Processes tab, locate wscript.exe. If you can’t see it, try clicking on the “Show processes from all users” checkbox.
3. Highlight wscript.exe, and click on the “End Process” button.
4. Highlight explorer.exe and click on the “End process” button as well.
5. In the Task Manager menu, select File->New Task (Run…), type “cmd” on the Create New Task dialog box, and click on the OK button. This will open a command prompt window.
6. Go to C:\WINDOWS\System32 by typing “cd C:\WINDOWS\System32″ in the command prompt.
7. Delete all “imgkulot” files that appear on that directory by typing “del imgkulot.* /f /s /q /a”
8. Delete all “autorun” files in your root directory by typing “del c:\autorun.* /f /s /q /a”
9. If your hard disk have several partitions, apply #8 to the other drives as well.
10. The files of the virus has already been removed at this point. However, there is still a registry entry (modified by the virus) that needs to be restored. To open the Registry Editor, in the Task Manager menu, select File->New Task (Run…), type “regedit” on the Create New Task dialog box, and click on the OK button.
Go to the the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
11. The following key and value pair should appear. If not, please modify as is: “Userinit”=”C:\WINDOWS\system32\userinit.exe,”
12. Restart your computer.
The worm should be completely removed by now, however, some of your removable drives may be affected as well, so be careful with what you plug in to your computer. Alwasy disable autorun feature and do a scan on your removable drives, and also, format it often.
imagina_boy@linuxmail.org is behind this worm.
Hope you can make it.
Windows - No Disk Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c
As it turns out, his computer had a virus, quite a new one, which is called IMGKULOT, or VBS/Capiz-A.
Here are the following steps to remove it manually.
1. Open Windows Task Manager by presssing Ctrl-Alt-Del and clicking on the Task Manager button on the dialog box that appears.
2. In the Processes tab, locate wscript.exe. If you can’t see it, try clicking on the “Show processes from all users” checkbox.
3. Highlight wscript.exe, and click on the “End Process” button.
4. Highlight explorer.exe and click on the “End process” button as well.
5. In the Task Manager menu, select File->New Task (Run…), type “cmd” on the Create New Task dialog box, and click on the OK button. This will open a command prompt window.
6. Go to C:\WINDOWS\System32 by typing “cd C:\WINDOWS\System32″ in the command prompt.
7. Delete all “imgkulot” files that appear on that directory by typing “del imgkulot.* /f /s /q /a”
8. Delete all “autorun” files in your root directory by typing “del c:\autorun.* /f /s /q /a”
9. If your hard disk have several partitions, apply #8 to the other drives as well.
10. The files of the virus has already been removed at this point. However, there is still a registry entry (modified by the virus) that needs to be restored. To open the Registry Editor, in the Task Manager menu, select File->New Task (Run…), type “regedit” on the Create New Task dialog box, and click on the OK button.
Go to the the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
11. The following key and value pair should appear. If not, please modify as is: “Userinit”=”C:\WINDOWS\system32\userinit.exe,”
12. Restart your computer.
The worm should be completely removed by now, however, some of your removable drives may be affected as well, so be careful with what you plug in to your computer. Alwasy disable autorun feature and do a scan on your removable drives, and also, format it often.
imagina_boy@linuxmail.org is behind this worm.
Hope you can make it.
No comments:
Post a Comment