delete WORM_RANDEX.FB

xzlea

Terminating the Malware Program <br>
<br>
This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier. <br>
<br>
Open Windows Task Manager.<br>
On Windows 95/98/ME systems, press<br>
CTRL+ALT+DELETE<br>
On Windows NT/2000/XP systems, press<br>
CTRL+SHIFT+ESC, then click the Processes tab. <br>
In the list of running programs*, locate the malware file or files detected earlier. <br>
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system. <br>
Do the same for all detected malware files in the list of running processes. <br>
To check if the malware process has been terminated, close Task Manager, and then open it again. <br>
Close Task Manager. <br>
*NOTE: On systems running Windows 95/98/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions. <br>
<br>
Removing Autostart Entries from the Registry <br>
<br>
Removing autostart entries from the registry prevents the malware from executing during startup. <br>
<br>
To remove the malware autostart entries: <br>
<br>
Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter. <br>
In the left panel, double-click the following:<br>
HKEY_LOCAL_MACHINE>Software>Microsoft><br>
Windows>CurrentVersion>Run <br>
In the right panel, locate and delete the entry or entries:<br>
REMOVE ME = "asclt.exe" <br>
In the left panel, double-click the following:<br>
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows><br>
CurrentVersion>RunOnce <br>
In the right panel, locate and delete the entry or entries:<br>
REMOVE ME = "asclt.exe" <br>
In the left panel, double-click the following:<br>
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows><br>
CurrentVersion>RunServices <br>
In the right panel, locate and delete the entry or entries:<br>
REMOVE ME = "asclt.exe" <br>
In the left panel, double-click the following:<br>
HKEY_CURRENT_USER>Software>Microsoft>Windows><br>
CurrentVersion>Run <br>
In the right panel, locate and delete the entry or entries:<br>
REMOVE ME = "asclt.exe" <br>
In the left panel, double-click the following:<br>
HKEY_CURRENT_USER>Software>Microsoft>Windows><br>
CurrentVersion>Runonce <br>
In the right panel, locate and delete the entry or entries:<br>
REMOVE ME = "asclt.exe" <br>
Close Registry Editor.<br>
(by trend micro)<br>
<br>
in the end,<br>
delete the "asclt.exe" from the dic "winnt\system32\"<br>
<br>
it's ok<br>
(by xzlea)<br>
<br>
<br>