 Remove Lovena. Description and removal instructions
Lovena's payload is large. The parasite disables essential system tools including Registry Editor, Task Manager and Command Prompt, turns off System Restore, modifies system settings and changes the Internet Explorer home page. The worm terminates running antiviruses, security-related software and system utilities. It also minimizes windows and kills processes of different programs, both legitimate and malicious. Lovena runs on every Windows startup. It even starts in Safe Mode. Related files: alicia.exe, emira.exe, MSCONFIG.EXE, mstry.exe, nova.exe, regedit.exe, startpage.exe, taskmgr.exe, winamp.exe, nova.scr, oldb.tmp, olde.tmp, old10.tmp, renova.htm Lovena properties: • Changes browser settings • Hides from the user • Stays resident in background Automatic Lovena removal:remover for Lovena
Lovena manual removal:Kill processes:alicia.exe, emira.exe, msconfig.exe, mstry.exe, nova.exe, regedit.exe, startpage.exe, taskmgr.exe, winamp.exe Delete registry values: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\shell HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\renova HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\renova_c HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\renova_d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\renova_e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\renova_f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\renova_g HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=explorer.exe [X]\Program Files\Common Files\renova.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=explorer.exe [X]\Program Files\Common Files\renova.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution\Options\msrun.exe\Debugger=C:\Windows\mstry.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell=C:\Program Files\Common Files\renova.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell=C:\Program Files\Common Files\renova.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell=C:\Program Files\Common Files\renova.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\AlternateShell=C:\Program Files\Common Files\renova.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr=1 HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD=0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel=0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind=1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun=0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSaveSettings=0 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig=1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR=1 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page=C:\Renova\renova.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page=C:\Renova\renova.htm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId=Renova HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName=Renova HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization=Renova HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner=Renova Delete files: alicia.exe, emira.exe, msconfig.exe, mstry.exe, nova.exe, regedit.exe, startpage.exe, taskmgr.exe, winamp.exe, nova.scr, oldb.tmp, olde.tmp, old10.tmp, renova.htm Delete directories: C:\Renova Misc: [X] is one of the following drive letters: C:, D:, E:, F:, G:. Exact file location: renova.htm - C:\Renova mstry.exe, oldb.tmp - C:\Windows winamp.exe - C:\Program Files\Winamp taskmgr.exe - C:\Windows\LastGood\System32 alicia.exe, emira.exe, msconfig.exe, nova.exe, regedit.exe, startpage.exe, olde.tmp, old10.tmp - C:\Windows\System32 The nova.scr file arrives attached to Lovena e-mail messages. Other programs to remove Lovena:• SUPERAntiSpyware - Review - Download• CounterSpy - Review - Download • Windows Defender - Review - Download Information added: 29/09/06 Information updated: 29/09/06 Additional resources related to Lovena:Attention: If you know or you have a website or page about Lovena removal, feel free to add a link to this list: add url
more resources Post Comment:Attention: Use this form only if you have additional information about Lovena parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
|
Latest spyware news:
 Malware statistics of August 2008 by Kaspersky Security Network Computers at International Space Station got infected Memory vulnerability found on Windows Vista Two reporters banned from Black Hats conference for hacking Microblogging website exploited by Brazilian hackers Phishers biting their own baits Cyber criminals start working faster 75 percent of online banking websites are insecure Malware rates keep rising up Switzerland is the most spammed country in a worldSubscribe to news 
Similar parasites:
|
FORUM:
HELP:
