Posts Tagged ‘owned’

How to remove Madforelmo malware

“Madforelmo!”, you can view this at windows taskbar when you are infected with samok.vbs malware. This is a variant of sowar.vbs where your task manager and folder options where disabled plus no more run command and registry editing is disabled.

You will be annoyed when this malware changed your “Open” command in the right click menu to “b-b2g” and “Explore” command to “Owned” when you right click a drive or folder.

Registry Entries:

  • The newly created Registry Values are:
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
    • (Default) = “Owned!”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
    • (Default) = “b-b2g”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    • autoMe = “wscript.exe “%Windir%\samok.vbs”"

  • You can find the technical specifications of the virus here

How to Remove the malware manually:

1.  Google and download the tools to enable the taskmanager (Download Here) and  regedit (Download here) and Download combofix Read more…

Popularity: 100% [?]

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • MisterWong
  • MySpace
  • NewsVine
  • Reddit
  • RSS
  • Technorati
  • Tipd
  • Twitter

43 comments - What do you think?

Posted by Dens    Date: Monday, June 1, 2009

Categories: Spyware and Viruses, The Office

Tags: , , , , , , ,