- Before anything else, please do not download this tool from any other sites than stated by the download links here in my blog.
- Secondly, please re-check CRC, MD5 and SHA-1 signature after downloading before proceeding any further.
- Thirdly, autorun edition has been pulled back due to my laziness of updating them.
This Removal Tool is designed for Windows XP Professional 32-bit only.
It (probably) will not work in Windows XP Home Edition and 64-bit version of Windows XP.
List of malwares that this tool will remove :
1. infrom.exe
2. ccPrxy.exe
3. RVHOST.exe
4. RVHIOST.exe
5. PFW.exe
6. PET32.exe
7. svohost.exe
8. new folder.exe
9. my pictures.exe
10. my music.exe
11. svcihost.exe
12. nhatquanglan9.exe
13. ssvichosst.exe
14. SKCVHOST.exe
15. SKCVHOSTr.exe
16. commamd.exe
17. lsasa.exe
18. RavMon.exe
19. RavMonE.exe
20. VBS:Solow (Variant A,B,D)
21. Flash.10.exe, JambanMu, MSN.msn (Trixcu.A Variant)
22. UPSI_1.exe, New Folder(1).exe (Silly FD-C)
23. cologsver.exe, KB915865.EXE (SillyFDC-BN)
24. Autorun.* (Virus.Win32.Small.K)
25. debug_32.exe, New_Folder.exe, compmgmt.exe, dmadmin_1.exe
26. My_Heart.exe, Bro_Act.exe, My_Sexy.exe
27. kavo.exe, p3r1ud.exe
28. 8ot8y86.exe, MicrosoftPowerPoint.exe
29. `.vbe, `.vbs (VBS:Autorun)
30. vt6e.cmd
31. uuhgt.bat, bqk.bat, lhwdcgcb.bat
32. Flash.10.Setup.exe, faizal.js, virusmawar.js
33. izwan.js, mawar.js (partition/usb drive scanner)
34. bha.vbs.dll (partition/usb drive scanner)
35. xiao.vbs
36. ckvo.exe, ckvo0.dll
37. g2pfnid.com
38. nncu6kk.com (partition/usb drive scanner)
39. FlashGuard.exe, DriveGuard.exe
40. W32.Ircbrute
41. Brontok.A (loadpoint only)
42. Gaelicum (loadpoint and processes)
43. password_viewer.exe (safe mode only)
44. 68.exe, b.exe, 2fiji.cmd, 08dgu.com (partition/usb drive scanner)
45. Bitkv0.dll
46. winse32.exe, xlk9.com, 9.cmd, pnt.com (partition/usb drive scanner)
47. QQgame.exe
48. m.exe, RECYCLER\lasass.exe (partition/usb drive scanner only)
49. RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe (partition/usb drive scanner only)
50. sdc.bat, ntdeIect.com (partition/usb drive scanner only)
51. system32\feaeadabedbd.dll
52. RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe
53. linkinfo.dll
54. System32\drivers\nvmini.sys
55. System32\drivers\IsDrv118.sys
56. %SystemDrive%\boot.exe
57. RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
58. System32\olhrwef.exe
59. System32\drivers\klif.sys
60. System32\nmdfgds0.dll (usb/partition drive scanner only)
61. cv22.cmd, 2FIW.bat, upw.bat (usb/partition drive scanner only)
62. e2.cmd, 1ogf.exe, rbj9jn1n.bat (usb/partition drive scanner only)
63. boyedt.com, hkn6k.bat, 2a.exe, q9.cmd, vwewav8.com (usb/partition drive scanner only)
64. n68mqcra.exe (usb/partition drive scanner only)
This tool will restore the following registry edit to enable the following access :
Task Manager, Command Prompt, Regedit, Find, Folder Options, File Menu, Run command, Start Menu Context, Windows Hotkey Assignation.
This tool will change the following registry edit :
Show Hidden Files = False
Show File Extension = True
Hide Super Hidden Files = True
This tool will restore :
Internet Explorer Window Title
Internet Explorer Start Page
MLRT : 11
Updated : 08th June 2009 New !
Download : here
CRC : 703c1b62
MD5 : 4386e46ca88b7a7b27f6bd12575a2f15
SHA1 : b065602d0e25b28fdd03e6318b2f270dfaac51cb
Important : This version introduces a number of physical updates. For starters, your explorer.exe will be terminated upon running this version and will be automatically brought back when scans finished. Also, the 5-6 seconds delay upon starting this removal tool stays as it is. So just wait patiently as it started on its own.
MLRT : 10k
Updated : 06th January 2009
Download : here
CRC : 92556C07
MD5: 6aab8edb9c7124ae842fbff518b8d85b
SHA1: 3296c470fec4857c05c590143788b2b661a8f335
Info : This version requires additional user interaction. After using this tool, it is advisable that user to manually delete all suspicious-looking *.exe file in My Documents, created by some stubborn malware. For example, My Music.exe or My Pictures.exe that camouflage using a folder icon apart being an exe files. The actual folders is already being hidden by the malware. To retrieve back your folders, use the Clear-h-s.bat tool below. Lastly, please make sure you scan all your HDD partitions using the built-in HDD Partition Scanner supplied by the current version of MLRT. Just input the drive letter and let the tool do its magic.
More : Start from version 10k, the tool will start with delay of 5-6 seconds. There's a reason to it. Apparently some new malware can detect the absence of my tool and eventually terminate command prompt window that my program used to detect and delete malware loadpoints.
To overcome at issue, I have made a relatively small delay before the program run. This delay contains special code to overwrite small part of the registry value that would make my tool kill the command prompt terminator from running. After that, my tool will start and then scan the loadpoints as it designed to be.
Extras 1 : clear-h-s.bat
Release Date : 10th September 2007
Download : here
CRC : 14286450
Info :
This little tool will unhide and clear system attribute from each files and subfolders that reside on the current folder you put this tool into. Before using this tool, please make sure you know what you're doing. This tool is not for beginners. To use, extract the downloaded zip file into the folder that you want to perform the task.
Extras 2 : enablecontrolpanel.reg
Release Date : 11th September 2007
Download : here
CRC : 484191C9
Info :
This reg file will re-enables Control Panel access. Please restart Windows after finished applying this reg file to the registry in order to see the effect.
Extras 3 : enablecmd.reg
Release Date : 09th November 2007
Download : here
CRC : 31B63066
Info :
This reg file will re-enables command prompt.
Issues :
For best results, please run this tool ON ALL user accounts.
Bezicto :
Feel free to ask me anything.
This removal tool is not a scanning tool, it basically find the loadpoints of the malware and removes it. The tool doesn't compare and evaluate anything when removing. Whenever the file name of the malware matches the internal coding, the tool will removes it. Please use it with caution in mind.
Disclaimer :
I'll not be liable for any damage and loss of data caused in connection with the use of this utility. Use at your own risks. For your attention, this utility has proven safe in working environment of Windows XP Service Pack 2/Service Pack 3 (32-bit). Please check the CRC and MD5 after downloading to make sure that you're downloading the real tool.
