Friday, May 30, 2008

How to remove Flash.10.exe and Macromedia.10.exe virus

This is quite a lame virus but anyway still many computers still infected with this virus. So I will write a tutorial to help people to remove this pest.

Characteristics

As usual, this virus will disable your Registry editor, search and folder option because to keep it hidden. But, this virus will not disable your task manager. Why? Because this is a trap. When you open your task manager and found flash10.exe in the process list, dont end the process yet because by doing it, your computer will shutdown.So what we need to do is just following this step.




Step 1 - Enable registry editor and folder option

Download Washer here. Enable back your registry editor and folder options by using washer.


- If the virus attacked your computer, there will be a check at the Disable Regedit, Hide Find and Hide Folder Option check button.
- Leave the check button and straightaway click the repair registry button and in just a few second, you can access back your registry, search and folder options.
- If this doesn't work, try it again or ask someone to help you.



Step 2 - Remove the virus link in registry

First open the registry editor by Start > Run and type regedit and press enter. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentUser\Run and delete the WindowsMSN key at the right hand-side.

Then go to HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ and delete the C:\WINDOWS\system32\Flash.10.exe key at right hand side.

Then go to HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\
CurrentVersion\Windows\
and delete the load key at the right.

Then, go to HKEY_USERS\S-1-5-21-2000478354-2025429265-839522115-1003\
Software\Microsoft\Windows\ShellNoRoam\MUICache

and delete the C:\WINDOWS\system32\Flash.10.exe

and last go to HKEY_USERS\S-1-5-21-2000478354-2025429265-839522115-1003\
Software
\Microsoft\WindowsNT\CurrentVersion\Windows\
and delete load key.

If your are tired to find the key, just press F3 and typed flash.10 and press again F3 to keep search.

After that, restart your computer.


Step 3 - delete the virus file

After restart your computer, make sure the virus is not run anymore. Open your task manager and if Flash.10 and Macromedia.10 is not in the process list, it is safe for you to delete the virus file. If not, repeat step 2.

Before delete the virus, you need to configure your Folder Options first. Open My Computer, click Tools menu and choose Folder Options. If Folder Options did not appear, repeat step 1.

Now Change the setting as my folder options on the picture below. Changes are on Show hidden file, Hide protected operating system file and Hide extension for known files. Click Ok.



Go to C:\Program Files\Common Files\Microsoft Shared\ and delete Macromedia.10.exe

Now, open C:\Program Files\Common Files\Microsoft Shared\DAO\ and delete file MSN.msn. The virus try to spoof by using MSN logo and name.

Then, go to C:\WINDOWS\System32\ . Right Click, choose Arrange Icon By > Modified. Then scroll to the last row and try to find Flash.10.exe, cmd.com, dxdiag.com, JambanMu.com, msconfig.com, ping.com and regedit.com. Delete the file. Remember, just delete the listed file only!!

Then, delete the virus in your USB drive by referring here. Delete only Flash Jokes.exe, Autorun.inf, Flash.10.Setup.exe and Scanner.exe

Now restart your computer. Hopefully your computer will be okay.


...Read more

3 comments:

Flaming Firestonez said...

Salam...
A good guide bro!
Maybe I will link my blog to you ;-)

Anonymous said...

I truly believe that we have reached the point where technology has become one with our lives, and I think it is safe to say that we have passed the point of no return in our relationship with technology.


I don't mean this in a bad way, of course! Societal concerns aside... I just hope that as technology further develops, the possibility of copying our brains onto a digital medium becomes a true reality. It's a fantasy that I dream about every once in a while.


(Posted on Nintendo DS running [url=http://knol.google.com/k/anonymous/-/9v7ff0hnkzef/1]R4i[/url] DS NetPostv2)

Anonymous said...

Thanks so much for the information. Much blessings to you!!!