I've moved

*****************************
I've moved to another hosting. Click here.
I will no longer post updates in this account.
Please update your bookmark.
Future version of MLRT will be published and released on that site.
Thanks.

***********************************************

Thursday, August 06, 2009

BezictoSoft Malwares Loadpoint Removal Tool

  1. Before anything else, please do not download this tool from any other sites than stated by the download links here in my blog.
  2. Secondly, please re-check CRC, MD5 and SHA-1 signature after downloading before proceeding any further.
  3. Thirdly, autorun edition has been pulled back due to my laziness of updating them.
  4. Apparently, there have been some isolated issue if your Windows partition is not the commonly used C: drive. If so, please email me your Windows partition drive letter and i will make a special version and email them to you.
This Removal Tool is designed for Windows XP Professional 32-bit only.
It (probably) will not work in Windows XP Home Edition and 64-bit version of Windows XP.
List of malwares that this tool will remove :

1. infrom.exe
2. ccPrxy.exe
3. RVHOST.exe
4. RVHIOST.exe
5. PFW.exe
6. PET32.exe
7. svohost.exe
8. new folder.exe
9. my pictures.exe
10. my music.exe
11. svcihost.exe
12. nhatquanglan9.exe
13. ssvichosst.exe
14. SKCVHOST.exe
15. SKCVHOSTr.exe
16. commamd.exe
17. lsasa.exe
18. RavMon.exe
19. RavMonE.exe
20. VBS:Solow (Variant A,B,D)
21. Flash.10.exe, JambanMu, MSN.msn (Trixcu.A Variant)
22. UPSI_1.exe, New Folder(1).exe (Silly FD-C)
23. cologsver.exe, KB915865.EXE (SillyFDC-BN)
24. Autorun.* (Virus.Win32.Small.K)
25. debug_32.exe, New_Folder.exe, compmgmt.exe, dmadmin_1.exe
26. My_Heart.exe, Bro_Act.exe, My_Sexy.exe
27. kavo.exe, p3r1ud.exe
28. 8ot8y86.exe, MicrosoftPowerPoint.exe
29. `.vbe, `.vbs (VBS:Autorun)
30. vt6e.cmd
31. uuhgt.bat, bqk.bat, lhwdcgcb.bat
32. Flash.10.Setup.exe, faizal.js, virusmawar.js
33. izwan.js, mawar.js (partition/usb drive scanner)
34. bha.vbs.dll (partition/usb drive scanner)
35. xiao.vbs
36. ckvo.exe, ckvo0.dll
37. g2pfnid.com
38. nncu6kk.com (partition/usb drive scanner)
39. FlashGuard.exe, DriveGuard.exe
40. W32.Ircbrute
41. Brontok.A (loadpoint only)
42. Gaelicum (loadpoint and processes)
43. password_viewer.exe (safe mode only)
44. 68.exe, b.exe, 2fiji.cmd, 08dgu.com (partition/usb drive scanner)
45. Bitkv0.dll
46. winse32.exe, xlk9.com, 9.cmd, pnt.com (partition/usb drive scanner)
47. QQgame.exe
48. m.exe, RECYCLER\lasass.exe (partition/usb drive scanner only)
49. RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe (partition/usb drive scanner only)
50. sdc.bat, ntdeIect.com (partition/usb drive scanner only)
51. system32\feaeadabedbd.dll
52. RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe
53. linkinfo.dll
54. System32\drivers\nvmini.sys
55. System32\drivers\IsDrv118.sys
56. %SystemDrive%\boot.exe
57. RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
58. System32\olhrwef.exe
59. System32\drivers\klif.sys
60. System32\nmdfgds0.dll (usb/partition drive scanner only)
61. cv22.cmd, 2FIW.bat, upw.bat (usb/partition drive scanner only)
62. e2.cmd, 1ogf.exe, rbj9jn1n.bat (usb/partition drive scanner only)
63. boyedt.com, hkn6k.bat, 2a.exe, q9.cmd, vwewav8.com (usb/partition drive scanner only)
64. n68mqcra.exe (usb/partition drive scanner only)
65. Flashy.exe


This tool will restore the following registry edit to enable the following access :
Task Manager, Command Prompt, Regedit, Find, Folder Options, File Menu, Run command, Start Menu Context, Windows Hotkey Assignation.

This tool will change the following registry edit :
Show Hidden Files = False
Show File Extension = True
Hide Super Hidden Files = True

This tool will restore :
Internet Explorer Window Title
Internet Explorer Start Page

MLRT : 11 RSv3
Updated : 20th August 2009 New !
Download : via skydrive
CRC : ede3b739
MD5 : 3123cdb22b1dbcb838af05343fbcae3a
SHA1 : eedc8bdd004afc124139ce03c0f3cda56c0d64b4

Important :
This version of MLRT introduces a number of physical updates. For starters, your explorer.exe will be terminated upon running MLRT and will be automatically brought back when scans finished (some icons on your tray icon might not be visible, do re-run the corresponding apps). Also, there will be a 5-6 seconds delay upon starting this removal tool. So just wait patiently as it started on its own. There's a reason to it. Apparently some new malware can detect the absence of my tool and eventually terminate command prompt window that my program used to detect and delete malware loadpoints. To overcome at issue, I have made a relatively small delay before the program run. This delay contains special code to overwrite small part of the registry value that would make my tool kill the command prompt terminator from running. After that, my tool will start and then scan the loadpoints as it designed to be.

After using this tool, it is advisable that user to manually delete all suspicious-looking *.exe file in My Documents, created by some stubborn malware. For example, My Music.exe or My Pictures.exe that camouflage using a folder icon apart being an exe files. The actual folders is already being hidden by the malware. To retrieve back your folders, use the Clear-h-s.bat tool below. Lastly, please make sure you scan all your HDD partitions using the built-in HDD Partition Scanner supplied by the current version of MLRT. Just input the drive letter and let the tool do its magic.

--------------------------------------------------

Extras 1 : clearhs.bat
Release Date : 15th January 2010
Download : via skydrive
CRC : 43765B7B
MD5 : fc49565cc8af77f9da69444b959d786b
Info :
This little tool will unhide and clear system attribute from each files and subfolders that reside on the current folder you put this tool into. Before using this tool, please make sure you know what you're doing. This tool is not for beginners. To use, extract the downloaded zip file into the folder that you want to perform the task.
Tested on : Windows XP, Vista and 7 machines.


Extras 2 : enablecontrolpanel.reg
Release Date : 11th September 2007
Download : here
CRC : 484191C9
Info :
This reg file will re-enables Control Panel access. Please restart Windows after finished applying this reg file to the registry in order to see the effect.
Tested on : Windows XP


Extras 3 : enablecmd.reg
Release Date : 09th November 2007
Download : here
CRC : 31B63066
Info :
This reg file will re-enables command prompt.
Tested on : Windows XP

Issues :
For best results, please run this tool ON ALL user accounts.

Bezicto :
Feel free to ask me anything.
This removal tool is not a scanning tool, it basically find the loadpoints of the malware and removes it. The tool doesn't compare and evaluate anything when removing. Whenever the file name of the malware matches the internal coding, the tool will removes it. Please use it with caution in mind.

Disclaimer :
I'll not be liable for any damage and loss of data caused in connection with the use of this utility. Use at your own risks. For your attention, this utility has proven safe in working environment of Windows XP Service Pack 2/Service Pack 3 (32-bit). Please check the CRC and MD5 after downloading to make sure that you're downloading the real tool.

22 comments:

cRix said...

tq!!! ^__^ im able to clean bro_act inside my pc! tq very much!!!

bezicto said...

glad it helps :)

Anonymous said...

yesterday.. i was trying very hard for 1 whole day on how to remove bro_act.exe virus in my friend's laptop. but today.. i learned more about the virus which i have googled my_sexy.exe and your site appeared as top result. your removal tool works. thank you for sharing with the world.

Anonymous said...

Thanks a lot for your removal tool, it works great. thanks for sharing it.appreciated.

Unknown said...

thanks for the tools..
actually its easy to remove trojan or virus but hidden files cannot show..
now tis problem have been solved..thanks again..

Anonymous said...

downloaded tools. will use it right away- thanks!

Unknown said...

hi ur tools so really wrk,
do u hav ne removal tool for system volume info(in avira scan it shows infected),
thnxxx

bezicto said...

glad it helps. system volume info ? i need more information on that if you had any. it would be a great help.

Anonymous said...

thanks for this wonderful tool...helped me with DriveGuard trojan..

Grace said...

Hi, I'm wondering if your tool can remove len.js too? It's a script virus that leaves the word "len" on the IE title bar.
Thanks!

bezicto said...

sure. i take a look at that later. need some digging up to do first.

Anonymous said...

hi , i love the .bat system or CMD , and i want to learn it to do things like this removal , and i want to add a new problem it is the safe mode , the new malwares disable safe mode from working , and if i can help you with anything , or if you want to teach me this things and how to do it , i will be a good student trust me , and thanks for everything

bezicto said...

i can't seem to recalled anything that relates to (any kind of) malware disabling the safe mode. the only thing that was on my mind right now is that your windows might be ultimately corrupted. but, you might want to try reinstalling windows or for the better, reformat the windows partition itself.

Anonymous said...

ok then thanks for replying , but you can visit this site :

http://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/

it is talking about the (disabled safemode by virus) and i am sure you can have a better idea about that

bezicto said...

ok. i get the picture now. i'll evaluate and (probably) put the codes inside the next release of MLRT. thanks for the information. it is just that i've never came across with this type of malware before.

Motaz said...

you welcome anytime , and when i have a new information about somethings else i will tell you about that , or if you have another way to be contact that will be better

bezicto said...

while i do have yahoo messenger id, but that only for family and close friends. sorry. but no matter, you can contact me via gmail. use this address : bezicto@gmail.com

Anonymous said...

Your software is more helpful in removing the RVHOSTEXE virus more than Avira and Avast. It has also removed the traces of it just like you uninstalled the malware! I thought you are the author of it! Just kidding. Thanks, thanks and thanks again! May your tribe increase a hundred fold!

KirtiKapoor said...

Thanks for sharing; had been unable to remove with other tools; this worked wonderfully

Anonymous said...

Ever heard of Flashy.exe? My eePC gives this prompt whenever I plugged in a USB drive.

bezicto said...

hmm.. i'll try to look into that for future updates. for the time being, i suggest you install ninja pendisk (google that). that program will disable all autorun malware/rootkit when you plugged in any USB drive.

Anonymous said...

Thanks for the info. I just tried ninja. Seems effective so far