Sunday, January 18, 2009

How to delete Win32.HLLW.Shadow.based warm?

Doctor Web specialists published an article about a dangerous warm Win32.HLLW.Shadow.based, which uses alternative methods of distribution. One of them is using Windows techniques, starting with Windows 2000 up to Windows 7. For packing files Win32.HLLW.Shadow.based constantly changes its appearance which becomes even harder to track it.

This warm has been designed to form a bot-network. The warm request and downloads files from an online web server (specially designed for this purpose). The goal is to benefit from warm execution or plain sales of this product.

To delete Win32.HLLW.Shadow.based from your system, first you need to download and install the following patches from Microsoft:

Then, disconnect your computer from Internet and all possible networks. If any other computers are on the same network then it's important not to connect the infected PC back to network until the warm has been completely deleted from your system. Lastly, download Dr.Web CureIt! utility, run a scan for all drives.

No comments:

Post a Comment