NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Suclove. Description and removal instructions

 
Title: Suclove
Type: Worms
Severity scale:Suclove severity is 69  (69 / 100)
 
Suclove is a dangerous widely-spread Internet worm that propagates by e-mail in messages with infected attachments and through IRC chat networks using mIRC program. The parasite usually arrives in files that look like regular text documents, but actually have .exe extension and therefore are executable. Once the user runs such a file, Suclove secretly installs itself to the system and initiates a spreading routine. It uses Microsoft Outlook to send harmful e-mail letters to all the contacts in the Microsoft Outlook and Yahoo! Messenger address books. Suclove includes a backdoor that gives the attacker remote unauthorized access to a compromised computer and allows him to download and execute arbitrary files. The worm also disables the Registry Editor and alters essential system settings in order to hide from the user. Suclove runs on every Windows startup.

FORUM:
Discuss Suclove in
spyware removal forum

Suclove properties:
• Allows remote user connection
• Hides from the user
• Stays resident in background

Automatic Suclove removal:

remover for Suclove

Suclove manual removal:

Kill processes:
loveletter.doc.exe, winlogon.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DLL32=dllhost.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\@=C:\winlogon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\Open\Command\@="%System%\loader32.com" %1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\Shell\Open\Command\@="1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideFileExt\CheckedValue=1
HELP:
how to remove registry entries

Delete files:
loveletter.doc.exe, winlogon.exe, loader32.com, dllhost.dll, outlook.vbs, sender.vbs
HELP:
how to remove harmful files

Misc:
loveletter.doc.exe is an infected file that arrives attached to Suclove e-mail messages.

Exact file location:
loveletter.doc.exe - C:\Windows or C:\Winnt
winlogon.exe - C:
loader32.com, dllhost.dll - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
sender.vbs - C:\Program Files\Yahoo!\Messenger\Profiles

Other programs to remove Suclove:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 27/09/05
Information updated: 27/09/05

Additional resources related to Suclove:

Attention: If you know or you have a website or page about Suclove removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Suclove parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.