Sunday, April 19, 2009

W32.hitapop Virus

How to remove W32.Hitapop virus


It is basically a worm / virus also called hitapop virus/worm. It embeds itself with the userinit action at the startup of the computer and runs certain malicious code as soon as a user logs into the system. This causes downloading of virus like contents and damages to computer software

Follow the procedure below:
1. Go to Start > Run, type regedit in the in the Run dialogue box and press enter. This will open the registry editor. To be able to open registry editor you need to have administrator rights, if you don’t have administrator rights, see this post. Even then if the registry editor is not opening,
2. Once you have opened the Registry editor, navigate to the location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. At this path there is a key called userinit. The key is usually set to a value which tells what is to be executed at every time a user logs in. If your computer is infected with some virus, then the value should be something like “Userinit” = “C:\WINDOWS\System32\userinit.exe,rundll32.exe %System%\winsys16_[RANDOM DIGITS].dll start” Note down the above [RANDOM DIGITS] on a piece of paper, we will use it in step 8 to remove virus files.
4. Change it to a value “Userinit” = “C:\WINDOWS\System32\userinit.exe“
5. Exit Registry editor.
6. Go to Start > Run , type cmd and press enter, this will open a command prompt window.
7. On command prompt, type ” attrib -s -r -h c:\windows\system32\winsys16_[RANDOM DIGITS].dll” and press enter. Note that this random number is the number you get in step 3 above.
8.Now type Type “Del c:\windows\system32\winsys16_[RANDOM DIGITS].dll” and press enter. This is also the same random number as in step 3.

1 comment: