FrEn

E-mail Print

cradle of filth remover. Patch for the virus cradle_of_filth.vbe
Written by Administrator  |  Friday, 18 September 2009 04:13
AddThis Social Bookmark Button
Information

A rather awkward virus, prohibits certain programs, prohibits the access to certain menus and functionalities of Windows such as the stop button, the access to the registry, thes task manager, the desktop, the files’ options etc…

Open also notepad with each starting of Windows and registered there a parody of "notre Père qui est aux cieux". Notre Gates qui est à Seattle...

The virus cradle of filth is propagated through removable drive, the virus copies periodically there two files autorun.inf and cradle_of_filth.vbe, if you remove them, these two files will go back to their places few seconds after their suppression.



File

The virus puts two files in all removable drive

  • autorun.inf
  • cradle_of_filth.vbe

The virus puts also a file in the System repertory:

  • <system>\cradle_of_filth.vbe

Registry

Creates the registry entry

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoChangeStartMenu
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoComputersNearMe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrive
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoHardwareTab
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoResolveSearch
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoShellSearchButton
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\UncheckedValue

Creates the registry entry

  • HKLM\Software\Microsoft\Command Processor\AutoRun
  • HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR

Replaces the userinit's value

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe
Must be
C:\Windows\userinit.exe,


ATTENTION This virus launches out automatically each time you open a removable disk, it is thus preferable to download this patch and to decompress it on the desktop and to launch it.
 

Comments  

 
0 #3 2010-03-28 15:46
Re-boot your computer in SAFE MODE!
To run it in Safe Mode, as soon as your computer turns on hit the F8 key (repeatedly) until a screen comes up
Choose Start computer in SAFE MODE.
Now, run the patch!!

Good luck
Quote
 
 
0 #2 2010-03-27 16:54
Impossible to "press" delete button and launch patch application
bst rgds
jm
Quote
 
 
0 #1 2009-12-22 05:43
no desktop icons
Quote
 

Add comment


Security code
Refresh

Related articles
Latest posts

  • Free malware removal tool for Guard Online

    Written by %s admin 10/10/2011
    Guard Online is a another rogue Antispyware from the OpenCloud and AV Guard Online familly, it's a malware that pretends to be an Antivirus. Guard Online conducts a fake scan of your system; you are…
    Read more...

  • Free malware removal tool to remove AV Guard Online

    Written by %s admin 05/10/2011
    AV Guard Online is a another rogue Antispyware from the OpenCloud familly, it's a malware that pretends to be an Antivirus. AV Guard Online conducts a fake scan of your system; you are warned by a…
    Read more...

  • Free removal tool to remove Security Guard 2012

    Written by %s admin 05/10/2011
    Security Guard 2012 is a another rogue Antispyware from the OpenCloud familly, it's a malware that pretends to be an Antivirus. Security Guard 2012 conducts a fake scan of your system; you are warned…
    Read more...

  • Free removal tool for Advanced PC Shield 2012

    Written by %s admin 01/10/2011
    Advanced PC Shield 2012 is a another rogue Antispyware, it's a malware that pretends to be an Antivirus. Advanced PC Shield 2012 conducts a fake scan of your system; you are warned by a fake alarm…
    Read more...

  • Security Sphere 2012 Free Removal Tool

    Written by %s admin 01/10/2011
    Security Sphere 2012 is another spyware from the Security Tool family. Security Sphere 2012 is not a legit program; it's a fake, a counterfeit. Security Sphere 2012 claims to fix your system, but…
    Read more...
.
Information | Contact

© All Rights Reserved. net-studio.org 2009