This Virus is similar or carbon copy of ACC1.exe virus installer, it is a malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment.
Symptoms of Infection
It creates the file boha.exe in boha named folder on the infected computer. And also it creates msupdat.exe in C:\Documents and Settings\admin(user) directory You need to search and delete it. You should end any running process named boha.exe from Task Manager, and also remove the file's entry from windows startup.
It creates the file boha.exe in boha named folder on the infected computer. And also it creates msupdat.exe in C:\Documents and Settings\admin(user) directory You need to search and delete it. You should end any running process named boha.exe from Task Manager, and also remove the file's entry from windows startup.
The following directories were created:
- C:\Boha
- C:\Boha\Elsabah
C:\Documents and Settings\[UserName]\update.exe ( Alias VirTool.Win32.VBInject [Ikarus])And also creates dial up connection automatically-Like a-connect,z-connect,You can check in Network Connection
Registry Modifications
The following Registry Key was created:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-61WE-KKX2-4217QWE23218}
The newly created Registry Value is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-61WE-KKX2-4217QWE23218}] StubPath = "c:\Boha\Elsabah\boh.exe"
So that boh.exe runs every time Windows starts
And this virus also creates auto dialup connections
see figure below
Steps to remove boha.exe Virus
Press Alt+Ctrl+Del --->Go to Process --->End the process- Explorer.exe
2.Go to Run Type CMD
3. Then Type C:\Documents and Settings\user>cd\ Hit Enter
4. Then Type C:\>attrib -h -r -s boha Hit Enter
5.Type C:\> Del boha then it ask for delete confirmation Press Y
6. Type Exit.
7. Acess run in task manager Type C: you will know return to desktop.then open C drive look for boha folder and Delete it.
Know Virus Should be gone!
Some time it Modifies Registry or Creates following registry keys
The newly created Registry Value is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-61WE-KKX2-4217QWE23218}] StubPath = "c:\Boha\Elsabah\boh.exe"
You need to delete them manually or you can use Registry Cleaners Like CCleaner or GlaryUtilities
If you liked this post please leave a comment to promote us
Related:How to Remove Dangerous ACC1.exe Virus-Fix
Related:How to Remove Dangerous ACC1.exe Virus-Fix
No comments:
Post a Comment