updates 10th July 2008: Remove The file system\1021\services.exe with Security Task Manager & follow step 8 below to complete the process.
The file system\1021\services.exe is labeled under W32/Dzan-C
W32/Dzan-C is a virus for the Windows platform that also spreads via removable storage devices.
W32/Dzan-C runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.
The file
HKLM\SYSTEM\CurrentControlSet\Services\services
Here is how you get rid of it from your system:
1) Right Click My Computer and select Explore
2) Click Tools>Folder Options>View> Check "Show hidden files & folders"
3) Click "Apply to all folders"
4) Go to C:\WINDOWS\system32
5) Delete folder 1021. You will not be able to delete it. Open the folder & you will see the services.exe
6) Install Unlocker & right click the io21 folder to delete it. To the bottom left drop down box select delete. To the bottom right tab select & click "Unlock All"
7) Get Sysinternal "AutoRuns" Run it. . Configure in Autoruns toolbar\Options to check all 3 boxes. Then click File>Refresh. This will coloured all safe results which does not require attentions. Click 1021\services.exe to highlight and delete it.
8)Type regedit in Start>Run box & click ok
(File>Export for back up. Restore in event of errors)
9)In the Registry Editor, Click Edit> Find & type 1021>click find next.
Delete each & every registry entry located by the line indicating the word "Image path" follow by 1021.
(Not all result has the exact four numerical 1021 e.g. 102152678 (in which case skip to find next)
Point mouse to 1st column & 2nd column separator and drag right to view full description as to fgollowing image:Delete as illustrated in image below.
Continue to click Edit>Find Next after each find until the end.
Reboot Windows View blog reactions
0 comments:
Post a Comment