|
W32.hllw.stmu
Overview
W32.hllw.stmu is a backdoor program that is controlled over IRC.
Classification
Backdoor
Files
wuytc.exe, ctxma.exe, wstcl.exe, wucxt.exe, wystcl.exe, cxma.exe
If you have any of the files related to W32.hllw.stmu on your system,
please send them
for additional analysis. Generally, I have only analysed a
few versions for each software component listed at this web site. With your help I
will be able to look at both old and more recent versions of the W32.hllw.stmu software.
Thank you very much for your time!
Alias
Backdoor.RBot.2C0CB2C3 [BitDefender],
Win32.HLLW.MyBot.based [Dr.Web],
Backdoor.Win32.Rbot.gen [Kaspersky Anti-Virus],
Trojan.Rbot.Gen [mks_vir]
Log references
Log 1277
Detection
Bazooka Adware and Spyware Scanner detects W32.hllw.stmu.
Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and
other potentially unwanted applications.
Read more »
Uninstall procedure
Please go to the anti-virus recommendation page.
You can find both free products or use one of the trials to remove the virus.
Manual removal
Please follow the instructions below if you would like to remove W32.hllw.stmu manually. Please
notice that you must follow the instructions very carefully and delete everything that is mentioned. In most
cases the removal will fail if one single item is not deleted. If W32.hllw.stmu remains on your system
after stepping through the removal instructions, please double-check by stepping through them again.
-
Start your computer in safe mode.
-
Start the registry editor. This is done by clicking Start then Run.
(The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
- In the right pane, delete the value value called '*Microsoft Update'.
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices'
- In the right pane, delete the value value called '*Microsoft Update'.
- Browse to the key:
'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
- In the right pane, delete the value value called '*Microsoft Update'.
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer \ Run'
- In the right pane, delete the value value called '*Microsoft Update'.
- Browse to the key:
'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer \ Run'
- In the right pane, delete the value value called '*Microsoft Update'.
- Exit the registry editor.
- Install all security patches from www.windowsupdate.com.
Problems uninstalling? Click here.
I'm looking for your help!
Thank you for using my site, I hope you find it useful. I'm looking
for help from all users, please read more.
Contact information for W32.hllw.stmu's vendor
In order to provide correct, accurate and updated information about W32.hllw.stmu
I encourage the vendor to contact me if any part of this write-up
needs a revision.
Related links |
|
Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!
The File Database - Search the file database for more information. Free!
PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!
Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.
|
|
|