How to remove W32/Small.KI

How to remove W32/Small.KI

Method how to remove W32/Small.KI.: 1.Disconnect the computer from the network (better in "safe mode"). 2.If used windows ME/XP, turn off (system restore) in the process of the cleaning. 3.Turn off the process from this virus. You could use Task Manager, turn off 2 processes from this virus that is: update.Exe and winzip.Exe. 4.Removed regsitry key that was changed by the virus. a. ScanRegistry = "scanregw.exe /scan" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b. change string ShowSuperHidden dengan value 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explo rer\Advanced c. change string WebView with value 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explo rer\Advanced d. change string FullPatch with value 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explo rer\Cabinet State e.change string UNCAsIntranet with value 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Inter netSettings\ZoneMap 5.Remove File who made by the virus. * WINZIP_TMP.exe * C: * Rundll16.exe [hidden file] dan WINZIP_TMP.exe * C:\Windows * scanregw.exe [hidden file], update.exe [hidden file], winzip.exe [hidden file] dan sample.Zip * C:\Windows\System32 * Temp.htt [hidden file] dan WinZip_Tmp.exe [hidden file] * C:\Document and settings * C:\Documents and Settings\Administrator * C:\Documents and Settings\Administrator\Start Menu * C:\Documents and Settings\Administrator\Start Menu\Programs\, * C:\Documents and Settings\Administrator\Start Menu\Programs\Startup * C:\Documents and Settings\All Users\Start Menu * C:\Documents and Settings\All Users\Start Menu\Programs * C:\Documents and Settings\All Users\Start Menu\Programs\Startup 6.Removed also file that was made to each folder that in-share with the characteristics: * Icon Concealed [icon Winzip] * fils size 94 KB * Ekstension EXE * Type file "Application" 7.For the cleaning more optimal useantivirus with latest update. 8.Really was suggested to install "antivirus for mail server" (if you had mail server).