Sunday, May 11, 2014

W64.Viknok.B!inf Needs Manual Removal and Bring in Name Not Available Virus, Removal Guide

W64.Viknok.B!inf alert warning







OUTLINE
  • Why manual removal is required to remove W64.Viknok.B!inf ?
  • How does W64.Viknok.B!inf  spread?
  • What are the troubles and damages brought by W64.Viknok.B!inf ?
  • Follows steps to remove W64.Viknok.B!inf 


Manual Removal Required for W64.Viknok.B!inf 


Many victims with the capability of reading log files would notice that qrtzutd.dll (C:\Users\vjmure\AppData\Roaming\qrtzutd.dll.) (W64.Viknok.B!inf) is detected by Auto-Protect and the status is "Manual Removal Required".  However, some would not believe it and turn to the quickest way in most cases – reinstalling system – but to no avail. According to the test by VilmaTech Research Lab, W64.Viknok.B!inf reappear as setup.exe file in local disk after the installation. Why?

W64.Viknok.B!inf is a Trojan horse written by ASCII (see the reference below). Such format is acknowledged by Microsoft; in other words, the Trojan horse is highly elusive. With such format, W64.Viknok.B!inf could generate the generic files on a target machine such as setup.exe or autorun.inf to ensure automatic running at each Windows start without being hindered by the internal security defense.

As a Trojan horse, W64.Viknok.B!inf is capable of opening backdoor after numerating and modifying the devices concerning web browsers and security parts. With the widely open backdoor, W64.Viknok.B!inf would receive commands from remote server for damage commitment. One of the random commands is to insert itself in MBR (Master Boot Record). Therefore, reinstalling Windows cannot help.

With the compromised security defense by the aggressive Trojan horse, automatic method is not recommended.



How W64.Viknok.B!inf  Spreads?


Such Trojan horse has been widely detected on companies’ computers. At about the same time, most PC in one company would be detected to be attacked by W64.Viknok.B!inf. The Trojan horse also attacks individuals in case some millionaires would be under its radar.

According to Global PC Support Center, W64.Viknok.B!inf attacks the computers with weak system password. Usually the Trojan horse is distributed onto websites and transferred onto removable medias (such as removable disks, writable CD or USB flash drives). It can also take advantage of NFS (Network File System) to affect the files on other computers. When it penetrates into a machine successfully, W64.Viknok.B!inf  would copy itself to affect or modify some critical internal parts or stir up the target system to ensure its stay.



Troubles and Damages from W64.Viknok.B!inf 

  1. Get random music playing with device "Name Not Available"/”Name Not Found” in the mixer.
  2. W64.Viknok.B!inf  modifies startup settings and DataBase to ensure its automatic tasks and settlement.
  3. Additional and strange processes are caught to run in the background to result in freezes and crashes.
  4. Backdoor is opened up to upload collected information, load down new commands or bring in additional virus for extra income.
  5. Browser redirecting and hijacking could happen.
  6. More unknown items are junks are scattered around in the local disk to take up limited internal space. 
  7. Information on accounts and the confidential info typed online will be recorded by keyloggers.


Follow Expert Instruction to Remove W64.Viknok.B!inf 


Below is the expert instruction to follow up. Should you have difficulties in carrying out the below steps, please do not hesitate to start a live chat window with senior technician from VilmaTech Online Support.
start a live chat to get expert help in removing W64.Viknok.B!inf



A – Enter into Safe Mode

Windows 7/Vista/XP
Restart the affected computer > keep tapping on “F8 key” when the computer is booting > select ‘Safe Mode’ on  “Windows Advanced Options Menu” screen > press Enter key.
enter into Safe Mode to remove W64.Viknok.B!inf

Windows 8
Restart the affected computer > hold the Shift button and keep tapping on the F8 key as the computer is booting >  ‘See advanced repair options’ > ‘Troubleshoot’ > ‘Advanced Options’ > ‘Windows Startup Settings’ > ‘Restart’ button.




B – Bring up Task Manager to remove the items with the path directing to W64.Viknok.B!inf's.
(tip: if you are not able to access Task Manager with the key combination, please access Run box from Start menu and type “CMD”; hit Enter key to put in “taskkill.exe /im msblast.exe” or “taskkill.exe /im teekids.exe” or “taskkill.exe /im penis32.exe”)

Access Task Manager > View > select columns > tick "PID" and "Path name" > go to open up System Information > end the process with path name directing to  W64.Viknok.B!inf's path(according to the threat alert) or the path that doesn't belong to system.
select Colunms to tick PID and Path Name
(tip: if some vicious processes reappear, one could find the PPID through PID functionality; please then remove the parent process(es) with the command “taskkill /im system.exe /f” through DOS window.)




C - Access DataBase to make rectifications.
  • Press down Win key and R key together.
  • Type “regedit” and hit Enter key.
  • Navigate to the following entry to see and remove the values under “Run” that you have not seen before:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  • Then search for the processes detected in step B to remove them in Database.




D – Show hidden files and folders to remove the items generated by W64.Viknok.B!inf.


Windows 7/XP/Vista - Control Panel > user accounts and family safety > Folder Options > View tab > tick ‘Show hidden files and folders’ > non-tick ‘Hide protected operating system files (Recommended)’ > OK button.

show hidden files on Windows 7/XP/Vista


Windows 8 - Windows Explorer > View tab > tick ‘File name extensions’ and ‘Hidden items’ > OK button.
  • Access the detected path and remove all the items there.
  • Access the following folders to remove the items generated on the day when  W64.Viknok.B!inf was firstly detected:
C:\Windows
C:\Windows\System32
C:\windows\winstart.bat
C:\windows\wininit.ini
C:\windows\Autoexec.bat
C:\Users\[your username]\Documents\
C:\users\user\appdata\local\
C:\Program Files\
 (tip: to filter out the items generated on the day when W64.Viknok.B!inf appeared, please right click on the space of a window that is under inspection to select "Arrange by"; then select "day" in the drop-down list)
Arrange by day to remove the items generated by W64.Viknok.B!inf



People should that the ultimate goal for W64.Viknok.B!inf  is money. By attacking the weak password system, the Trojan horse manages to get commercial secretes or at least steal valuable online games equipments for money. What’s worse, it would make the most out of the backdoor by introducing in additional virus for extra income. This is why quick fix is required. If one runs into additional virus and some unexpected issues thereby, please contact VilmaTech Online Support for exclusive help according to your concrete situation or navigate to virus reservoir for corresponding solution only if you are well equipped with computer skills and virus knowledge.

get expert help in removing W64.Viknok.B!inf


Reference:

NFS (Network File System) – Wikipedia

ASCII (American Standard Code for Information Interchange) - Wikipedia

MBR (Master Boot Record) – Wikipedia

How to Remove W64.Viknok.B!inf Virus, Cleanup Trojan Virus - Global PC Support Center



No comments: