SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  rundli32.exe

Name rundli32.exe

Description

It appears when you infected with the LADE VIRUS.

W32.Lade is a worm that spread itself through IRC.
It attempts to remove antivirus software installed on the PC and may attempt to format the hard drive partitions C, D, E, F, and G at system restart.
Also Known as Backdoor.IRC.Lade

W32.Lade performs the following actions:
1. Drops a copy of itself to %Windir%\System\rundli32.exe.
NOTE: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.

2. Checks whether mIRC is installed, and if found, drops its own version of Script.ini, which contains code to spread itself by mIRC, to the mIRC folder.

3. Drops the batch file, %Windir%\Winstart.bat, which contains code to remove antivirus software when you restart the computer.

4. Adds values for "w32.BeanLadean.B.worm" to the following registry keys:
HKEY_LOCAL_MACHINE\
HKEY_LOCAL_MACHINE\Software\
HKEY_LOCAL_MACHINE\Software\Microsoft\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

5. Adds the value:
"rundli32"="%Windir%\System\rundli32.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

6. May edit the C:\Autoexec.bat to attempt to format hard drive partitions C, D, E, F, and G at system restart, depending on circumstances.

Removal instruction:
1. Run a full system scan with your antiviral programm.
If any files are detected as infected with W32.Lade, click Delete.

2. Deleting the values from the registry
Find the keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Delete the value:
"rundli32"="%Windir%\System\rundli32.exe"

Then go to the keys:
HKEY_LOCAL_MACHINE\
HKEY_LOCAL_MACHINE\Software\
HKEY_LOCAL_MACHINE\Software\Microsoft\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
and delete any values that refer to:
"w32.BeanLadean.B.worm"


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

zcxdrmuori

Unencumbered galleries

wplnhltylp

Full-grown galleries

qadouevfzq

anixfensxe

hopbyelgom

lvlbrfcsfn

jtqidnimxe

zsylymzlxb

kjhnosugxq

zmiburwqem

fxnbelplcg

ezvxdhfspb

hkddlxgjoz

xwheerupjo

brizhxiney

fyahuqcily

kcfmbfp

okcxcskvdv

nbilmcjgoz

exfznzbxhr

xhdvofktfr

qbpjfcqdji

hwwoamajlz

bdfaienwos

jvujukpbnl

uqktlfrzxa

atjrwlsjye

ajluhbfdbs




SoftwareTipsandTricks, All Rights Reserved.