Win32/Viking G is another rogue spyware from the family of Win32. Like the complete series of Win32, Win32/Viking G has an amazing distribution network. It hides itself in the popular websites and gives you unexpected results. Opening spam email attachments or visiting websites, where java script is enabled, are the main reasons of Win32/Viking G wide distribution. It finds the holes and secret ways from your computer security and enters into your system very easily. A common example is the use of loophole of website safety encryption.

When it enters into your computer system, the first thing it does is to change the registry key values and makes Win32/Viking G a legal application. By changing the values and making itself real, your antivirus cannot do anything against Win32/Viking G, as the rogue has disabled your antivirus protection system against it. To gain more control on your system, the Win32/Viking G connects to the internet and download other malicious programs. Now you will not be able to control your computer and thus you cannot do anything. The malicious Win32/Viking G program can delete your important work files and you won’t be able to stop it. Once you suspect the presence of Win32/Viking G in your system remove it immediately using the following steps.

Remove Win32/Viking G processes

  1. In order to get some control on your computer restart it and press F8 many times and select the option ‘Safe mood with networking’.
  2. To directly open the Windows task manager press ALT+CTRL+DEL.
  3. Under the tab called ‘processes’ find the process named random.exe.
  4. Select the process and press Delete.

Remove Win32/Viking G Registry entry values

  1. In order to completely remove the Win32/Viking G registry entries you will need to open the registry editor.
  2. For that go to Start then select the option Run.
  3. Type regedit in the space called ‘open’ and click Ok.
  4. Select the left section and click on Edit.
  5. From the appeared choices select the option Find.
  6. Enter the below mentioned Win32/Viking G registry values and press enter.
  7. Right click on the registry values and click Delete.

The registry values that should be found and then removed are:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-8-6_3″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “tvejcklnjs”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win32/Viking.G Virus

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Random].exe

HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/’

HKEY_CURRENT_USER\Software\Win32/Viking.G Virus

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’

Remove Win32/Viking G other files

  1. Press the key with windows label from the keyboard with the key ‘R’.
  2. Type cmd in the tab and press Ok.
  3. Now write the command ‘regsvr32 /u [sample_file_name]’ and replace ‘sample_file_name’ with the Win32/Viking G other file names and press enter.

%AppData%\NPSWF32.dll

%AppData%\Protector-.exe

%AppData%\Protector-.exe

%AppData%\result.db

%AppData%\1st$0l3th1s.cnf

%AppData%\Inspector-[rnd].exe

%appdata%\[random].exe

%temp%\[random].exe

%Documents and Settings%\All Users\Start Menu\Programs\Win32/Viking.G Virus

%Documents and Settings%\[UserName]\Desktop\[random].lnk

%Documents and Settings%\All Users\Application Data\Win32/Viking.G Virus

%Program Files%\Win32/Viking.G Virus

%CommonStartMenu%\Programs\Win32/Viking.G Virus.lnk

%Documents and Settings%\[UserName]\Application Data\[random].exe

%UserProfile%\Desktop\Win32/Viking.G Virus.lnk

%AppData%\Protector-[rnd].exe

How to remove Win32/Viking G?
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>