How to remove W32.Almanahe.B worm

[Arun Kumar]

Hi all,

My NAV, 2005 detected C:/Windows/Linkinfo.dll file corrupted with W32.Almanahe.B!inf virus. It says Unable to repair the file. I have searched the removal method from NAV website. But while trying to edit the registry entries, I could not find the entry values mentioned in removal method. So unable to edit the registry etntries. Could any body tell me alternate way to remove the virus. Thanks in anticipation of quick help.

 

[Arun Kumar]

No response I desperately need the solution. Pleeeeeeeeeeease help me out.

 

[Choto Cheeta]

Disable System restore and delete if NAV fails to heal it..

 

[kpmsivachand]

Try any antivirus like avast,bit defender... Try in safe mode deletion

 

[nach p]

yup either use avg or nod
or use online scanning facility by avast ,kasparky etc

 

[Tech.Masti]

Ya try some online scanning service.

 

[ico]

Try Kaspersky 7 or NOD32

 

[nvidia]

Visit this place
Symantec
there is a detailed description of the virus and the process to remove it.
If it doesnt help then try
Google

 

[Arun Kumar]

Thanks a lot u all for ur advice.

nvidia8800: I had earlier tried the solution given there. But could not go further beyond these steps: -

Navigate to and delete the following entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C111980D-B372-44b4-8095-1B6060E8C647}\InprocServer32\"(Default)" = "C:\WINDOWS\AppPatch\deamon.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C111980D-B372-44b4-8095-1B6060E8C647}\ThreadingModel\"(Default)" = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Miscrosoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"DL5" = "{C111980D-B372-44b4-8095-1B6060E8C647}"


Navigate to and delete the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SynTPS


Exit the Registry Editor.
5. To find and stop the service

Click Start > Run.
Type services.msc, and then click OK.
Locate and select the service that was detected.
Click Action > Properties.
Click Stop.
Change Startup Type to Manual.
Click OK and close the Services window.
Restart the computer.

as I could not find such registry entries and also could not understand what services it is talking about. Any suggestions?

 

[zyberboy]

hav u tried manually deleting the file?

 

[Arun Kumar]

zyberboy: Is it safe to delete the file. Path of file is C:/Windows/system32/linkinfo.dll

Can anybody tell me what the file is about. Will deleting it makes any problem in working of Windows as it seems system file.

 

[MetalheadGautham]

try Ultimate Boot CD for Windows. its the best solution.

 

[anandk]

The legit MS linkinfo.dll resides in the System32 folder. Yours is in the Windows folder. Go ahead and delete it. Use Winpatrol or Delete Doctor to delete it on reboot. Run CCleaner after that to clear the Reg entries.

If you want to re-check, rt-click on this files properties and / or get it scanned at jotti.

 

[Arun Kumar]

Thanks a lot anandk and others for suggesting me solutions.

Anandk: Thanks. It worked. I had used DeleteDoctor and CCleaner to get rid of file.