Sunday, March 8, 2009

Remove Fun.exe, dc.exe, SVIQ.exe viruses




How to Remove Fun.exe, dc.exe, SVIQ.exe viruses


My Antivirus shown me that in my computer viruses are there. And it started showing some Weird behaviors. It was mentioning three names like Fun.exe, dc.exe, SVIQ.exe etc.


I had a look in the processes under the task manager, found that following processes Fun.exe, dc.exe, SVIQ.exe are running.


The antivirus was not able to erase the virus by showing the access problem.


I killed those processes, by right clicking the process and select "End Process" in Task Manager. It couldn't help me to resolve the problem. Finally I found the resolution for this.


Here are the steps!!!




1. Temporarily Disable System Restore.

1. On the Desktop, Right Click on My Computer
2. Select the System Restore Tab
3. Mark the "Turn Off System Restore" to disable and UnMark to Enable
4. Click Apply on the Bottom of the Dialog Box to save the settings.
5. A message "This deletes all existing restore points" will appear, click Yes to disable.
6. Click OK.
2. Update the virus definitions.


3. Reboot computer in SafeMode


4. Run a full system scan and clean/delete all infected file


5. Delete/Modify any values added to the registry.


6. First go to the task manager (right click on the task bar > task manager) and select the processes tab.
  1. Right click on the Fun.exe, dc.exe, SVIQ.exe and select "End Process Tree". This stops the viruses from interrupting in the cleanup process.
  2. Go to the MSConfig (Win+R, type MSConfig and press enter). Go to the startup tab. Uncheck the dc.exe, fun.exe, SVIQ.exe, Other.exe, Win.exe. This stop the virus processes from starting with the windows.

7. Go to Registry Editor (Win+R, type RegEdit and press enter). Remove the following keys
  • dc, dc2k5, fun under the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • load, run under the key HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
  • Go to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and Modify Shell's value to "Explorer.exe".
  • Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dc
  • Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dc2k5
  • Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Fun
  • Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load
  • Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run

8. Delete the following files.
  • %Windir%\Help\Other.exe
  • %Windir%\inf\Other.exe
  • %Windir%\system\Fun.exe
  • %Windir%\System32\config\Win.exe
  • %Windir%\System32\WinSit.exe
  • %Windir%\dc.exe
  • %Windir%\SVIQ.exe
  • %Windir%\System32\NWB.dat
  • c:\PNga.txt
  • %Windir%\wininit.ini



9. Do the above changes and restart the computer.


10. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.