Scribd Logo
Upload

Welcome to Scribd!

  • 115 views

    Unit 4 Lab 4

    Uploaded by

    Rafael
    This document provides instructions for removing three different types of malware from a Windows computer: Win32/DH, Trojan Horse Dropper.Generic C, and Trojan Horse Hider. For each, it lists the steps to take in safe mode including ending related processes, deleting files, and removing registry entries associated with the malware. Common steps include disconnecting from the internet, restarting in safe mode, deleting files from the Windows and Temp folders, and removing registry keys associated with automatic startup or disabling security features.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Unit 4 Lab 4

    Uploaded by

    Rafael
    115 views3 pages
    This document provides instructions for removing three different types of malware from a Windows computer: Win32/DH, Trojan Horse Dropper.Generic C, and Trojan Horse Hider. For each, it lists the steps to take in safe mode including ending related processes, deleting files, and removing registry entries associated with the malware. Common steps include disconnecting from the internet, restarting in safe mode, deleting files from the Windows and Temp folders, and removing registry keys associated with automatic startup or disabling security features.

    Original Description:

    Unit 4 Lab 4

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides instructions for removing three different types of malware from a Windows computer: Win32/DH, Trojan Horse Dropper.Generic C, and Trojan Horse Hider. For each, it lists the steps to take in safe mode including ending related processes, deleting files, and removing registry entries associated with the malware. Common steps include disconnecting from the internet, restarting in safe mode, deleting files from the Windows and Temp folders, and removing registry keys associated with automatic startup or disabling security features.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    115 views3 pages

    Unit 4 Lab 4

    Uploaded by

    Rafael
    This document provides instructions for removing three different types of malware from a Windows computer: Win32/DH, Trojan Horse Dropper.Generic C, and Trojan Horse Hider. For each, it lists the steps to take in safe mode including ending related processes, deleting files, and removing registry entries associated with the malware. Common steps include disconnecting from the internet, restarting in safe mode, deleting files from the Windows and Temp folders, and removing registry keys associated with automatic startup or disabling security features.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 3

    Rafael Torres (14696110)

    IS3340
    July 16, 2015
    Unit 4 Lab 4.2 Identify and Remove Malware and Malicious Software on a Microsoft
    Workstation

    Win32/DH {eR4UTxVzG3U}
    Win/DH is malicious software that once it is executed has the capability of replicating itself
    and infects other files and programs. This type of malware, called Viruses, can steal hard disk
    space and memory that slows down or completely halts your PC. It can also corrupt or delete
    data, erase your hard drive, steal personal information, hijack your screen and spam your
    contacts to spread itself to other users.
    1. To recover offline from infection by TrojanDownloader:Win32/Delf.DH, follow these
    steps:
    2. Disconnect from the Internet.
    3. Restart your computer in safe mode.
    4. End the Trojan process.
    5. Delete the Trojan file.
    6. Remove the footprint of the malicious software all.exe that is downloaded to the
    Windows system folder by TrojanDownloader:Win32/Delf.DH.
    7. Restart your computer.
    Trojan horse Dropper Generic_C

    Rafael Torres (14696110)


    IS3340
    July 16, 2015
    Trojan Horse Dropper.Generic C is determined as a highly dangerous Trojan which can be
    detected by AVG. Users always acquire this Trojan by visiting infected websites. On local
    networked computers, the Trojan will spread by infecting files on shared folders and drives. It
    may also spread through USB drives and other unsafe external devices.
    To remove this virus:
    1. Reboot your computer to safe mode with networking. As your computer restarts but
    before Windows launches, tap F8 key constantly.
    2. Show hidden files and folders.
    a. Open Folder Options by clicking the Start button, clicking Control Panel,
    clicking Appearance and Personalization, and then clicking Folder Options.
    Click the View tab.
    Under Advanced settings, click Show hidden files and folders, uncheck Hide
    protected operating system files (Recommended) and then click OK.
    3. Open Registry entries. Find out the malicious files and entries and then delete all.
    a. a. Press the Start button and then choose the option Run. In the Open
    field, type regedit and click the OK button.
    b. All malicious files and registry entries that should be deleted:
    %System%\drivers\[RANDOM CHARACTERS].sys
    %Temp%\[random]
    C:\WINDOWS\system32\[random name].dll
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Poli
    cies\Explorer NoDesktop = 1?
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Poli
    cies\System DisableTaskMgr = 1?
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ru
    n [random].exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
    on\policies\Explorer\run\random
    Trojan horse Hider
    Hider is a malicious application that allows hackers to remotely access your computer
    system letting them modify files, steal personal information and install more unwanted
    software. These kinds of threats, called Trojan horse, must be sent to you by someone or
    carried by another program. They may also arrive thanks to unwanted downloads on infected
    websites or installed with online games or other internet-driven applications.
    To remove this virus:
    1. Reboot your infected computer and keep pressing F8 key on your keyboard. Use
    the arrow keys to highlight Safe Mode with Networking and press E/Enter;

    Rafael Torres (14696110)


    IS3340
    July 16, 2015
    2. Open Control Panel from Start menu and go to Folder Options;
    3. Under View tab to tick Show hidden files and folders and non-tick Hide protected
    operating system files (Recommended) then click OK;
    4. Press Windows+R keys to open the Run window and type regedit to open
    Registry Editor;
    5. Find out and delete all these associating files as below:
    %Windows%\system32\[Trojan Horse HiderOMK].exe
    %AppData%\Protector-.exe
    %Documents and Settings%\[UserName]\Application Data\[random]
    %AllUsersProfile%\Application Data\.dll
    %AllUsersProfile%\Application Data\.exe(Trojan Horse Hider.OMK)
    6. Find out and remove all these associating registry entries:
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Regedit32
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
    Run Inspector
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
    Settings net
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentV
    ersion\Run [random].exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Shell = [Trojan Horse HiderOMK].exe
    7. Restart the computer to normal mode when the above steps are done.

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy