Rahiwi - Description  Browse by name    | misc | a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z | Description: Rahiwi is a worm that spreads removable media, mapped network drives and also by copying itself to local disks. The parasite changes Internet Explorer default home and search pages, modifies web browser window titles, screen saver settings and various system settings. It also disables Registry Editor, Task Manager and Command Prompt. Furthermore, Rahiwi attempts to terminate active antiviruses, security-related tools and some other programs. It secretly runs on every Windows startup and every time executables or batch files are launched. The worm also loads in Windows Safe Mode. Alias: Category: Worm Automatic Removal: Most effective removal tool is: Easy SpyRemover Manual Removal: Stop Runnin Processes: cute.exe data_rahasia administrator.exe iexplorer.exe imoet.exe shell.exe smss.exe tiwi.exe tiwi_cute.exe winlogon.exe Unregister DLLs: Clean Registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msmsgs HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\tiwi HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LogonAdministrator HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Monitoring HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=%System%\userinit.exe,%System%\iexplorer.exe HKEY_CLASSES_ROOT\batfile\Shell\Open\Command\(Default)=%System%\shell.exe "%1" %*” HKEY_CLASSES_ROOT\comfile\Shell\Open\Command\(Default)=%System%\shell.exe" "%1" %*” HKEY_CLASSES_ROOT\exefile\Shell\Open\Command\(Default)=%System%\shell.exe" "%1" %*” HKEY_CLASSES_ROOT\inffile\Shell\Install\Command\(Default)=%System%\shell.exe" "%1" %*” HKEY_CLASSES_ROOT\lnkfile\Shell\Open\Command\(Default)=%System%\shell.exe" "%1" %*” HKEY_CLASSES_ROOT\piffile\shell\Open\Command\(Default)=%System%\shell.exe" "%1" %*” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell=%Windir%\tiwi.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger=%System%\shell.exe HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE=%Windir%\system32tiwi.scr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption=[string1] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr=1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispSettingsPage=1 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD=1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductID=[string2] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName=[string3] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization=[string4] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner=[string5] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText=[string6] Remove Files: cute.exe data_rahasia administrator.exe iexplorer.exe imoet.exe shell.exe smss.exe tiwi.exe tiwi_cute.exe winlogon.exe rpcss.dll empty.pif tiwi.scr		Latest Spyware Threats     Comodo Trust Toolbar     XP Antispyware 2009     Antivirus 2010     Freview     RegistryGreat     XPAntivirus     Windows Antivirus 2008     IE AntiVirus     SpywareQuake 4     Antivirus XP     SecurePCCleaner     Trojan.FakeAlert More...