NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Xema. Description and removal instructions

 
Title: Xema
Type:
Severity scale:Xema severity is 47  (47 / 100)
 
Xema is a worm that spreads through removable media. The parasite also searches for executables and infects them. It is very dangerous malware as it can download and install additional computer parasites.

Xema modifies system files and registry enters and enables itself this way to run on boot. Its first action is spreading further by use of USB thumbdrives. But the main purpose of Xema trojan is stealing various information about infected machine and sending the gathered data to a remote attacker. Xema functions secretly and it’s difficult to remove. It’s necessary to delete Xema because it puts privacy and security at risk.

FORUM:
Discuss Xema in
spyware removal forum

Related files: autorun.inf, ~WR00002.doc, ~WR00001.doc, ~INFO2, deskinf.ini, .iau, software.chk, systemevent.log, w1234.exe, c_20462.nls, c_19460.nls, c_10810.nls, msregsv.exe, serlibk.exe, shlmon.exe, windfire.exe, windfire2.exe, inter32.dll, shell64.dll, deskinf.pif

Xema properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Xema removal:

remover for Xema

Xema manual removal:

Kill processes:
windfire2.exe w1234.exe serlibk.exe windfire.exe msregsv.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
HELP:
how to remove registry entries

Unregister DLLs:
inter32.dll shell64.dll
HELP:
how to unregister malicious DLLs

Delete files:
c_10810.nls c_19460.nls c_20462.nls inter32.dll shell64.dll shlmon.exe w1234.exe serlibk.exe windfire.exe windfire2.exe msregsv.exe config\\systemevent.log config\\software.chk config\\Temporary Internet Files\\.iau \\Recycled\\deskinf.pif \\Recycled\\deskinf.ini \\Recycled\\~INFO2 \\Recycled\\~WR00001.doc \\Recycled\\~WR00002.doc \\Recycled\\windfire2.exe \\autorun.inf
HELP:
how to remove harmful files

Other programs to remove Xema:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 13/06/07
Information updated: 22/10/08

Additional resources related to Xema:

Attention: If you know or you have a website or page about Xema removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Xema parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.