NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Slurk. Description and removal instructions

 
Title: Slurk
Type: Worms
Severity scale:Slurk severity is 50  (50 / 100)
 
Slurk is a worm, discovered June 6, 2007. It copies itself to all drives (removable and shared) and drops other threats on the system.

Slurk is a serious threat and should therefore be removed upon detection.

FORUM:
Discuss Slurk in
spyware removal forum

Related files: hx1.bat noruns.reg alligt.dll

Automatic Slurk removal:

remover for Slurk

Slurk manual removal:

Delete registry values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"alligt" = "%System%\severe.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"nkurls" = "%System%\alligt.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe %System%\drivers\conime.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe\"Debugger" = "%System%\drivers\nkruls.exe"
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall\"Checked Value" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDriveTypeAutoRun" = "b5"
HELP:
how to remove registry entries

Unregister DLLs:
alligt.dll
HELP:
how to unregister malicious DLLs

Delete files:
hx1.bat noruns.reg alligt.dll
HELP:
how to remove harmful files

Other programs to remove Slurk:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 21/12/07
Information updated: 21/12/07

Additional resources related to Slurk:

Attention: If you know or you have a website or page about Slurk removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Slurk parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.