W32.Xanib.A is virus that change and modified registry entries and disabling the Windows Task Manager, Registry Editor and Windows Command Line. It can infects executable and multimedia files on the compromised computer.

Aliases : W32.Xanib.A
Infection Type : Virus
Risk Level : Low
System Affected : Windows Operating System

Download Removal Utility for W32.Xanib.A

Manual Removal of W32.Xanib.A

Kill Spyware Processes ( Help )
[random characters].exe

Get rid of Files and Folder ( Help )
%System%\[RANDOM CHARACTERS].exe
%System%\[RANDOM CHARACTERS].exe
%System%\binax.nfo
%Windir%\system.ini
%Windir%\win.ini

Delete following folders ( Help )
— No traces available —

Delete Registry Values ( Help )
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Win32.Xanib\Command\”(default)” = “Explorer.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[FIRST SET OF RANDOM CHARACTERS]” = “Error”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[SECOND SET OF RANDOM CHARACTERS]” = “Error”
HKEY_LOCAL_MACHINE\SOFTWARE\[FIRST SET OF RANDOM CHARACTERS]\”[FIRST SET OF RANDOM CHARACTERS]” = “%System%\[FIRST SET OF RANDOM CHARACTERS].exe”
HKEY_LOCAL_MACHINE\SOFTWARE\[SECOND SET OF RANDOM CHARACTERS]\”[SECOND SET OF RANDOM CHARACTERS]” = “%System%\[SECOND SET OF RANDOM CHARACTERS].exe”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
\”DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
”DisableCMD” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
”DisableRegistryTools” = “1″

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\edit\”command” = “shutdown -s -f -t 0″
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\”command” = “shutdown -s -f -t 0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
\”ShowSuperHidden” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
”NoDriveTypeAutoRun” = “95″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
”NoFolderOptions” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
”NoRecentDocsMenu” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
”NoFind” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
”NoSaveSettings” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
”NoRun” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
”NoSetFolders” = “1″
HKEY_CURRENT_USER\Software\Classes\”exefile” = “MP3 Audio”
HKEY_CURRENT_USER_Classes\”exefile” = “MP3 Audio

 
Download Removal Utility for W32.Xanib.A