Delete the javasgkvsq. vmx, Autorun. vinf worm.

Source: Internet
Author: User
Tags microsoft website

The root directory of the mobile hard disk may not be deleted at any time. vinf file, opened with hexeditor, binary, but from the end of the ASCII code, you can see jwgkvsq. vmx. Search online to find out that this is a relatively new virus.

 

In fact, if the virus is not infected with the system, you can enter the security mode and perform the following operations:

1. Shut down the system. Welcome;

2. Disable the recycle bin function;

3. Add the Administrators group to folders such as recycler and system volume information. If the group cannot be added, clear the permission inheritance and add the owner of the system administrator;

4. Add the Security tab Autorun. vinf to the Administrator group;

5. Delete recycler and system volume information, and delete the Autorun. vinf file;

 

The following is a complete guide for virus removal on the Internet:

How to remove the cipher gkvsq. vmx Worm Virus

Posted by: Ryman in Security

TheJwgkvsq. vmxIs a worm-type virus, which spreads via USB/portable drives and through the network. It also makes autorun. inf file on your USB device as well as a hidden system folder calledRecyclerWhich containsJwgkvsq. vmxFile. i'm not sure if this is an old virus, but it seems it's been spreading a lot lately. and most anti-virus doesn't detect this, but for those who does, it can't remove it.

It is also known:

  • W32/confi
  • W32/Conficker. worm! INF
  • Win32/Conficker. B-ca

It exploits Microsoft Windows vulnerability:
Microsoft Security Bulletin MS08-067-critical
Vulnerability in Server Service cocould Allow Remote Code Execution (958644)
Published: October 23,200 8

Symptoms:

  • 'Show hidden files and folders'Doesn't work. You can check this by going to a folder, then click tools, then Folder Options, then view tab. Select'Show hidden files and folders'Then click Apply, then OK. Open folder options again, If it reverted back to 'do not show hidden files and folders 'then you have this virus.
  • Evey time you plug in a USB device on your computer, it createsAutorun. infFile, and a recycler folder withJwgkvsq. vmxVirus File.
  • You can't access anti-virus websites an other popular websites like Microsoft.com or Yahoo.com
  • Windows won't boot into safe mode. This happens on extreme cases. When you try to boot into safe mode, your computer restarts/shuts down

Side-effects

  • Since this is a worm, system slowdown may (or may not) happen.
  • Quickly spreads through networked computers and USB devices. Which effecdes flash drives, portable external hard drives, mobile phones, MP3 players, and anything that can be plugged into a USB port.
  • Won't let you access some websites.

Now let's go back to the topic. Remember that this guide will only help you removeJwgkvsq. vmxVirus.

Click through the link to continue...

Here is a quick step to remove this virus from your computer, and from your USB devices.

Preparation:

  • Download fixdownadup.exe from symantec.com
  • Download anti-Downadup-EN.zip from bitdefender.com (just in case the first one doesn't work ).
  • DownloadProcess ExplorerAndAutorunsFrom sysinternals (we may or may not use this ).
  • Download Moso force Delete (just in case we need to delete something that can't be deleted ).

Now let's start...

Removing the specified gkvsq. vmx virus from your computer

  1. Disconnect your computer from the network, if it is connected. Removing the network cable from your PC shoshould do the trick.
  2. Just runFixdownadup.exeWe downloaded from Symantec. it shoshould clean the virus of the PC. this works if the infection is in a low-level state. meaning you have anti-virus software already running and the infection is isolated.
  3. After scanning you shoshould see a report popup, and an option to go to Microsoft website to patch your computer with a critical security update.
  4. Restart your computer. When you're back on the desktop, check your programs/softwares if it is still running.
  5. Turn of System Restore to delete all entries, which sometimes contains remnants of the virus. To do this:
    1. Right-click my computer, select Properties.
    2. Click System Restore tab.
    3. Check 'Turn off System Restore on All Drives '. Click Apply, then OK.
    4. Restart your computer.
    5. Then, uncheck'turn off System Restore on All Drives 'to enable it again.

Removing the specified gkvsq. vmx virus from your USB device

  1. First. Start your computer on Safe Mode
    1. Shut down your computer
    2. Turn it back on, before the Windows loading screen comes up, press f8. or just press it repeatedly after starting your computer
    3. Select safe mode on the menu by pressing the arrow keys and hitting Enter.
  2. Plug your USB device. notice thatAutorun. infWon't run in safe mode.
  3. Enable the 'show den files and folders '. Instructions are listed on the symptoms section above.
  4. DeleteAutorun. infFile. It is usually located on the root of the USB drive.
  5. Delete the hidden/system folder recycler.
    1. If you can't delete it, you have to disable it's function (for external/portable hard drives ). right-click on the recycle bin icon on your desktop, then select Properties. select 'configure drives independently '. then tab to the external drive, and check 'do not move files to the recycle bin. 'Hit apply, then OK'
    2. If it is a flash drive or other USB device, use Moso force Delete, We 've downloaded earlier on this guide.

Just in case the virus registered itself on the registry. Open the run dialog box from the Start menu, then typeRegedit. Then search for the file nameJwgkvsq. vmx. If you found an entry, just press del to delete it.

If your computer is in a network, better check all the other computers connected to it. also download and install the automatic update (Microsoft Vulnerability) which I 've posted at the beginning of this post.

In extreme cases, your computer won't initiate safe mode and after using the removal tool above, your system may report a missing. dll file or something.

Credits (and for Reference refer) to these two sites:
Http://tuxvoid.blogspot.com/
Http://arpeex.blogspot.com/

For any additional support or inquiry regarding this problem, just leave a comment here, and I'll reply as soon as I can.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.