21
Jan
2011

How to Remove Stuxnet Worm Virus

Malware RemovalComments Off on How to Remove Stuxnet Worm Virus





Bookmark and Share

Remove StuxnetThis guide will show you how to remove Stuxnet worm rootkit (W32.Stuxnet) from your Windows 7, Vista and Windows XP computers and USB drives. Before starting I would like to spend a couple of words about such a worm/virus. It has been around on the Internet for some time, but recently it looks like there has been a fresh outbreak which has caused a lot of issues and problems to companies and regular users. Stuxnet Worm has been primarly designed to spread via USB drives (removable medias) by exploiting a vulnerability called  Microsoft Windows Shortcut ‘LNK’ Files  Automatic File Execution (Shortcut “LNK/PIF”) which is a reference to a local file, a kind of shortcut which, if clicked or automatically executed, will run the files it refers to. These “shortcuts” (if available on the USB drive) are used by the worm to automatically execute and install malware on the computer. Once Stuxnet virus has managed to breach a system, it will use it to launch other attacks to other machines which are on the same network. After that it will also try to gain  total control and admin privileges over those PCs. Such a worm is also know as: Troj/Stuxnet-A, W32/Stuxnet-B, Trojan-Dropper:W32/Stuxnet, WORM_STUXNET.A. Let’s see how to delete Stuxnet trojan from computer thanks to an easy manual procedure. 

  1. As a first step you will have to turn off your Windows System Restore. In order to do it, follow the below guide:
  2. 1. Right-click on the “computer icon” on your computer desktop.
    2. Click Properties from the menu (it should be last option).
    3. Click System Protection, located on the window left pane.
    Now, the procedure will split because there are different steps to follow depending on your operating system.
    a. If you own Windows Vista, after clicking System Protection you should be able to see checkboxes next to your hard disks/partitions. Untick the drive you want to turn off the System Restore for. After that click the Turn System Restore Off bottom from the pop-up window.
    b. If you own Windows 7 after clicking System Protection, click Configure located at the end of the window, right under the list of drives available. Now, click the Turn Off System Protection radio button and click the OK button to confirm.
    c. If you have Windows XP, follow this guide.

  3. Now, let’s reboot the system and access the Safe Mode configuration.
  4. 1. Reboot your Windows.
    2. Right after that, keep pressing the F button on your keyboard, repetively.
    3. This will let you gain access to the Advanced Option Screen.
    4. Select Safe Mode from the list.

  5. Use your favorite antivirus and scan the computer. Be aware that if your antivirus is not able to detect and remove the Stuxnet Worm you will have to update it or change it. You can use AVG free antivirus.
  6. Now, we will have to access the Services Panel. To do it, click Start – in the Search field (Run… if you have XP), type: Services.msc and press Enter.
  7. Locate the following services:
  8. MRXCLS
    Startup Type: Automatic
    Image Path: %System%\\drivers\\mrxcls.sys

    MRXNET
    Startup Type: Automatic
    Image Path: %System%\\drivers\\mrxnet.sys

  9. Right-click each service and select Stop.
  10. Again for each service, right click – Select Propierties and change startup type to manual.
  11. Click OK.
  12. Restart the PC.
  13. Now, use this removal  Stuxnet Worm procedure to get rid of its leftovers. Locate these files and uninstall them. If you can not locate some of them it means that your antivirus deleted them:
  14. C:\WINDOWS\system32\drivers\mrxcls.sys
    C:\WINDOWS\system32\drivers\mrxnet.sys
    C:\WINDOWS\inf\mdmcpq3.PNF
    C:\WINDOWS\inf\mdmeric3.PNF
    C:\WINDOWS\inf\oem6C.PNF
    C:\WINDOWS\inf\oem7A.PNF
    ~WTR4132.tmp
    “Copy of Copy of Copy of Copy of Shortcut to.lnk”
    “Copy of Copy of Copy of Shortcut to.lnk”
    “Copy of Copy of Shortcut to.lnk”
    “Copy of Shortcut to.lnk”
    ~WTR4141.tmp

  15. Now open your Windows Registry. To do it, click Start – In the Search field (Run…if you have XP), type regedit and press Enter.
  16. Locate and delete the following Windos regitry entries:
  17. HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\ Services\MRxCls\ “ImagePath” = “%System%\drivers\mrxcls.sys”
    HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\MRxNet\ “ImagePath” = “%System%\drivers\mrxnet.sys”

  18. Done!
http://www.youtube.com/watch?v=cf0jlzVCyOI



Related Articles Latest Articles
.

Comments are closed.


Copyright © 2007-2017 | Sitemap | Privacy | Back To Top
Best screen resolution 1280x800 or higher.
Web Talk is best viewed in Firefox.

Stat