NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Lehs. Description and removal instructions

 
Title: Lehs
Type: Worms
Severity scale:Lehs severity is 80  (80 / 100)
 
Lehs is a dangerous Internet worm with a devastating payload. It spreads by e-mail in messages with infected executable attachments. These messages look like Microsoft support letters providing a patch for certain Windows vulnerabilities. Once the user executes an attached file, the parasite installs itself to the system and creates a lot of directories and infected files in different locations. Then Lehs deletes all the executables it finds in the default system directory C:\Windows\System or C:\Windows\System32. During the deletion the parasite displays numerous messages revealing its presence in the system. Lehs also can attempt to perform a DoS attack against predetermined remote hosts. The worm runs on every Windows startup.

FORUM:
Discuss Lehs in
spyware removal forum

Lehs properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Lehs removal:

remover for Lehs

Lehs manual removal:

Kill processes:
backup.exe, bin.exe, dage.exe, gadeth.exe, kern16.exe, kernel32.exe, microcorp.exe, micropackage.exe, msiinstall.exe, msishell.exe, mtk.exe, ndad.exe, notepad.exe, patch.exe, patch[X].exe, reinstall.exe, restoreshell.exe, shell.exe, splinter.exe, win-16_bit.exe, wincom.exe, windows.exe
HELP:
how to kill malicious processes

Delete files:
backup.exe, bin.exe, dage.exe, gadeth.exe, kern16.exe, kernel32.exe, microcorp.exe, micropackage.exe, msiinstall.exe, msishell.exe, mtk.exe, ndad.exe, notepad.exe, patch.exe, patch[X].exe, reinstall.exe, restoreshell.exe, shell.exe, splinter.exe, win-16_bit.exe, wincom.exe, windows.exe, msdos_3.bat
HELP:
how to remove harmful files

Delete directories:
C:\Windows\System\Sysrestore
C:\Windows\System32\Sysrestore
C:\[random name]
Misc:
[X] is a set of random characters and digits.

Lehs modifies essential configuration files of Windows 95/98/ME systems. Open the win.ini and system.ini files located in C:\Windows\System or C:\Windows\System32 folder and delete the following lines:
run=C:\Windows\System\Sysrestore\shell.exe
run=C:\Windows\System32\Sysrestore\shell.exe
run=C:\Windows\System\Sysrestore\notepad.exe
run=C:\Windows\System32\Sysrestore\notepad.exe

Locate the autoexec.bat file (it usually can be found in the root of the main hard disk - C:) and delete the following lines:
start C:\Windows\System\Sysrestore\notepad.exe
start C:\Windows\System32\Sysrestore\notepad.exe

Other programs to remove Lehs:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 19/03/04
Information updated: 01/10/05

Additional resources related to Lehs:

Attention: If you know or you have a website or page about Lehs removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Lehs parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.