AUTOMATIC REMOVAL INSTRUCTIONS
To automatically remove this malware from your system, please use Trend Micro Damage Cleanup Engine and Template.
MANUAL REMOVAL INSTRUCTIONS
Identifying the Malware Program
Before proceeding to remove this malware, first identify the malware program.
Scan your system with Trend Micro antivirus and NOTE all files detected as WORM_BADTRANS.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.
Terminating the Malware Program
This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier as WORM_BADTRANS.A.
- Open Windows Task Manager.
On Windows 9x/ME systems, press
On Windows NT/2000/XP systems, press
CTRL%20SHIFT%20ESC, and click the Processes tab.
- In the list of running programs*, locate the malware file or files detected earlier.
- Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
- Do the same for all detected malware files in the list of running processes.
- To check if the malware process has been terminated, close Task Manager, and then open it again.
- Close Task Manager.
*NOTE: On systems running Windows 9x/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
- Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
- In the left panel, double-click the following:
- In the right panel, locate and delete the entry or entries:
kernel32 = "kern32.exe"
- Close Registry Editor.
Removing Autostart Entries from System Files
A malware may modify system files so that it automatically executes at every Windows startup. These startup entries must be removed before the system can be restarted safely.
- Open System Configuration Editor. To do this, click Start>Run, type SYSEDIT, then press Enter.
- In System Configuration Editor, select the WIN.INI window.
- Under the [windows] section, locate the lines that begin with:
- From the same lines, delete the malware path and filename:
%Windows% refers to the Windows directory, usually C:\Windows or C:\WinNT.
- Close System Configuration Editor and click Yes when prompted to save.
If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as WORM_BADTRANS.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.
Trend Micro offers best-of-breed antivirus and content-security solutions for your
small and medium business,
or home PC.