Virus remove manually (00333.cn)

There is a virus appeared recently which set your homepage of IE to 00333.cn frequently.

Now I provide a way to get you out of the trap. (Windows XP/2003/2003 R2/Vista/2008/7/2008 R2)

1 Navigate to the system32 folder of your windows system.
2 Get all files in that folder which like “mshtml??.dll”. You may find several files.
3 Check these files one by one. You can just submit file to?virustotal to check. Remember the file name which contains a virus.
4 Kill explorer.exe process by using Task Manager or some other tool.
5 Unregister that virus by running command: “regsvr32.dll /u mshtmlXX.dll” (without quote mark, and the file name is the same as the found one in step 3.)
6 Delete mshtmlXX.dll. If you cannot delete it (access denied), you can move that file into another folder (like the root of the driver which contains your operation system).
7 Restart computer.
8 Delete the file from your target folder if you cannot delete it in step 6.

Good luck.

BTW:
By the register information of 00333.cn (provided by www.miibeian.gov.cn), the owner of that site named Liu Yan (zh: 柳严). The register number is Shanghai-ICP-Reg-09032544(zh: ICP备09032544号).
This virus is coded by VB and activated by the context menu of explorer.exe. I dunno how my computer was infected.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.