Submitted by: Submitted by dane
Views: 524
Words: 868
Pages: 4
Category: English Composition
Date Submitted: 02/18/2012 06:21 PM
ry going to Start > Run type "Taskkill /T /IM "RVHOST.EXE"
Open a notepad window and copy and paste the following
On Error Resume Next
Set shl = CreateObject("WScript.Shell")
Set fso = CreateObject("scripting.FileSystemObject…
shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Wi… entVersion\Policies\System\DisableRegist…
shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Wi… entVersion\Policies\System\DisableTaskMg…
shl.RegDelete
Save this as Enable.vbs
Run Enable.vbs
Now go to Start > Run > type "regedit"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Yahoo Messengger = "%System%\RVHOST.exe"
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP and Server 2003.)-->
Removing Other Entry from the Registry
Still in Registry Editor, in the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>W…
CurrentVersion>Policies>Explorer
In the right panel, locate and delete the entry:
NofolderOptions = "1"
Restoring Modified Entries from the Registry
Still in Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>… NT>
CurrentVersion>Winlogon
In the right panel, locate the entry:
Shell = "Explorer.exe RVHOST.exe"
Right-click on the value name and choose Modify. Change the value data of this entry to:
Explorer.exe
In the right panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentContr…
Services>Schedule
In the right panel, locate the entry:
NextAtJobId = "2"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
Close Registry Editor.
Deleting the Malware File(s)
Right-click Start then click...