Remove Virantix Trojan, removal instructions

Virantix Trojan manual removal:

Kill processes:
WinAvX.exe, braviax.exe

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe %System%/WinAvX.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”WinAVX” = “%System%/WinAvX.exe”
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Windows\CurrentVersion\Run\”WinAVX” = “%System%/WinAvX.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”EnableBalloonTips” = “1″
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Internet Explorer\Main\”Enable Browser Extensions” = “yes”
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Internet Explorer\Main\”Search Bar” = “http://www.google.com/ie”
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”EnableBalloonTips” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoControlPanel” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”DisableRegistryTools” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”DisableTaskMgr” = “1″
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoControlPanel” = “1″
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoWindowsUpdate” = “1″
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Windows\CurrentVersion\Policies\system\”DisableRegistryTools” = “1″
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Windows\CurrentVersion\Policies\system\”DisableTaskMgr” = “1″
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com”
HKEY_USERS\S-1-5-21-1961063573-973683775-492528769-500\Software\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.google.com”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\gopher\shell\open\command\”@” = “”C:\Program Files\Internet Explorer\iexplore.exe” %1″
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command\”@” = “”C:\Program Files\Internet Explorer\iexplore.exe” %1″
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command\”@” = “”C:\Program Files\Internet Explorer\iexplore.exe” %1″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\”Epoch” = “0×000027B0″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\”Epoch” = “0×000027B0″
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\”@” = “htmlfile”

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\”%Windir%\system32\winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”%Windir%\system32\winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\”%Windir%\system32\winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”%Windir%\system32\winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\”%Windir%\system32\winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”%Windir%\system32\winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Search_URL” = “http://www.google.com/ie”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.google.com”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com”

HELP:
how to remove registry entries

Delete files:
figaro.sys, univrs32.dat, delself.bat

HELP:
how to remove harmful files

Misc:
Virantix Trojan changes your HOSTS file after infection. When removing Virantix, be sure to remove these entries from HOSTS:

192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 ar.atwola.com
192.168.200.3 atdmt.com
192.168.200.3 avp.ch
192.168.200.3 avp.com
192.168.200.3 avp.ru
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 ca.com
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 customer.symantec.com
192.168.200.3 dispatch.mcafee.com
192.168.200.3 download.mcafee.com
192.168.200.3 download.microsoft.com
192.168.200.3 downloads-us1.kaspersky-labs.com
192.168.200.3 downloads-us2.kaspersky-labs.com
192.168.200.3 downloads-us3.kaspersky-labs.com
192.168.200.3 downloads.microsoft.com
192.168.200.3 downloads1.kaspersky-labs.com
192.168.200.3 downloads2.kaspersky-labs.com
192.168.200.3 downloads3.kaspersky-labs.com
192.168.200.3 downloads4.kaspersky-labs.com
192.168.200.3 engine.awaps.net
192.168.200.3 f-secure.com
192.168.200.3 fastclick.net
192.168.200.3 ftp.avp.ch
192.168.200.3 ftp.downloads1.kaspersky-labs.com
192.168.200.3 ftp.downloads2.kaspersky-labs.com
192.168.200.3 ftp.downloads3.kaspersky-labs.com
192.168.200.3 ftp.f-secure.com
192.168.200.3 ftp.kasperskylab.ru
192.168.200.3 ftp.sophos.com
192.168.200.3 go.microsoft.com
192.168.200.3 ids.kaspersky-labs.com
192.168.200.3 kaspersky-labs.com
192.168.200.3 kaspersky.com
192.168.200.3 liveupdate.symantec.com
192.168.200.3 liveupdate.symantecliveupdate.com
192.168.200.3 mast.mcafee.com
192.168.200.3 mcafee.com
192.168.200.3 media.fastclick.net
192.168.200.3 microsoft.com
192.168.200.3 msdn.microsoft.com
192.168.200.3 my-etrust.com
192.168.200.3 nai.com
192.168.200.3 networkassociates.com
192.168.200.3 norton.com
192.168.200.3 office.microsoft.com
192.168.200.3 pandasoftware.com
192.168.200.3 phx.corporate-ir.net
192.168.200.3 rads.mcafee.com
192.168.200.3 secure.nai.com
192.168.200.3 securityresponse.symantec.com
192.168.200.3 service1.symantec.com
192.168.200.3 sophos.com
192.168.200.3 spd.atdmt.com
192.168.200.3 support.microsoft.com
192.168.200.3 symantec.com
192.168.200.3 trendmicro.com
192.168.200.3 update.symantec.com
192.168.200.3 updates.symantec.com
192.168.200.3 updates1.kaspersky-labs.com
192.168.200.3 updates2.kaspersky-labs.com
192.168.200.3 updates3.kaspersky-labs.com
192.168.200.3 updates4.kaspersky-labs.com
192.168.200.3 updates5.kaspersky-labs.com
192.168.200.3 us.mcafee.com
192.168.200.3 vil.nai.com
192.168.200.3 viruslist.com
192.168.200.3 viruslist.ru
192.168.200.3 virusscan.jotti.org
192.168.200.3 virustotal.com
192.168.200.3 windowsupdate.microsoft.com
192.168.200.3 www.avp.ch
192.168.200.3 www.avp.com
192.168.200.3 www.avp.ru
192.168.200.3 www.awaps.net
192.168.200.3 www.ca.com
192.168.200.3 www.f-secure.com
192.168.200.3 www.fastclick.net
192.168.200.3 www.grisoft.com
192.168.200.3 www.kaspersky-labs.com
192.168.200.3 www.kaspersky.com
192.168.200.3 www.kaspersky.ru
192.168.200.3 www.mcafee.com
192.168.200.3 www.microsoft.com
192.168.200.3 www.my-etrust.com
192.168.200.3 www.nai.com
192.168.200.3 www.networkassociates.com
192.168.200.3 www.pandasoftware.com
192.168.200.3 www.sophos.com
192.168.200.3 www.symantec.com
192.168.200.3 www.symantec.com
192.168.200.3 www.trendmicro.com
192.168.200.3 www.viruslist.com
192.168.200.3 www.viruslist.ru
192.168.200.3 www.virustotal.com
192.168.200.3 www3.ca.com

Remove Virantix Trojan. Description and removal instructions

Automatic Virantix Trojan removal:

Virantix Trojan manual removal:

Other programs to remove Virantix Trojan:

Additional resources related to Virantix Trojan:

Post Comment: