w32.pitin

W32.Pitin.C removal procedure requires technical know-how on computer troubleshooting. It is better to consult your LAN Administrator or Technical Persons to avoid additional damage on your computer if modifications on Services and Registry have to be done.

HOW TO REMOVE W32.Pitin.C :

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Download Ewido Micro Scanner and save it to your Desktop. Do not scan yet
3. Reboot computer in SafeMode [how to]
4. End malicious Process
- Press Ctlr+Alt+Del
- Click Process tab
- End the process if present: SSCVIHOST.exe, blastclnnn.exe, SCVHOST.exe
5. Delete/Modify any values added to the registry. [how to edit registry]

Navigate to and delete the following entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Yahoo Messengger" = "%System%\SCVHOST.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe SCVHOST.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\"shared" = "\New Folder.exe"

Navigate to and restore the following registry entries to their original values, if required:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

\"DisableRegistryTools"= "1"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

\"DisableTaskMgr"= "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

\"NofolderOptions" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\"AtTaskMaxHours" = "0"

6. Delete the autorun files
- Go to Start > Run, type "cmd"
- At the command prompt, type "cd\", this will bring you to C:\
- Type "attrib" (C:\>attrib), it will display files with attributes. Take note on attribute of autorun.inf. Usually it has SHR.
- Type “attrib -s -h -r C:\autorun.inf”, it will remove System, Hidden and Read-Only attribute
- Type "edit autorun.inf" it will open DOS Editor and display contents as follows

=======================

[autorun]
open=file.exe
shell\Open\Command=file.exe
shell\open\Default=1
shell\Explore\Command=file.exe
shell\Autoplay\command=file.exe

=======================

take note of the file/path that it runs. Ex: open=file.exe where file.exe is the filename of the file that autoruns.
- Exit DOS Editor.
- Back at the command prompt type "attrib -s -h -r file.exe", where file.exe is the file that was called on DOS editor to autorun. Ex: C:\>attrib -s -h -r file.exe. If it is located on different directory include the path. Ex: C:\>attrib -s -h -r c:\Windows\file.exe
- Type "del file.exe". If it is located on different directory include the path.
Ex: C:\>del c:\Windows\file.exe
- Type "del autorun.inf"
- Type "del c:\Windows\system32\setting.ini
- Exit command prompt by typing "exit"

7. Run Disc Cleanup
- Go to Start > All Programs > Accessories >System Tools, click Disc Cleanup
- Check the following: Downloaded Program Files, Temporary Internet Files, Offline Webpage, Recycle Bin and Temporary Files.

8. View hidden files and folders.
- Open Windows Explorer
- Go to Tools > Folder Options
- Go to View Tab
- Mark "Show hidden files and folders"
- Click Apply, then OK
Note: If unable to change the settings, please click here.

9. Update and scan with your installed AntiVirus. Quarantine/Delete infected files

10. Search and delete other files.
- Go to Start > Search
- Find and delete files : SSVICSSHOST.exe, SSCVIHOST.exe, New Folder.exe, SCVHOST.exe and blastclnnn.exe

11. Remove Scheduled Task
- Go to Start > All Programs > Accessories > System Tools, click Scheduled Tasks
- Delete AT1 (C:\Windows\System32\blastclnnn.exe)

12. Scan with Ewido
- Double click the downloaded Ewido_Micro
- It will download Signature Database before scanning
- When update is completed, disconnect computer from Internet (Turn Off Modem or unplug RJ45 jack)
- Click “Start scan” to begin. It may take time for the process to finished
- Click “Remove Infection” to delete infected files.
- Restart computer and do another scan with Ewido

13. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.

sumber : http://www.precisesecurity.com/computer-virus/wptc-may014.htm