TRICKS OF REMOVING VIRUS DEADLOCK

 

Deadlock virus is very fierce. If your computer is infected, on 12 and 13 every month, all your data will be destroyed, either in hard drive, Flashdisk by displaying the message "NTLDR is Missing".

If your computer has been a victim of Deadlock, do not reinstall your OS. Perform data recovery process is important to use data recovery applications.
If you reinstall the OS to a hard drive that contains the data you want on the recover, the recovery will fail.
Here are 6 steps to remove deadlock virus:

1. Disable [System Restore] during the cleaning process.
2. Turn off the active virus process in memory, use Task Manager replacement tools such as 'Process Explorer', then turn off the process with mysql.exe and apache.exe. Please download these tools at the following url: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
3. In order for this virus can not be active again you should block these files can not be executed in order to enroll in the Software Restriction Policies. This feature is only on computers with operating system Windows XP Professional / Windows Server 2003 / Windows Vista and Windows Server 2008.

-. Start - Run type in command SECPOL.MSC then click the [OK]
-. Having emerged Local Security Settings screen, right-click on Software Restriction Policies menu and click Create New Policies
-. On the Software Restriction Policies menu, click Additional Rules
-. Right-click on Additional Rules and select New Hash Rule, and the display will show the New Hash Rule
-. In the column hash file click the Browse button, then navigate to the directory [C:\Windows\system32\apache.exe] and click [Open]
-. In the Security field level select [Disallowed]
-. In the description column in the content may or emptied only
-. Click the [Apply] and [Ok]
Note: If your computer is not installed Windows XP Professional/2003 Server/Vista/2008 passed this step.
4. Remove string registry that has been changed by the virus. To expedite the repair process copy the script below in notepad and then save with the name of the file repair.inf then run the following manner:
-. Right-click the file repair.inf
-. Click [Install]
[Version]
Signature="$Chicago$"
Provider=Vaksincom
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, apache
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, mysql
5. Remove the parent virus files in the directory
-. C:\Windows\system32\apache.exe
-. C:\Windows\system32\mysql.exe
6. For optimal cleaning and prevent reinfection, install and use anti-virus scan with up-to-date.
You can also use Norman Malware Cleaner, please download these tools at the following address: http://www.norman.com/support/support_tools/58732/en-us
If your infected computer can not boot with the error message NTLDR Is Missing, reinstall the windows.