How to get rid of elvy666's virus

[Marty]

http://www.threatexpert.com/report.aspx?md...9a6ec672ec63a88

 

i'll probably make a tool to check if your infected & do all this for you at a later time

 

 

1. Start up in Windows Safe Mode
   
2. Open up Task Manager and kill any processes running under your user(not system) with the following name(s): explorer.exe, iexplorer.exe, server.exe
   
3. Run the Windows Registry Editor and delete any registry values referring to "%RootDrive%\directory\CyberGate\install\server.exe":
   
   • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{X3345FLR-12IQ-3C01-1K75-CU1KOA37JVG1}
     
   • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
     
   • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
     
   • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo
     
   • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
     
   • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
     
   • HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host
     
   • HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
     
   • HKEY_CURRENT_USER\Software\ZXZ
     

[*]Go to your root drive(probably c:\) and delete the folder "directory" and its contents.

[*]Go to your appdata folder and delete a file that is named "<your computer username>log.dat"

 

and then your probably free from that scum :)

 

 

 

some known youtube channels that he posts his trash on:

http://www.youtube.com/user/woopssafty

http://www.youtube.com/user/shadowgod170 (i think?)

[vanish pk]

Don't click that link its a keylogger.

[Alex]

Don't click that link its a keylogger.

 

LOL

[Marty]

Don't click that link its a keylogger.

 

very funny

[Josh--]

Thanks but i wasn't that stupid to go onit like most people :)

[Solo]

Give this guy Admin.

[King Of Asian]

Looks good.

[Corrupt3d]

First of all why would you go through the registry looking for elvys Rat when it doesn't just add to HKLM and HKCU it also saves to the startup-folder as well as uses Active-Startup?

 

You obviously lack knowledge of such a topic and would like to act as if you know what you're talking about.

 

Last of all, you specified the default directory that CBG would save to, why would he have it save to the default directory?

 

I suggest you do some real research before attempting to inform people of something you know nothing about.

[AndyIbeat]

drama

[Nibo]

No idea what your talking about....lol

[Codie]

james ripped that kid lol. HI JUSTIN!^

[Alessandro]

lmfao destroyed by corrupted

[Hugh]

Does this work with you as well?

[Owen]

lmfao destroyed by corrupted

[dotfire]

i still like marty more

[Am0n]

Lets go fishing =] Yes fishing

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

For turtles.

[trib]

or just pm him if your friends with him =]

[P0ke N Die]

I clicked link, am I keylogged?

[Ryan-]

ur all **** grow the hell up

[Evan]

First of all why would you go through the registry looking for elvys Rat when it doesn't just add to HKLM and HKCU it also saves to the startup-folder as well as uses Active-Startup?

 

You obviously lack knowledge of such a topic and would like to act as if you know what you're talking about.

 

Last of all, you specified the default directory that CBG would save to, why would he have it save to the default directory?

 

I suggest you do some real research before attempting to inform people of something you know nothing about.

 

 

Oh god

[Corrupt3d]

First of all why would you go through the registry looking for elvys Rat when it doesn't just add to HKLM and HKCU it also saves to the startup-folder as well as uses Active-Startup?

 

You obviously lack knowledge of such a topic and would like to act as if you know what you're talking about.

 

Last of all, you specified the default directory that CBG would save to, why would he have it save to the default directory?

 

I suggest you do some real research before attempting to inform people of something you know nothing about.

 

 

Oh god

 

wat.

[Darker]

gf elvy ^_^

[Martin]

First of all why would you go through the registry looking for elvys Rat when it doesn't just add to HKLM and HKCU it also saves to the startup-folder as well as uses Active-Startup?

 

You obviously lack knowledge of such a topic and would like to act as if you know what you're talking about.

 

Last of all, you specified the default directory that CBG would save to, why would he have it save to the default directory?

 

I suggest you do some real research before attempting to inform people of something you know nothing about.

 

 

Oh god

 

wat.

 

inb4 skiddie

[Mich-ae-l]

Thanks for helping me get rid of the virus!!11!11!11one11!1!

[Omni]

You kids and your computer chats, it's so adorable. Maybe if you all actually knew what you were talking about it wouldn't be about RuneScape and you'd actually be on a real Forum.