PUA_Sasquor

To delete the registry key this malware/grayware created:

1. Open Registry Editor.
   » For Windows 2000, Windows XP, and Windows Server 2003 users, click Start>Run, type regedit in the text box provided, and then press Enter.
   » For Windows Vista, Windows 7, and Windows Server 2008 users, click the Start button, type regedit in the Search input field then press Enter.
   » For Windows 8, Windows 8.1, and Windows Server 2012 users, right-click on the lower left corner of the screen, click Run, type regedit in the text box provided, and then press Enter.
2. In the left panel, double-click the following:
   hkey_local_machine>software>microsoft>esent>process
3. Still in the left panel, locate and delete the key:
   {malware file name}
4. In the left panel, double-click the following:
   hkey_local_machine>software>microsoft>esent>process>{malware file name}
5. Still in the left panel, locate and delete the key:
   debug
6. In the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Installer
7. Still in the left panel, locate and delete the key:
   InProgress
8. In the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Installer>Rollback
9. Still in the left panel, locate and delete the key:
   Scripts
10. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components
11. Still in the left panel, locate and delete the key:
    F32566D2C1A15D258CD2886A5FE65611
12. Again Still in the left panel, locate and delete the key:
    4B1A85EE0B1113F03A43F3633FC1097E
13. Again Still in the left panel, locate and delete the key:
    9A06B67C5B71E0229D9DB3DA9F413DCE
14. Again Still in the left panel, locate and delete the key:
    6C84BCCB56C80E904F168AC72BA0CC8F
15. Again Still in the left panel, locate and delete the key:
    44E10F7B65FFBDC6F2C7EC961CC4E6FF
16. Again Still in the left panel, locate and delete the key:
    75489DB7067AD2FB6CEB32263D085370
17. Again Still in the left panel, locate and delete the key:
    A10F67DDF71B685DA5131EA3147961B7
18. Again Still in the left panel, locate and delete the key:
    67418ACCF1E3018F5C1F2737C9536FD5
19. Again Still in the left panel, locate and delete the key:
    66A3A12EC88C6762A5951FC8D056D507
20. Again Still in the left panel, locate and delete the key:
    1EB0D09D105CABCB19CAA60EF650CDF2
21. Again Still in the left panel, locate and delete the key:
    201BBF441F3AF77DCE7849159F9FC225
22. Again Still in the left panel, locate and delete the key:
    3EF64958B490A8A813D6FAA9797F3CBB
23. Again Still in the left panel, locate and delete the key:
    091417CD589D17BFFE41F439404564A2
24. Again Still in the left panel, locate and delete the key:
    D7C740408CE4573BD9AFFBBFFC0DDD78
25. Again Still in the left panel, locate and delete the key:
    33B587F08FFBE3323D7CC3A6E0FDE748
26. Again Still in the left panel, locate and delete the key:
    48AFA3CEAA852FD44C1A8D0E9A4E67A2
27. Again Still in the left panel, locate and delete the key:
    5DB9B9FDCF29176B4A3E145BD7B90B2F
28. Again Still in the left panel, locate and delete the key:
    7AB3CF5644132D0B6E3CE72A8BB3D37A
29. Again Still in the left panel, locate and delete the key:
    47777C87A7B3477ECA4466B00713FB4D
30. Again Still in the left panel, locate and delete the key:
    52CF5F71D2CA50F19B0B5B5B94FB083E
31. Again Still in the left panel, locate and delete the key:
    A4174B2F749380D522F84E050D97B8AC
32. Again Still in the left panel, locate and delete the key:
    16C0F30491F3E7610D9FF0694E9EBD90
33. Again Still in the left panel, locate and delete the key:
    BCA4CCCFE1F41DBC7605BC0A93EAD6F0
34. Again Still in the left panel, locate and delete the key:
    50C3E8F161115450BC95D4A867239412
35. Again Still in the left panel, locate and delete the key:
    5A0C62E5E28110ECD79357EC7B28CE06
36. Again Still in the left panel, locate and delete the key:
    A18938C1B189405A26B533F56B311843
37. Again Still in the left panel, locate and delete the key:
    E776B9D4EC304733C04B28C6FC8CFC99
38. Again Still in the left panel, locate and delete the key:
    F09B0616DD97AD2DE5A717C8BD176E70
39. Again Still in the left panel, locate and delete the key:
    6BEF29B8BFF602C1B1F1886B0F1EFA28
40. Again Still in the left panel, locate and delete the key:
    79F184906D5FAA2837E31036276D3520
41. Again Still in the left panel, locate and delete the key:
    42CD96D6C2D937962FE7ACC8B63D4E19
42. Again Still in the left panel, locate and delete the key:
    5EE356F4C55B21C26C9E01200E6F3518
43. Again Still in the left panel, locate and delete the key:
    2265783AB350FF6FBF0A6FCB7FFC3EBA
44. Again Still in the left panel, locate and delete the key:
    94CE0AF6E5E5EC775388942C15558DFC
45. Again Still in the left panel, locate and delete the key:
    1B56275EDF932276BE64060476D7D110
46. Again Still in the left panel, locate and delete the key:
    AF27465CAF64CC1DB5585E950BF1F843
47. Again Still in the left panel, locate and delete the key:
    3DD38CDF50F9BA8942AB0C19B7BC76C3
48. Again Still in the left panel, locate and delete the key:
    6A2C63A4EC815D44007110049B8686FD
49. Again Still in the left panel, locate and delete the key:
    9A7393D03D5504AABA95BC63FF69FC90
50. Again Still in the left panel, locate and delete the key:
    819F2BBA6DFF9D152436A978134779FA
51. Again Still in the left panel, locate and delete the key:
    9F3600890788BC092D45407A1FE60E45
52. Again Still in the left panel, locate and delete the key:
    8649C6E61720F5E9611756CD5ADB918C
53. Again Still in the left panel, locate and delete the key:
    EA341A350898696EFF10B853EF61C269
54. Again Still in the left panel, locate and delete the key:
    5463491B4A5EB719724C1F03181EC411
55. Again Still in the left panel, locate and delete the key:
    A8D65762DB264D5B790028D4ECE066D5
56. Again Still in the left panel, locate and delete the key:
    84D706D7A34527F07695465EB1755364
57. Again Still in the left panel, locate and delete the key:
    E72E6EE9DDC855685C1331401EE3E2CE
58. Again Still in the left panel, locate and delete the key:
    060D751A7FF798DD00AAE63CE6664476
59. Again Still in the left panel, locate and delete the key:
    ACDE2121DCC5556D8FA69FD102E14D20
60. Again Still in the left panel, locate and delete the key:
    C174F15F9C2F6D4214F74A26D3108E50
61. Again Still in the left panel, locate and delete the key:
    1AB32D8C4BC484AA05F677A2C7E95DE6
62. Again Still in the left panel, locate and delete the key:
    9A6455FDD581C76AD09A05E628B3C3D7
63. Again Still in the left panel, locate and delete the key:
    14AC73E838CA508220E997A0C303214E
64. Again Still in the left panel, locate and delete the key:
    936563F2143659636BFE2EDB99D72560
65. Again Still in the left panel, locate and delete the key:
    1B98FE5440C41FFFD2E848794B0C6E60
66. Again Still in the left panel, locate and delete the key:
    48FEE1B6A36C5DD1621E27E7FDB5D7C1
67. Again Still in the left panel, locate and delete the key:
    6E92991B0D1B91BE81642769533653FA
68. Again Still in the left panel, locate and delete the key:
    77A0A046F0C2B5BAC70F676F11D6A1ED
69. Again Still in the left panel, locate and delete the key:
    DA6A123DF677AA1061E700E2F232A1D6
70. Again Still in the left panel, locate and delete the key:
    57B055120139CB95AF199D0A322754B9
71. Again Still in the left panel, locate and delete the key:
    26639C04B5A8C83570A8BD92ECD74F1E
72. Again Still in the left panel, locate and delete the key:
    C8B86376095CDD569DD101CF2FA2D196
73. Again Still in the left panel, locate and delete the key:
    976739163F59336088C747E7846E52FE
74. Again Still in the left panel, locate and delete the key:
    A9E69FED7C7E48F3D322AD5272341DF5
75. Again Still in the left panel, locate and delete the key:
    2DEFCBA638B65D330E8ADCC3D8F154C5
76. Again Still in the left panel, locate and delete the key:
    3CADD814C61E2C745BEFF4CBBAE0010D
77. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Products>3CADD814C61E2C745BEFF4CBBAE0010D
78. Still in the left panel, locate and delete the key:
    InstallProperties
79. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Uninstall
80. Still in the left panel, locate and delete the key:
    {418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
81. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Installer>UpgradeCodes
82. Still in the left panel, locate and delete the key:
    59F9B1BAE01B311409E978015D938349
83. Again Still in the left panel, locate and delete the key:
    Usage
84. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>Installer>Features
85. Still in the left panel, locate and delete the key:
    3CADD814C61E2C745BEFF4CBBAE0010D
86. Again Still in the left panel, locate and delete the key:
    Features
87. Again Still in the left panel, locate and delete the key:
    Patches
88. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>Installer>Products
89. Still in the left panel, locate and delete the key:
    3CADD814C61E2C745BEFF4CBBAE0010D
90. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>Installer>UpgradeCodes
91. Still in the left panel, locate and delete the key:
    59F9B1BAE01B311409E978015D938349
92. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>Installer>Products>3CADD814C61E2C745BEFF4CBBAE0010D
93. Still in the left panel, locate and delete the key:
    SourceList
94. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>Installer>Products>3CADD814C61E2C745BEFF4CBBAE0010D>SourceList
95. Still in the left panel, locate and delete the key:
    Net
96. Again Still in the left panel, locate and delete the key:
    Media
97. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>ESENT>Process
98. Still in the left panel, locate and delete the key:
    ed2k
99. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>ESENT>Process>ed2k
100. Still in the left panel, locate and delete the key:
     DEBUG
101. Close Registry Editor.

To delete the registry value this malware/grayware created:

1. Open Registry Editor.
   » For Windows 2000, Windows XP, and Windows Server 2003 users, click Start>Run, type regedit in the text box provided, and then press Enter.
   » For Windows Vista, Windows 7, and Windows Server 2008 users, click the Start button, type regedit in the Search input field then press Enter.
   » For Windows 8, Windows 8.1, and Windows Server 2012 users, right-click on the lower-left corner of the screen, click Run, type regedit in the text box provided, and then press Enter.
2. In the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>Rollback>Scripts
3. In the right panel, locate and delete the entry:
   %System Root%\Config.Msi\12420.rbs = "498788dc"
4. In the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>F32566D2C1A15D258CD2886A5FE65611
5. In the right panel, locate and delete the entry:
   3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\pt_PT\amule.mo"
6. In the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>4B1A85EE0B1113F03A43F3633FC1097E
7. In the right panel, locate and delete the entry:
   3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\et_EE\amule.mo"
8. In the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>9A06B67C5B71E0229D9DB3DA9F413DCE
9. In the right panel, locate and delete the entry:
   3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\el\amule.mo"
10. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>6C84BCCB56C80E904F168AC72BA0CC8F
11. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\ca\amule.mo"
12. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>44E10F7B65FFBDC6F2C7EC961CC4E6FF
13. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\skins\Mac_Gray.zip"
14. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>75489DB7067AD2FB6CEB32263D085370
15. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\amule.conf"
16. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>A10F67DDF71B685DA5131EA3147961B7
17. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\de\amule.mo"
18. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>67418ACCF1E3018F5C1F2737C9536FD5
19. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\cs\amule.mo"
20. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>66A3A12EC88C6762A5951FC8D056D507
21. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\server.met"
22. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>1EB0D09D105CABCB19CAA60EF650CDF2
23. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\clients.met"
24. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>201BBF441F3AF77DCE7849159F9FC225
25. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\he\amule.mo"
26. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>3EF64958B490A8A813D6FAA9797F3CBB
27. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\emfriends.met"
28. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>091417CD589D17BFFE41F439404564A2
29. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\logfile"
30. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>D7C740408CE4573BD9AFFBBFFC0DDD78
31. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\eu\amule.mo"
32. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>33B587F08FFBE3323D7CC3A6E0FDE748
33. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\it_CH\amule.mo"
34. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>48AFA3CEAA852FD44C1A8D0E9A4E67A2
35. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\docs\README.txt"
36. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>5DB9B9FDCF29176B4A3E145BD7B90B2F
37. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\lastversion"
38. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>7AB3CF5644132D0B6E3CE72A8BB3D37A
39. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\it\amule.mo"
40. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>47777C87A7B3477ECA4466B00713FB4D
41. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\docs\TODO"
42. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>52CF5F71D2CA50F19B0B5B5B94FB083E
43. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\shareddir.dat"
44. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>A4174B2F749380D522F84E050D97B8AC
45. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\uk\amule.mo"
46. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>16C0F30491F3E7610D9FF0694E9EBD90
47. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\cryptkey.dat"
48. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>BCA4CCCFE1F41DBC7605BC0A93EAD6F0
49. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\ar\amule.mo"
50. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>50C3E8F161115450BC95D4A867239412
51. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\amule.ico"
52. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>5A0C62E5E28110ECD79357EC7B28CE06
53. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\known.met"
54. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>A18938C1B189405A26B533F56B311843
55. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\fr\amule.mo"
56. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>E776B9D4EC304733C04B28C6FC8CFC99
57. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\skins\gnome.zip"
58. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>F09B0616DD97AD2DE5A717C8BD176E70
59. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\ipfilter_static.dat"
60. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>6BEF29B8BFF602C1B1F1886B0F1EFA28
61. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\sq\amule.mo"
62. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>79F184906D5FAA2837E31036276D3520
63. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\hu\amule.mo"
64. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>42CD96D6C2D937962FE7ACC8B63D4E19
65. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\gl\amule.mo"
66. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>5EE356F4C55B21C26C9E01200E6F3518
67. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\tr\amule.mo"
68. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>2265783AB350FF6FBF0A6FCB7FFC3EBA
69. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\skins\priscilla.zip"
70. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>94CE0AF6E5E5EC775388942C15558DFC
71. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\pt_BR\amule.mo"
72. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>1B56275EDF932276BE64060476D7D110
73. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\ipfilter.dat"
74. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>AF27465CAF64CC1DB5585E950BF1F843
75. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\skins\xfce.zip"
76. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>3DD38CDF50F9BA8942AB0C19B7BC76C3
77. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\skins\kde4.zip"
78. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>6A2C63A4EC815D44007110049B8686FD
79. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\zh_CN\amule.mo"
80. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>9A7393D03D5504AABA95BC63FF69FC90
81. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\pl\amule.mo"
82. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>819F2BBA6DFF9D152436A978134779FA
83. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\ko_KR\amule.mo"
84. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>9F3600890788BC092D45407A1FE60E45
85. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\skins\tango.zip"
86. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>8649C6E61720F5E9611756CD5ADB918C
87. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\fi\amule.mo"
88. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>EA341A350898696EFF10B853EF61C269
89. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\zh_TW\amule.mo"
90. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>5463491B4A5EB719724C1F03181EC411
91. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\docs\amulesig.txt"
92. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>A8D65762DB264D5B790028D4ECE066D5
93. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\docs\AUTHORS.txt"
94. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>84D706D7A34527F07695465EB1755364
95. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\docs\Changelog.txt"
96. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>E72E6EE9DDC855685C1331401EE3E2CE
97. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\hr\amule.mo"
98. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>060D751A7FF798DD00AAE63CE6664476
99. In the right panel, locate and delete the entry:
    3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\bg\amule.mo"
100. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>ACDE2121DCC5556D8FA69FD102E14D20
101. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\nn\amule.mo"
102. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>C174F15F9C2F6D4214F74A26D3108E50
103. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\lt\amule.mo"
104. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>1AB32D8C4BC484AA05F677A2C7E95DE6
105. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\ed2k.exe"
106. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>9A6455FDD581C76AD09A05E628B3C3D7
107. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\ru\amule.mo"
108. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>14AC73E838CA508220E997A0C303214E
109. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\sv\amule.mo"
110. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>936563F2143659636BFE2EDB99D72560
111. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\da\amule.mo"
112. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>1B98FE5440C41FFFD2E848794B0C6E60
113. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\es\amule.mo"
114. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>48FEE1B6A36C5DD1621E27E7FDB5D7C1
115. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\aMule.exe"
116. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>6E92991B0D1B91BE81642769533653FA
117. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\nl\amule.mo"
118. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>77A0A046F0C2B5BAC70F676F11D6A1ED
119. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\docs\EC_Protocol.txt"
120. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>DA6A123DF677AA1061E700E2F232A1D6
121. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\ast\amule.mo"
122. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>57B055120139CB95AF199D0A322754B9
123. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\ja\amule.mo"
124. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>26639C04B5A8C83570A8BD92ECD74F1E
125. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\known2_64.met"
126. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>C8B86376095CDD569DD101CF2FA2D196
127. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\docs\license.txt"
128. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>976739163F59336088C747E7846E52FE
129. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\en_GB\amule.mo"
130. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>A9E69FED7C7E48F3D322AD5272341DF5
131. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%\amuleC\locale\sl\amule.mo"
132. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>2DEFCBA638B65D330E8ADCC3D8F154C5
133. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%User Profile%\aMule\preferences.dat"
134. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Components>3CADD814C61E2C745BEFF4CBBAE0010D
135. In the right panel, locate and delete the entry:
     3CADD814C61E2C745BEFF4CBBAE0010D = "%Program Files%"
136. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Products>3CADD814C61E2C745BEFF4CBBAE0010D>InstallProperties
137. In the right panel, locate and delete the entry:
     LocalPackage = "%Windows%\Installer\12421.msi"
138. Again In the right panel, locate and delete the entry:
     Contact = "amuleC"
139. Again In the right panel, locate and delete the entry:
     DisplayVersion = "1.0.0"
140. Again In the right panel, locate and delete the entry:
     InstallDate = "20161207"
141. Again In the right panel, locate and delete the entry:
     InstallSource = "%User Temp%"
142. Again In the right panel, locate and delete the entry:
     ModifyPath = "MsiExec.exe /I{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}"
143. Again In the right panel, locate and delete the entry:
     Publisher = "amuleC"
144. Again In the right panel, locate and delete the entry:
     EstimatedSize = "268"
145. Again In the right panel, locate and delete the entry:
     UninstallString = "MsiExec.exe /I{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}"
146. Again In the right panel, locate and delete the entry:
     VersionMajor = "1"
147. Again In the right panel, locate and delete the entry:
     VersionMinor = "0"
148. Again In the right panel, locate and delete the entry:
     WindowsInstaller = "1"
149. Again In the right panel, locate and delete the entry:
     Version = "1"
150. Again In the right panel, locate and delete the entry:
     Language = "49"
151. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Uninstall>{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
152. In the right panel, locate and delete the entry:
     Contact = "amuleC"
153. Again In the right panel, locate and delete the entry:
     DisplayVersion = "1.0.0"
154. Again In the right panel, locate and delete the entry:
     InstallDate = "20161207"
155. Again In the right panel, locate and delete the entry:
     InstallSource = "%User Temp%"
156. Again In the right panel, locate and delete the entry:
     ModifyPath = "MsiExec.exe /I{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}"
157. Again In the right panel, locate and delete the entry:
     Publisher = "amuleC"
158. Again In the right panel, locate and delete the entry:
     EstimatedSize = "268"
159. Again In the right panel, locate and delete the entry:
     UninstallString = "MsiExec.exe /I{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}"
160. Again In the right panel, locate and delete the entry:
     VersionMajor = "1"
161. Again In the right panel, locate and delete the entry:
     VersionMinor = "0"
162. Again In the right panel, locate and delete the entry:
     WindowsInstaller = "1"
163. Again In the right panel, locate and delete the entry:
     Version = "1"
164. Again In the right panel, locate and delete the entry:
     Language = "49"
165. Again In the right panel, locate and delete the entry:
     DisplayName = "amuleC"
166. Again In the right panel, locate and delete the entry:
     DisplayName = "amuleC"
167. In the left panel, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Installer>UserData>S-1-5-21-1645522239-1292428093-682003330-1003>Products>3CADD814C61E2C745BEFF4CBBAE0010D>Features
168. In the right panel, locate and delete the entry:
     DefaultFeature = "{random characters}"
169. In the left panel, double-click the following:
     HKEY_CURRENT_USER>Software>Microsoft>Installer>Products>3CADD814C61E2C745BEFF4CBBAE0010D
170. In the right panel, locate and delete the entry:
     ProductName = "amuleC"
171. Again In the right panel, locate and delete the entry:
     PackageCode = "5BD7E97D6632D2B4582098357EE39071"
172. Again In the right panel, locate and delete the entry:
     Language = "49"
173. Again In the right panel, locate and delete the entry:
     Version = "1"
174. Again In the right panel, locate and delete the entry:
     Assignment = "0"
175. Again In the right panel, locate and delete the entry:
     AdvertiseFlags = "184"
176. Again In the right panel, locate and delete the entry:
     InstanceType = "0"
177. Again In the right panel, locate and delete the entry:
     AuthorizedLUAApp = "0"
178. In the left panel, double-click the following:
     HKEY_CURRENT_USER>Software>Microsoft>Installer>Products>3CADD814C61E2C745BEFF4CBBAE0010D>SourceList
179. In the right panel, locate and delete the entry:
     PackageName = "am_1.tmp"
180. In the left panel, double-click the following:
     HKEY_CURRENT_USER>Software>Microsoft>Installer>Products>3CADD814C61E2C745BEFF4CBBAE0010D>SourceList>Net
181. In the right panel, locate and delete the entry:
     1 = "%User Temp%"
182. In the left panel, double-click the following:
     HKEY_CURRENT_USER>Software>Microsoft>Installer>Products>3CADD814C61E2C745BEFF4CBBAE0010D>SourceList>Media
183. In the right panel, locate and delete the entry:
     1 = ";"
184. Again In the right panel, locate and delete the entry:
     LastUsedSource = "n;1;%User Temp%"
185. Close Registry Editor.

To restore registry values this malware/grayware modified:

1. Open Registry Editor. To do this:
   
   • On Windows 2000, XP, and Server 2003:
     Click Start>Run, type REGEDIT in the text box provided, and then press Enter.
   • On Windows Vista, 7, and Server 2008:
     Click the Start button, type REGEDIT in the Search input field then press Enter.
   • On Windows 8, 8.1, and Server 2012:
     Right-click on the lower left corner of the screen and click Run, type REGEDIT in the Run input field, and then press Enter.
2. In the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>SYSTEM>ControlSet001>Services>Eventlog>Application>ESENT
3. In the right panel, locate the registry value:
   EventMessageFile = "%System%\ESENT.dll"
4. Right-click on the value name and choose Modify. Change the value data of this entry to:
   EventMessageFile = "{random values}"
5. Again In the right panel, locate the registry value:
   CategoryMessageFile = "%System%\ESENT.dll"
6. Right-click on the value name and choose Modify. Change the value data of this entry to:
   CategoryMessageFile = "{random values}"
7. Again In the right panel, locate the registry value:
   CategoryCount = "1"
8. Right-click on the value name and choose Modify. Change the value data of this entry to:
   CategoryCount = "10"
9. Again In the right panel, locate the registry value:
   TypesSupported = "7"
10. Right-click on the value name and choose Modify. Change the value data of this entry to:
    TypesSupported = "7"
11. Close Registry Editor.

To manually delete a malware/grayware file from an affected system:

• For Windows 2000, Windows XP, and Windows Server 2003:

1. Right-click Start then click Search....
2. In the File name* input box, type the following:
   
   • %User Temp%\am_1.tmp
   • %Windows%\Installer\1241d.msi
   • %Windows%\Installer\1241f.ipi
   • %Windows%\Installer\MSIB.tmp
   • %System Root%\Config.Msi\12420.rbs
   • %Program Files%\amuleC\locale\pt_PT\amule.mo
   • %Program Files%\amuleC\locale\et_EE\amule.mo
   • %Program Files%\amuleC\locale\el\amule.mo
   • %Program Files%\amuleC\locale\ca\amule.mo
   • %Program Files%\amuleC\skins\Mac_Gray.zip
   • %User Profile%\aMule\amule.conf
   • %Program Files%\amuleC\locale\de\amule.mo
   • %Program Files%\amuleC\locale\cs\amule.mo
   • %User Profile%\aMule\server.met
   • %User Profile%\aMule\clients.met
   • %Program Files%\amuleC\locale\he\amule.mo
   • %User Profile%\aMule\emfriends.met
   • %User Profile%\aMule\logfile
   • %Program Files%\amuleC\locale\eu\amule.mo
   • %Program Files%\amuleC\locale\it_CH\amule.mo
   • %Program Files%\amuleC\docs\README.txt
   • %User Profile%\aMule\lastversion
   • %Program Files%\amuleC\locale\it\amule.mo
   • %Program Files%\amuleC\docs\TODO
   • %User Profile%\aMule\shareddir.dat
   • %Program Files%\amuleC\locale\uk\amule.mo
   • %User Profile%\aMule\cryptkey.dat
   • %Program Files%\amuleC\locale\ar\amule.mo
   • %Program Files%\amuleC\amule.ico
   • %User Profile%\aMule\known.met
   • %Program Files%\amuleC\locale\fr\amule.mo
   • %Program Files%\amuleC\skins\gnome.zip
   • %User Profile%\aMule\ipfilter_static.dat
   • %Program Files%\amuleC\locale\sq\amule.mo
   • %Program Files%\amuleC\locale\hu\amule.mo
   • %Program Files%\amuleC\locale\gl\amule.mo
   • %Program Files%\amuleC\locale\tr\amule.mo
   • %Program Files%\amuleC\skins\priscilla.zip
   • %Program Files%\amuleC\locale\pt_BR\amule.mo
   • %User Profile%\aMule\ipfilter.dat
   • %Program Files%\amuleC\skins\xfce.zip
   • %Program Files%\amuleC\skins\kde4.zip
   • %Program Files%\amuleC\locale\zh_CN\amule.mo
   • %Program Files%\amuleC\locale\pl\amule.mo
   • %Program Files%\amuleC\locale\ko_KR\amule.mo
   • %Program Files%\amuleC\skins\tango.zip
   • %Program Files%\amuleC\locale\fi\amule.mo
   • %Program Files%\amuleC\locale\zh_TW\amule.mo
   • %Program Files%\amuleC\docs\amulesig.txt
   • %Program Files%\amuleC\docs\AUTHORS.txt
   • %Program Files%\amuleC\docs\Changelog.txt
   • %Program Files%\amuleC\locale\hr\amule.mo
   • %Program Files%\amuleC\locale\bg\amule.mo
   • %Program Files%\amuleC\locale\nn\amule.mo
   • %Program Files%\amuleC\locale\lt\amule.mo
   • %Program Files%\amuleC\ed2k.exe
   • %Program Files%\amuleC\locale\ru\amule.mo
   • %Program Files%\amuleC\locale\sv\amule.mo
   • %Program Files%\amuleC\locale\da\amule.mo
   • %Program Files%\amuleC\locale\es\amule.mo
   • %Program Files%\amuleC\aMule.exe
   • %Program Files%\amuleC\locale\nl\amule.mo
   • %Program Files%\amuleC\docs\EC_Protocol.txt
   • %Program Files%\amuleC\locale\ast\amule.mo
   • %Program Files%\amuleC\locale\ja\amule.mo
   • %User Profile%\aMule\known2_64.met
   • %Program Files%\amuleC\docs\license.txt
   • %Program Files%\amuleC\locale\en_GB\amule.mo
   • %Program Files%\amuleC\locale\sl\amule.mo
   • %User Profile%\aMule\preferences.dat
   • %Start Menu%\Programs\amuleC\aMuleC.lnk
   • %Windows%\Installer\12421.msi
   • %User Profile%\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}\_951C230AB0400AF8D55261.exe
3. In the Look In drop-down list, select My Computer then press Enter.
4. Once located, select the file then press SHIFT+DELETE to delete it.
   *Note: The file name input box title varies depending on the Windows version (e.g. Search for files or folders named or All or part of the file name.).

• For Windows Vista, Windows 7, Windows Server 2008, Windows 8, Windows 8.1, and Windows Server 2012:

1. Open a Windows Explorer window.
   • For Windows Vista, 7, and Server 2008 users, click Start>Computer.
   • For Windows 8, 8.1, and Server 2012 users, right-click on the lower left corner of the screen,then click File Explorer.
2. In the Search Computer/This PC input box, type:
   
   • %User Temp%\am_1.tmp
   • %Windows%\Installer\1241d.msi
   • %Windows%\Installer\1241f.ipi
   • %Windows%\Installer\MSIB.tmp
   • %System Root%\Config.Msi\12420.rbs
   • %Program Files%\amuleC\locale\pt_PT\amule.mo
   • %Program Files%\amuleC\locale\et_EE\amule.mo
   • %Program Files%\amuleC\locale\el\amule.mo
   • %Program Files%\amuleC\locale\ca\amule.mo
   • %Program Files%\amuleC\skins\Mac_Gray.zip
   • %User Profile%\aMule\amule.conf
   • %Program Files%\amuleC\locale\de\amule.mo
   • %Program Files%\amuleC\locale\cs\amule.mo
   • %User Profile%\aMule\server.met
   • %User Profile%\aMule\clients.met
   • %Program Files%\amuleC\locale\he\amule.mo
   • %User Profile%\aMule\emfriends.met
   • %User Profile%\aMule\logfile
   • %Program Files%\amuleC\locale\eu\amule.mo
   • %Program Files%\amuleC\locale\it_CH\amule.mo
   • %Program Files%\amuleC\docs\README.txt
   • %User Profile%\aMule\lastversion
   • %Program Files%\amuleC\locale\it\amule.mo
   • %Program Files%\amuleC\docs\TODO
   • %User Profile%\aMule\shareddir.dat
   • %Program Files%\amuleC\locale\uk\amule.mo
   • %User Profile%\aMule\cryptkey.dat
   • %Program Files%\amuleC\locale\ar\amule.mo
   • %Program Files%\amuleC\amule.ico
   • %User Profile%\aMule\known.met
   • %Program Files%\amuleC\locale\fr\amule.mo
   • %Program Files%\amuleC\skins\gnome.zip
   • %User Profile%\aMule\ipfilter_static.dat
   • %Program Files%\amuleC\locale\sq\amule.mo
   • %Program Files%\amuleC\locale\hu\amule.mo
   • %Program Files%\amuleC\locale\gl\amule.mo
   • %Program Files%\amuleC\locale\tr\amule.mo
   • %Program Files%\amuleC\skins\priscilla.zip
   • %Program Files%\amuleC\locale\pt_BR\amule.mo
   • %User Profile%\aMule\ipfilter.dat
   • %Program Files%\amuleC\skins\xfce.zip
   • %Program Files%\amuleC\skins\kde4.zip
   • %Program Files%\amuleC\locale\zh_CN\amule.mo
   • %Program Files%\amuleC\locale\pl\amule.mo
   • %Program Files%\amuleC\locale\ko_KR\amule.mo
   • %Program Files%\amuleC\skins\tango.zip
   • %Program Files%\amuleC\locale\fi\amule.mo
   • %Program Files%\amuleC\locale\zh_TW\amule.mo
   • %Program Files%\amuleC\docs\amulesig.txt
   • %Program Files%\amuleC\docs\AUTHORS.txt
   • %Program Files%\amuleC\docs\Changelog.txt
   • %Program Files%\amuleC\locale\hr\amule.mo
   • %Program Files%\amuleC\locale\bg\amule.mo
   • %Program Files%\amuleC\locale\nn\amule.mo
   • %Program Files%\amuleC\locale\lt\amule.mo
   • %Program Files%\amuleC\ed2k.exe
   • %Program Files%\amuleC\locale\ru\amule.mo
   • %Program Files%\amuleC\locale\sv\amule.mo
   • %Program Files%\amuleC\locale\da\amule.mo
   • %Program Files%\amuleC\locale\es\amule.mo
   • %Program Files%\amuleC\aMule.exe
   • %Program Files%\amuleC\locale\nl\amule.mo
   • %Program Files%\amuleC\docs\EC_Protocol.txt
   • %Program Files%\amuleC\locale\ast\amule.mo
   • %Program Files%\amuleC\locale\ja\amule.mo
   • %User Profile%\aMule\known2_64.met
   • %Program Files%\amuleC\docs\license.txt
   • %Program Files%\amuleC\locale\en_GB\amule.mo
   • %Program Files%\amuleC\locale\sl\amule.mo
   • %User Profile%\aMule\preferences.dat
   • %Start Menu%\Programs\amuleC\aMuleC.lnk
   • %Windows%\Installer\12421.msi
   • %User Profile%\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}\_951C230AB0400AF8D55261.exe
3. Once located, select the file then press SHIFT+DELETE to delete it.
   *Note: Read the following Microsoft page if these steps do not work on Windows 7.

To delete malware/grayware/spyware folders:

For Windows 2000, Windows XP, and Windows Server 2003:

1. Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
2. In the File name* input box, type:
   
   • %System Root%\MSI1241e.tmp
   • %System Root%\Config.Msi
   • %Program Files%\amuleC
   • %Program Files%\amuleC\locale
   • %Program Files%\amuleC\locale\pt_PT
   • %Program Files%\amuleC\locale\et_EE
   • %Program Files%\amuleC\locale\el
   • %Program Files%\amuleC\locale\ca
   • %Program Files%\amuleC\skins
   • %User Profile%\Application Data\aMule
   • %Program Files%\amuleC\locale\de
   • %Program Files%\amuleC\locale\cs
   • %Program Files%\amuleC\locale\he
   • %Program Files%\amuleC\locale\eu
   • %Program Files%\amuleC\locale\it_CH
   • %Program Files%\amuleC\docs
   • %Program Files%\amuleC\locale\it
   • %Program Files%\amuleC\locale\uk
   • %Program Files%\amuleC\locale\ar
   • %Program Files%\amuleC\locale\fr
   • %Program Files%\amuleC\locale\sq
   • %Program Files%\amuleC\locale\hu
   • %Program Files%\amuleC\locale\gl
   • %Program Files%\amuleC\locale\tr
   • %Program Files%\amuleC\locale\pt_BR
   • %Program Files%\amuleC\locale\zh_CN
   • %Program Files%\amuleC\locale\pl
   • %Program Files%\amuleC\locale\ko_KR
   • %Program Files%\amuleC\locale\fi
   • %Program Files%\amuleC\locale\zh_TW
   • %Program Files%\amuleC\locale\hr
   • %Program Files%\amuleC\locale\bg
   • %Program Files%\amuleC\locale\nn
   • %Program Files%\amuleC\locale\lt
   • %Program Files%\amuleC\locale\ru
   • %Program Files%\amuleC\locale\sv
   • %Program Files%\amuleC\locale\da
   • %Program Files%\amuleC\locale\es
   • %Program Files%\amuleC\locale\nl
   • %Program Files%\amuleC\locale\ast
   • %Program Files%\amuleC\locale\ja
   • %Program Files%\amuleC\locale\en_GB
   • %Program Files%\amuleC\locale\sl
   • %Start Menu%\Programs\amuleC
   • %User Profile%\Microsoft\Installer
   • %User Profile%\Installer\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
3. In the Look In drop-down list, select My Computer, then press Enter.
4. Once located, select the folder then press SHIFT+DELETE to permanently delete the folder.
5. Repeat steps 2 to 4 for the remaining folders:
   • %System Root%\MSI1241e.tmp
   • %System Root%\Config.Msi
   • %Program Files%\amuleC
   • %Program Files%\amuleC\locale
   • %Program Files%\amuleC\locale\pt_PT
   • %Program Files%\amuleC\locale\et_EE
   • %Program Files%\amuleC\locale\el
   • %Program Files%\amuleC\locale\ca
   • %Program Files%\amuleC\skins
   • %User Profile%\Application Data\aMule
   • %Program Files%\amuleC\locale\de
   • %Program Files%\amuleC\locale\cs
   • %Program Files%\amuleC\locale\he
   • %Program Files%\amuleC\locale\eu
   • %Program Files%\amuleC\locale\it_CH
   • %Program Files%\amuleC\docs
   • %Program Files%\amuleC\locale\it
   • %Program Files%\amuleC\locale\uk
   • %Program Files%\amuleC\locale\ar
   • %Program Files%\amuleC\locale\fr
   • %Program Files%\amuleC\locale\sq
   • %Program Files%\amuleC\locale\hu
   • %Program Files%\amuleC\locale\gl
   • %Program Files%\amuleC\locale\tr
   • %Program Files%\amuleC\locale\pt_BR
   • %Program Files%\amuleC\locale\zh_CN
   • %Program Files%\amuleC\locale\pl
   • %Program Files%\amuleC\locale\ko_KR
   • %Program Files%\amuleC\locale\fi
   • %Program Files%\amuleC\locale\zh_TW
   • %Program Files%\amuleC\locale\hr
   • %Program Files%\amuleC\locale\bg
   • %Program Files%\amuleC\locale\nn
   • %Program Files%\amuleC\locale\lt
   • %Program Files%\amuleC\locale\ru
   • %Program Files%\amuleC\locale\sv
   • %Program Files%\amuleC\locale\da
   • %Program Files%\amuleC\locale\es
   • %Program Files%\amuleC\locale\nl
   • %Program Files%\amuleC\locale\ast
   • %Program Files%\amuleC\locale\ja
   • %Program Files%\amuleC\locale\en_GB
   • %Program Files%\amuleC\locale\sl
   • %Start Menu%\Programs\amuleC
   • %User Profile%\Microsoft\Installer
   • %User Profile%\Installer\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
   *Note: The file name input box title varies depending on the Windows version (e.g. Search for files or folders named or All or part of the file name.).

For Windows Vista, Windows 7, Windows Server 2008, Windows 8, Windows 8.1, and Windows Server 2012:

1. Open a Windows Explorer window.
   • For Windows Vista, 7, and Server 2008 users, click Start>Computer.
   • For Windows 8, 8.1, and Server 2012 users, right-click on the lower left corner of the screen, then click File Explorer.
2. In the Search Computer/This PC input box, type:
   
   • %System Root%\MSI1241e.tmp
   • %System Root%\Config.Msi
   • %Program Files%\amuleC
   • %Program Files%\amuleC\locale
   • %Program Files%\amuleC\locale\pt_PT
   • %Program Files%\amuleC\locale\et_EE
   • %Program Files%\amuleC\locale\el
   • %Program Files%\amuleC\locale\ca
   • %Program Files%\amuleC\skins
   • %User Profile%\Application Data\aMule
   • %Program Files%\amuleC\locale\de
   • %Program Files%\amuleC\locale\cs
   • %Program Files%\amuleC\locale\he
   • %Program Files%\amuleC\locale\eu
   • %Program Files%\amuleC\locale\it_CH
   • %Program Files%\amuleC\docs
   • %Program Files%\amuleC\locale\it
   • %Program Files%\amuleC\locale\uk
   • %Program Files%\amuleC\locale\ar
   • %Program Files%\amuleC\locale\fr
   • %Program Files%\amuleC\locale\sq
   • %Program Files%\amuleC\locale\hu
   • %Program Files%\amuleC\locale\gl
   • %Program Files%\amuleC\locale\tr
   • %Program Files%\amuleC\locale\pt_BR
   • %Program Files%\amuleC\locale\zh_CN
   • %Program Files%\amuleC\locale\pl
   • %Program Files%\amuleC\locale\ko_KR
   • %Program Files%\amuleC\locale\fi
   • %Program Files%\amuleC\locale\zh_TW
   • %Program Files%\amuleC\locale\hr
   • %Program Files%\amuleC\locale\bg
   • %Program Files%\amuleC\locale\nn
   • %Program Files%\amuleC\locale\lt
   • %Program Files%\amuleC\locale\ru
   • %Program Files%\amuleC\locale\sv
   • %Program Files%\amuleC\locale\da
   • %Program Files%\amuleC\locale\es
   • %Program Files%\amuleC\locale\nl
   • %Program Files%\amuleC\locale\ast
   • %Program Files%\amuleC\locale\ja
   • %Program Files%\amuleC\locale\en_GB
   • %Program Files%\amuleC\locale\sl
   • %Start Menu%\Programs\amuleC
   • %User Profile%\Microsoft\Installer
   • %User Profile%\Installer\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
3. Once located, select the file then press SHIFT+DELETE to permanently delete the folder.
4. Repeat steps 2-3 for the remaining folders:
   • %System Root%\MSI1241e.tmp
   • %System Root%\Config.Msi
   • %Program Files%\amuleC
   • %Program Files%\amuleC\locale
   • %Program Files%\amuleC\locale\pt_PT
   • %Program Files%\amuleC\locale\et_EE
   • %Program Files%\amuleC\locale\el
   • %Program Files%\amuleC\locale\ca
   • %Program Files%\amuleC\skins
   • %User Profile%\Application Data\aMule
   • %Program Files%\amuleC\locale\de
   • %Program Files%\amuleC\locale\cs
   • %Program Files%\amuleC\locale\he
   • %Program Files%\amuleC\locale\eu
   • %Program Files%\amuleC\locale\it_CH
   • %Program Files%\amuleC\docs
   • %Program Files%\amuleC\locale\it
   • %Program Files%\amuleC\locale\uk
   • %Program Files%\amuleC\locale\ar
   • %Program Files%\amuleC\locale\fr
   • %Program Files%\amuleC\locale\sq
   • %Program Files%\amuleC\locale\hu
   • %Program Files%\amuleC\locale\gl
   • %Program Files%\amuleC\locale\tr
   • %Program Files%\amuleC\locale\pt_BR
   • %Program Files%\amuleC\locale\zh_CN
   • %Program Files%\amuleC\locale\pl
   • %Program Files%\amuleC\locale\ko_KR
   • %Program Files%\amuleC\locale\fi
   • %Program Files%\amuleC\locale\zh_TW
   • %Program Files%\amuleC\locale\hr
   • %Program Files%\amuleC\locale\bg
   • %Program Files%\amuleC\locale\nn
   • %Program Files%\amuleC\locale\lt
   • %Program Files%\amuleC\locale\ru
   • %Program Files%\amuleC\locale\sv
   • %Program Files%\amuleC\locale\da
   • %Program Files%\amuleC\locale\es
   • %Program Files%\amuleC\locale\nl
   • %Program Files%\amuleC\locale\ast
   • %Program Files%\amuleC\locale\ja
   • %Program Files%\amuleC\locale\en_GB
   • %Program Files%\amuleC\locale\sl
   • %Start Menu%\Programs\amuleC
   • %User Profile%\Microsoft\Installer
   • %User Profile%\Installer\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
   *Note: Read the following Microsoft page if these steps do not work on Windows 7.