How to remove Madforelmo malware
“Madforelmo!”, you can view this at windows taskbar when you are infected with samok.vbs malware. This is a variant of sowar.vbs where your task manager and folder options where disabled plus no more run command and registry editing is disabled.
You will be annoyed when this malware changed your “Open” command in the right click menu to “b-b2g” and “Explore” command to “Owned” when you right click a drive or folder.
Registry Entries:
- The newly created Registry Values are:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
- (Default) = “Owned!”
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
- (Default) = “b-b2g”
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- autoMe = “wscript.exe “%Windir%\samok.vbs”"
You can find the technical specifications of the virus here
How to Remove the malware manually:
1. Google and download the tools to enable the taskmanager (Download Here) and regedit (Download here) and Download combofix Read more…
Popularity: 100% [?]
Posted by Dens Date: Monday, June 1, 2009
Categories: Spyware and Viruses, The Office
Tags: b-b2g, madforelmo, malware, owned, removal, remove, samok.vbs, virus
