Friday, July 20, 2007

Flash.10.exe Removal Guide

I separated the solution from the last post for better viewing

Solution:

  1. Use HijackThis to scan and then remove the entries that contain Flash.10.exe, JambaMu.com, MSN.msn

  2. Enable Folder Options that disabled by the malware:
    Go to Run -> Type gpedit.msc -> Expand "User Configuration" -> Expand "Administrative Templates" -> Expand "Windows Components" -> Select "Windows Explorer" -> Double click "Removes the Folder Options menu item from the Tools menu" in the right panel -> Select Disabled

    Alternative: Open regedit, go to
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> delete "NoFolderOptions" or "DisableFolderOptions" or similar key if it is there -> Reboot

  3. Folder Options should be appeared now, go to Folder Options -> Select "show hidden files and folders" & uncheck "hide protected operating system files"

  4. Go to C:\Windows\System32, delete Flash.10.exe, JambanMu.com, regedit.com, cmd.com, msconfig.com, ping.com, dxdiag.com

  5. Delete My Secret.fold in My Documents, New Song.lagu & New Video.vidz in My Music, aweks.pikz & seram.pikz in My Pictures

  6. Delete C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn

  7. Delete C:\Program Files\Common Files\Microsoft Shared\Macromedia.10.exe

  8. - If you cannot delete the files and get messages like "cannot read from the source disk" or others that similar, probably your antivirus has blocked the access to these files, that's why you cannot move, delete or rename the files. Disable your antivirus and try again.

    *regedit.exe and cmd.exe actually stay intact, it just disabled by the malware.
  9. Enable regedit that disabled by the malware:
    Go to Run -> Type gpedit.msc -> Expand "User Configuration" -> Expand "Administrative Templates" -> Select "System" -> Double click "Prevent access to registry editing tools" in the right panel -> Select Disabled

  10. Enable command prompt(cmd) that disabled by the malware:
    Go to Run -> Type gpedit.msc -> Expand "User Configuration" -> Expand "Administrative Templates" -> Select "System" -> Double click "Prevent access to the command prompt" in the right panel -> Select Disabled
Leave your comment on this solution, I need your feedback, does it helps?

21 comments:

suwari said...

Sorry,buddy.Actually I edit some stuff.But there might be some problem if you use the method to remove this virus.For folder option you must disabled it.If the use it when the second time that computer infected virus it cannot be remove.

SIGMAX said...

It's not a problem as long as you give credits on your post to SIGMAX Tech but you said the content is taken from some forum.
If folder options is disabled, how you delete the files under system32 as the files are hidden? Is this what you mean?

Anonymous said...

bro , i tried to delete . but i can't . it wont let me too . is there a way ?

SIGMAX said...

It may caused by your antivirus that prevented your access to the files. Disable your antivirus and try again.

天鹰战机 said...

a few days ago, i also got hit by this virus... my friend's laptop was infected and he didn't know. so when my other friend put his thumbdrive (infected with the virus) into my laptop, *kaboom*!
like you said, nod32 quarantined the files but the damage had been done. but thanks to your guide, my laptop is back to normal!

suwari said...

I just found a program that easily.I follow your instruction but folder option still doesnt appeaar.I just found this program.It is more easier.

SIGMAX said...

It's good that someone has created such a program to eliminate specific malware.

Anonymous said...

i juz tried ur instruction but my folder option still not appear.how can i remove the virus as ur said, i can't remove it without my folder option.plz help me..

SIGMAX said...

I have added another way to enable folder options. You also can try System Restore.

naiping said...

my platform is windows vista ..i cannot find the gpedit.msc ... so what can i do ??...my folder option is missing ... n regedit is disable by administrator ,how to enable back .. can u help me pls ..

SIGMAX said...

gpedit is not available in Windows Vista Home Basic and Vista Home Premium, try gpmc.msc in Vista.

naiping said...

ican get my folder option by the alternative way that using the regedit .. i hav set the show hidden file n uncheck the hidden protect operating system file ,but why i still cannot file dat list in ur blog such as flash10.exe,jambanmu.com,n other ..n when i open windows explorer manually the come out result is doucuments..i don noe why ..but can u help me ..

SIGMAX said...

May be your antivirus has deleted the malware for you. You can use search function (enable search for hidden files and folders) to search for the files if you are not sure about it. I don't get what you mean at last part.

naiping said...

when i run the explorer.exe(manually) there will come out a window but the window is "mydocument"...do u get my means ...

SIGMAX said...

Windows Explorer shows My Documents by default when you run it. It is same like you right click on a folder and select explore but when you manually run Windows Explorer, it will shows My Document.

Anonymous said...

hey guys is this topic stil active? because i m hit by this virus! and need some professional assistance~~

piper said...

Hi..
I downloaded hijackthis...
After which i run the cmd - gpedit.msc & it says windows cant find the file. I am using Windows XP.
Y is this so?? Somebody please help..
TIA!

Anonymous said...

I was followed your instruction. And I click radio button to show hidden files and folders and ok to close folder option. After that I was opened again folder option and i got my hidden files and folders option back to do not show. any body can help me?

Hobbes said...

i can't delete "flash.10.exe" and "macromedia.10.exe".it appears in Task Manager.when i click end process,my laptop immediately shuts down..what am i supposed to do?

Anonymous said...

when i start up my laptop, there is a box appear said that flash.10.exe cannot be found, something like that.. there's something about i should load it again.. if i'm not mistaken, i used to delete this flash.10.exe before.. since then, this box appears.. so what should i do?

marry said...

Blogs are so informative where we get lots of information on any topic. Nice job keep it up!!
_____________________________

Anthropology Dissertation