This guide will show you how to remove Stuxnet worm rootkit (W32.Stuxnet) from your Windows 7, Vista and Windows XP computers and USB drives. Before starting I would like to spend a couple of words about such a worm/virus. It has been around on the Internet for some time, but recently it looks like there has been a fresh outbreak which has caused a lot of issues and problems to companies and regular users. Stuxnet Worm has been primarly designed to spread via USB drives (removable medias) by exploiting a vulnerability called Microsoft Windows Shortcut ‘LNK’ Files Automatic File Execution (Shortcut “LNK/PIF”) which is a reference to a local file, a kind of shortcut which, if clicked or automatically executed, will run the files it refers to. These “shortcuts” (if available on the USB drive) are used by the worm to automatically execute and install malware on the computer. Once Stuxnet virus has managed to breach a system, it will use it to launch other attacks to other machines which are on the same network. After that it will also try to gain total control and admin privileges over those PCs. Such a worm is also know as: Troj/Stuxnet-A, W32/Stuxnet-B, Trojan-Dropper:W32/Stuxnet, WORM_STUXNET.A. Let’s see how to delete Stuxnet trojan from computer thanks to an easy manual procedure.
- As a first step you will have to turn off your Windows System Restore. In order to do it, follow the below guide:
- Now, let’s reboot the system and access the Safe Mode configuration.
- Use your favorite antivirus and scan the computer. Be aware that if your antivirus is not able to detect and remove the Stuxnet Worm you will have to update it or change it. You can use AVG free antivirus.
- Now, we will have to access the Services Panel. To do it, click Start – in the Search field (Run… if you have XP), type: Services.msc and press Enter.
- Locate the following services:
- Right-click each service and select Stop.
- Again for each service, right click – Select Propierties and change startup type to manual.
- Click OK.
- Restart the PC.
- Now, use this removal Stuxnet Worm procedure to get rid of its leftovers. Locate these files and uninstall them. If you can not locate some of them it means that your antivirus deleted them:
- Now open your Windows Registry. To do it, click Start – In the Search field (Run…if you have XP), type regedit and press Enter.
- Locate and delete the following Windos regitry entries:
1. Right-click on the “computer icon” on your computer desktop.
2. Click Properties from the menu (it should be last option).
3. Click System Protection, located on the window left pane.
Now, the procedure will split because there are different steps to follow depending on your operating system.
a. If you own Windows Vista, after clicking System Protection you should be able to see checkboxes next to your hard disks/partitions. Untick the drive you want to turn off the System Restore for. After that click the Turn System Restore Off bottom from the pop-up window.
b. If you own Windows 7 after clicking System Protection, click Configure located at the end of the window, right under the list of drives available. Now, click the Turn Off System Protection radio button and click the OK button to confirm.
c. If you have Windows XP, follow this guide.
1. Reboot your Windows.
2. Right after that, keep pressing the F button on your keyboard, repetively.
3. This will let you gain access to the Advanced Option Screen.
4. Select Safe Mode from the list.
Startup Type: Automatic
Image Path: %System%\\drivers\\mrxcls.sys
Startup Type: Automatic
Image Path: %System%\\drivers\\mrxnet.sys
“Copy of Copy of Copy of Copy of Shortcut to.lnk”
“Copy of Copy of Copy of Shortcut to.lnk”
“Copy of Copy of Shortcut to.lnk”
“Copy of Shortcut to.lnk”
HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\ Services\MRxCls\ “ImagePath” = “%System%\drivers\mrxcls.sys”
HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\MRxNet\ “ImagePath” = “%System%\drivers\mrxnet.sys”
Related Articles Latest Articles
- How to Search for Content in any File in Windows 10
- How to Block and Restrict Other Users Access to Windows 10 Registry Editor
- Easy Trick to Find Out the WiFi Password of a Internet Connection (No Hacking Required)
- How to Save, Backup and Restore All Drivers in Windows 10
Web Talk is best viewed in Firefox.