|
Iretsim is a worm that spreads by copying itself to removable drives. It also attempts to end security-related processes on the compromised computer.
Remove the Worm Using Spyware Doctor!
Sponsored Links:
Free Download Now:
Iretsim Removal:
To remove Iretsim, please follow the instruction:
- Terminate the processes in Task Manager:
Game Kartu.exe
wupdmgr.exe
msgsvc.exe
sol.exe
- Click Start > Run. Type REGSVR32 -u %Dll_name%. Then click OK. Replace %Dll_name% with following:
msvbvm60.dll
- Click Start > Run. Type REGEDIT. Then click OK. Navigate to the subkeys and delete the values:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\"NeverShowExt" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\"InfoTip" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\"TileInfo" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\"EnableRemoteConnect" = "N"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"UpdatesOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer
\"LimitSystemRestoreCheckpointing" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\"DisableMSI" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\"DisableSR" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\"DisableConfig" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\" " = "Screen Saver"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\" " = "Adobe Acrobat Document"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
\HideFileExt\"UncheckedValue" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
\SuperHidden\"UncheckedValue" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\"RegisteredOrganization" = "G04T-70674K412T4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\"RegisteredOwner" = "Kota Gudeg"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "1"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"ShowSuperHidden" = "0"
Registry management is too hard? Download Registry Mechanic, and you will find it too easy!
- Remove the files in Explorer if exist:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Update.lnk
%DriveLetter%\Ketemu_Pocong_Di_Rumah_Sakit.scr
%DriveLetter%\Ketemu_Pocong_Di_Rumah_Sakit.pdf
%DriveLetter%\Kumpulan_Cerita_Sex_Education.scr
%DriveLetter%\Kumpulan_Cerita_Sex_Education.pdf
%DriveLetter%\Kumpulan_Kisah_Kisah_Misteri.scr
%DriveLetter%\Kumpulan_Kisah_Kisah_Misteri.pdf
%DriveLetter%\Misteri_Hilangnya_Pesawat_Adam_Air.scr
%DriveLetter%\Misteri_Hilangnya_Pesawat_Adam_Air.pdf
%DriveLetter%\Games Windows\Ramal Jodoh.pif
%DriveLetter%\Games Windows\Game Kartu.exe
%Windows Dir%\system32\msgsvc.exe
%Windows Dir%\J_06_JA.pdf
%Windows Dir%\msvbvm60.dll
%Windows Dir%\system32\sol.exe
%Program Files%\WindowsUpdate\wupdmgr.exe
%Program Files%\msvbvm60.dll
Spyware Doctor can automatically remove the worm. Even if you remove it manually, we recommend you should use Spyware Doctor to make sure it's completely removed from your system and will not be reinstalled by itself.
More
Removal Instructions for Emerging Adware & Spyware
| 
