Home Forums Windows 7 Security Tips

Windows 7
Windows Vista
Windows XP

Security Tips
Keyboard Shortcuts


Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Hot Downloads

Privacy Policy
Contact Us




W32.Tulu virus.

When W32.Tulu is executed, it attempts to copy itself as
%windir% is C:\Windows or C:\Winnt
%system% is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Virus add the value:
shell %system%\rundll32.exe
to the registry key
so that the worm runs each time that you start Windows.

Also creates the registry key
This key is used by the macro component of the virus.

The virus next attempts to locate the Microsoft Word global template,
If the virus finds the file, it infects the file with a macro virus. The only purpose of the macro virus is to execute the W32.Tulu virus.

The virus now stays memory resident. Every few minutes, it attempts to copy itself to drive A.

How to delete this virus:

1. Run a full system scan whit your antivirus tools.
If any files are detected as infected with W32.Tulu, click Delete.

For example, Symantec antivirus products detect this macro component as W97M.Tulu.
If any files are detected as infected with W97M.Tulu, click Repair.

2. Delete the value "shell" from the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Still have a problem? Ask for help at our discussion forum.

Search Dangerous Files :

: : Recent posts at Forums : :

Fatal error: Incompatible file format: The encoded file has format major ID 1, whereas the Loader expects 7 in /home/software/public_html/forum/includes/functions_vbseo.php on line 0