I've moved

I've moved to another hosting. Click here.
I will no longer post updates in this account.
Please update your bookmark.
Future version of MLRT will be published and released on that site.


Thursday, August 06, 2009

BezictoSoft Malwares Loadpoint Removal Tool

  1. Before anything else, please do not download this tool from any other sites than stated by the download links here in my blog.
  2. Secondly, please re-check CRC, MD5 and SHA-1 signature after downloading before proceeding any further.
  3. Thirdly, autorun edition has been pulled back due to my laziness of updating them.
  4. Apparently, there have been some isolated issue if your Windows partition is not the commonly used C: drive. If so, please email me your Windows partition drive letter and i will make a special version and email them to you.
This Removal Tool is designed for Windows XP Professional 32-bit only.
It (probably) will not work in Windows XP Home Edition and 64-bit version of Windows XP.
List of malwares that this tool will remove :

1. infrom.exe
2. ccPrxy.exe
3. RVHOST.exe
4. RVHIOST.exe
5. PFW.exe
6. PET32.exe
7. svohost.exe
8. new folder.exe
9. my pictures.exe
10. my music.exe
11. svcihost.exe
12. nhatquanglan9.exe
13. ssvichosst.exe
14. SKCVHOST.exe
15. SKCVHOSTr.exe
16. commamd.exe
17. lsasa.exe
18. RavMon.exe
19. RavMonE.exe
20. VBS:Solow (Variant A,B,D)
21. Flash.10.exe, JambanMu, MSN.msn (Trixcu.A Variant)
22. UPSI_1.exe, New Folder(1).exe (Silly FD-C)
23. cologsver.exe, KB915865.EXE (SillyFDC-BN)
24. Autorun.* (Virus.Win32.Small.K)
25. debug_32.exe, New_Folder.exe, compmgmt.exe, dmadmin_1.exe
26. My_Heart.exe, Bro_Act.exe, My_Sexy.exe
27. kavo.exe, p3r1ud.exe
28. 8ot8y86.exe, MicrosoftPowerPoint.exe
29. `.vbe, `.vbs (VBS:Autorun)
30. vt6e.cmd
31. uuhgt.bat, bqk.bat, lhwdcgcb.bat
32. Flash.10.Setup.exe, faizal.js, virusmawar.js
33. izwan.js, mawar.js (partition/usb drive scanner)
34. bha.vbs.dll (partition/usb drive scanner)
35. xiao.vbs
36. ckvo.exe, ckvo0.dll
37. g2pfnid.com
38. nncu6kk.com (partition/usb drive scanner)
39. FlashGuard.exe, DriveGuard.exe
40. W32.Ircbrute
41. Brontok.A (loadpoint only)
42. Gaelicum (loadpoint and processes)
43. password_viewer.exe (safe mode only)
44. 68.exe, b.exe, 2fiji.cmd, 08dgu.com (partition/usb drive scanner)
45. Bitkv0.dll
46. winse32.exe, xlk9.com, 9.cmd, pnt.com (partition/usb drive scanner)
47. QQgame.exe
48. m.exe, RECYCLER\lasass.exe (partition/usb drive scanner only)
49. RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe (partition/usb drive scanner only)
50. sdc.bat, ntdeIect.com (partition/usb drive scanner only)
51. system32\feaeadabedbd.dll
52. RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe
53. linkinfo.dll
54. System32\drivers\nvmini.sys
55. System32\drivers\IsDrv118.sys
56. %SystemDrive%\boot.exe
57. RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
58. System32\olhrwef.exe
59. System32\drivers\klif.sys
60. System32\nmdfgds0.dll (usb/partition drive scanner only)
61. cv22.cmd, 2FIW.bat, upw.bat (usb/partition drive scanner only)
62. e2.cmd, 1ogf.exe, rbj9jn1n.bat (usb/partition drive scanner only)
63. boyedt.com, hkn6k.bat, 2a.exe, q9.cmd, vwewav8.com (usb/partition drive scanner only)
64. n68mqcra.exe (usb/partition drive scanner only)
65. Flashy.exe

This tool will restore the following registry edit to enable the following access :
Task Manager, Command Prompt, Regedit, Find, Folder Options, File Menu, Run command, Start Menu Context, Windows Hotkey Assignation.

This tool will change the following registry edit :
Show Hidden Files = False
Show File Extension = True
Hide Super Hidden Files = True

This tool will restore :
Internet Explorer Window Title
Internet Explorer Start Page

MLRT : 11 RSv3
Updated : 20th August 2009 New !
Download : via skydrive
CRC : ede3b739
MD5 : 3123cdb22b1dbcb838af05343fbcae3a
SHA1 : eedc8bdd004afc124139ce03c0f3cda56c0d64b4

Important :
This version of MLRT introduces a number of physical updates. For starters, your explorer.exe will be terminated upon running MLRT and will be automatically brought back when scans finished (some icons on your tray icon might not be visible, do re-run the corresponding apps). Also, there will be a 5-6 seconds delay upon starting this removal tool. So just wait patiently as it started on its own. There's a reason to it. Apparently some new malware can detect the absence of my tool and eventually terminate command prompt window that my program used to detect and delete malware loadpoints. To overcome at issue, I have made a relatively small delay before the program run. This delay contains special code to overwrite small part of the registry value that would make my tool kill the command prompt terminator from running. After that, my tool will start and then scan the loadpoints as it designed to be.

After using this tool, it is advisable that user to manually delete all suspicious-looking *.exe file in My Documents, created by some stubborn malware. For example, My Music.exe or My Pictures.exe that camouflage using a folder icon apart being an exe files. The actual folders is already being hidden by the malware. To retrieve back your folders, use the Clear-h-s.bat tool below. Lastly, please make sure you scan all your HDD partitions using the built-in HDD Partition Scanner supplied by the current version of MLRT. Just input the drive letter and let the tool do its magic.


Extras 1 : clearhs.bat
Release Date : 15th January 2010
Download : via skydrive
CRC : 43765B7B
MD5 : fc49565cc8af77f9da69444b959d786b
Info :
This little tool will unhide and clear system attribute from each files and subfolders that reside on the current folder you put this tool into. Before using this tool, please make sure you know what you're doing. This tool is not for beginners. To use, extract the downloaded zip file into the folder that you want to perform the task.
Tested on : Windows XP, Vista and 7 machines.

Extras 2 : enablecontrolpanel.reg
Release Date : 11th September 2007
Download : here
CRC : 484191C9
Info :
This reg file will re-enables Control Panel access. Please restart Windows after finished applying this reg file to the registry in order to see the effect.
Tested on : Windows XP

Extras 3 : enablecmd.reg
Release Date : 09th November 2007
Download : here
CRC : 31B63066
Info :
This reg file will re-enables command prompt.
Tested on : Windows XP

Issues :
For best results, please run this tool ON ALL user accounts.

Bezicto :
Feel free to ask me anything.
This removal tool is not a scanning tool, it basically find the loadpoints of the malware and removes it. The tool doesn't compare and evaluate anything when removing. Whenever the file name of the malware matches the internal coding, the tool will removes it. Please use it with caution in mind.

Disclaimer :
I'll not be liable for any damage and loss of data caused in connection with the use of this utility. Use at your own risks. For your attention, this utility has proven safe in working environment of Windows XP Service Pack 2/Service Pack 3 (32-bit). Please check the CRC and MD5 after downloading to make sure that you're downloading the real tool.