Infesting you with Virus News
 

News

Contributed by: Malcolm H.
Date: August 5, 2008
Malcolm H.
55
Vote
0

Removing Mal Otorun1 – How to Remove Mal Otorun1
 

Mal Otorun1 Explained

Mal Otorun1 is a malicious Trojan that was recently discussed in our article about how “USB Flash Drives are a perfect place for computer viruses to hide”. The unique behavior of the Mal Otorun1 is that it infects data storage devices and then replicates a virus onto any connected flash drives including USB thumb drives. As you can imagine, this parasite can easily be spread if the infected USB drive is used on another computer.

Removing Mal Otorun1

usb-flash-drives.jpgRemoval of Mal Otorun1 or Mal_Otorun1 is essential to prevent the spread of this malicious infection onto other systems or risking damage to stored data. Trend Micro has reported that Mal Otorun1 has increased the amount of infections for flash drives so you must take this Trojan infection seriously and remove it as soon as possible.

If you have noticed or identified Mal Otorun1 or MalOtorun1 on your system or on your USB flash driven then you should perform a manual remove of Mal Otorun1 or utilize an antivirus or antispyware tool to automatically detect and remove Mal Otorun1.

We recommend utilizing a reputable anti-virus or anti-spyware program that can scan, identify and remove the Mal Otorun1 Trojan. Below is the manual removal process for Mal Otorun1. The manual removal instructions are for informational purposes only. Use at your own risk.

Manual Removal of Mal Otorun1

Before attempting to manually remove Mal Otorun1 or Mal_Otorun1 it is essential to be aware that this infection may have come from a USB drive. Removing any form of the AUTORUN.INF file from an attached USB drive or flash drive may remove Mal Otorun1 completely from your infected USB drive.  

It is possible that by disabling or editing a certain registry key will neutralize autorun.inf which may stop the Mal Otorun1 infection from being spread from an infected USB Flash drive. Step number 6 below is an example of this procedure.

Please note: Disabling Autoplay may prevent any drive or removable media from being played automatically thus preventing infection or spread of Mal Otorun1 from a USB Flash drive.

  1. Find and delete the AUTORUN.INF file on the root directory of your connected USB drive or flash drive.
  2. You may need to perform a search for AUTORUN.INF on the connected drive that may be infected utilizing the search companion function.
  3. Reboot your computer into safe mode. You can do this by going to Start menu > Turn Off Computer > Restart.
  4. When your computer starts to boot press the F8 key repeatedly (once every second) until you see a menu asking if you would like to use Safe Mode or Safe Mode with networking. Select Safe Mode.
  5. Find the AUTORUN.INF file present in your C: drive directory.
    Please note: The AUTORUN.INF file may be present in your Program Files folder for a commonly used application. DO NOT delete AUTORUN.INF that is found in a program's folder that is commonly used. If you find AUTORUN.INF on your C: root directory then you may delete it.
  6. Disable Autoplay for removable drives by changing the following registry key entry value to B5: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
    Video: How to change Registry Values
    (click image for full size example)
    nodrivetypeautorun-1.jpg
  7. Restart your computer normally.
  8. This should remove the Mal Otorun1 infection which attaches itself to the AUTORUN.INF file.

If you are unsure of manually removing Mal Otorun1 then automatic removal of Mal Otorun1 may be performed utilizing a recent version of antivirus or antispyware software. It is suggested that you always run a copy of trust-worthy antispyware or antivirus software at all times to detect and remove infections such as Mal Otorun1.

Resources:
Mal_Otorun1
USB Flash Drives - A Perfect Place for Computer Viruses to Hide
How to change Registry Value

User Comments

Adam May 10, 2009
Before removing Mal_Otorun. Connect your flash drive and allow it to copy the folder "RECYCLER" and the file "Autorun.inf" (quotes not included). Delete the two target objects and click "File", "New" and then "Folder" and name the folder autorun.inf

After go to properties by right clicking the folder and select the attributes "Read only" and "Hidden". This prevents Mal_Otorun from propagating onto your flash drive.

Repeat the process for the autorun folder and do it for "RECYCLER" (quotes not included).

Mal_Otorun or W32.Dotex creates a regedit key which disables your computer into accessing safe mode. Click run and type regedit. Then, delete all of these keys:
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWin dows NTCurrentVersionImage File Execution Options360rpt.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360tray.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadam.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgentSvr.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAppSvc32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsArSwp.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAST.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautoruns.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavconsol.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrssvc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAvMonitor.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.com
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCCenter.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsccSvcHst.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsEGHOST.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFileDsty.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFTCleanerShell.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFYFireWall.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsHijackThis.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIceSword.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsiparmo.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIparmor.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsisPwdSvc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskabaload.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKaScrScn.SCR
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASMain.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASTask.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAV32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVDX.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPF.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSetup.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVStart.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKISLnchr.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMailMon.exe
"Debugger" =- "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMFilter.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32X.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPfwSvc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRegEx.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRepair.com
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKsLoader.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVCenter.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvDetect.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvfwMcl.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP_1.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvol.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvolself.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvReport.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVScan.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVSrvXP.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVStub.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvupload.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvwsc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP_1.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch9x.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatchX.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsloaddll.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsMagicSet.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmcconsol.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmqczj.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmsk.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapsvc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapw32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32krn.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32kui.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNPFMntor.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPFW.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPFWLiveUpdate.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQHSET.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQQDoctor.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQQKav.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRas.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRav.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavMon.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavMonD.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavStub.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavTask.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRegClean.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwcfg.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwmain.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwsrv.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsAgent.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsaupd.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrstrui.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsruniep.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssafelive.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsscan32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsshcfg32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSmartUp.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSREng.EXE
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssymlcsvc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSysSafe.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojanDetector.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojanwall.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojDie.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUIHost.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxAgent.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxAttachment.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxCfg.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxFwHlp.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxPol.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsupiea.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUpLive.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUSBCleaner.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsvsstat.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswebscanx.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsWoptiClean.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
Go to these keys: You will need to create these keys because Mal_Otorun has deleted these, disallowing the computer booting into safe mode. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSa feBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318 }
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlS afeBootNetwork{4D36E967-E325-11CE-BFC1-08002BE1031 8}. Follow steps by the writer after these and Mal_Otorun should be gone.
Adam May 10, 2009
Before removing Mal_Otorun. Connect your flash drive and allow it to copy the folder "RECYCLER" and the file "Autorun.inf" (quotes not included). Delete the two target objects and click "File", "New" and then "Folder" and name the folder autorun.inf

After go to properties by right clicking the folder and select the attributes "Read only" and "Hidden". This prevents Mal_Otorun from propagating onto your flash drive.

Repeat the process for the autorun folder and do it for "RECYCLER" (quotes not included).

Mal_Otorun or W32.Dotex creates a regedit key which disables your computer into accessing safe mode. Click run and type regedit. Open Regedit and go to the keys. You will need to create these keys because Mal_Otorun has deleted these, disallowing the computer booting into safe mode. Then, delete all of these keys:
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWin dows NTCurrentVersionImage File Execution Options360rpt.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360tray.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadam.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgentSvr.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAppSvc32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsArSwp.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAST.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautoruns.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavconsol.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrssvc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAvMonitor.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.com
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCCenter.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsccSvcHst.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsEGHOST.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFileDsty.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFTCleanerShell.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFYFireWall.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsHijackThis.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIceSword.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsiparmo.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIparmor.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsisPwdSvc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskabaload.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKaScrScn.SCR
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASMain.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASTask.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAV32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVDX.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPF.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSetup.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVStart.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKISLnchr.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMailMon.exe
"Debugger" =- "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMFilter.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32X.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPfwSvc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRegEx.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRepair.com
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKsLoader.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVCenter.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvDetect.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvfwMcl.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP_1.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvol.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvolself.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvReport.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVScan.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVSrvXP.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVStub.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvupload.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvwsc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP_1.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch9x.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatchX.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsloaddll.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsMagicSet.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmcconsol.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmqczj.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmsk.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapsvc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapw32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32krn.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32kui.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNPFMntor.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPFW.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPFWLiveUpdate.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQHSET.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQQDoctor.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQQKav.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRas.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRav.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavMon.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavMonD.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavStub.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavTask.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRegClean.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwcfg.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwmain.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwsrv.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsAgent.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsaupd.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrstrui.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsruniep.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssafelive.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsscan32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsshcfg32.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSmartUp.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSREng.EXE
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssymlcsvc.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSysSafe.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojanDetector.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojanwall.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojDie.kxp
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUIHost.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxAgent.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxAttachment.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxCfg.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxFwHlp.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxPol.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsupiea.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUpLive.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUSBCleaner.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsvsstat.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswebscanx.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe"
¢HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsWoptiClean.exe
"Debugger" = "%Program Files%Common FilesMicrosoft Sharedpxpfern.exe" HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSa feBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318 }
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlS afeBootNetwork{4D36E967-E325-11CE-BFC1-08002BE1031 8}. Follow steps by the writer after these and Mal_Otorun should be gone.
Justin March 6, 2009
Yes, mine is not letting me enter safe mode at all....what now?
parveen February 25, 2009
i am use regedit but virus is not be clean pls.. tell me but to do
Ray January 26, 2009
I have to mal_otorun1 in my computer.

My friend, have teh NOD32 and doens't detected the virus, I have the TRend and too detected the virus, please, can you tell me what is the correct antivirus for use, I am from Mexico, I don't speak english.
MoT January 3, 2009
I removed all autorun.inf files from my system, found no otorun files or folders but still the virus tries to copy itself over to any flash drive. This means the virus is on my machine, under a different name and location than stated in this article. My antivirus finds the autorun.inf file on the flash drive as soon as it is created, but does not find the file on my machine that is creating it.
Pls help if there is more info available!
Anathema November 24, 2008
Best antivirus is just safe usage of the internet!
Rix November 20, 2008
Article not really useful if you can't boot into safe mode or accessing msconfig automatically reboots the computer.
Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: June 13, 2009
more videos

Software Downloads

SpyHunter V.3
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

Virus:Win32/Sal .. 32/Sality.O.dl
March 17, 2010
HI more..
Trojan.Agent.IPB
March 17, 2010
Found this list of godaddy domain name coupons, I got a domain for my dog - ha $6.91 Domain... more..
Trojan.Agent.IPB
March 17, 2010
Three guys were having a beer in a bar in London. They were all relative newly-weds and they were talking... more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > Trojans > Removing Mal Otorun1 – How to Remove Mal Otorun1