Posts Comments

Remove Win32/Rimecud family

By admin on April 2, 2010 Leave a Comment

Win32/Rimecud is a dangerous worm that affects any computer with a Microsoft Windows operating system installed on it. It is used by attackers to gain unauthorized access to user systems. Win32/Rimecud reaches user systems through removable media such as USB flash drives, hard disks etc as well as through spam emails to which Win32/Rimecud is appended as an attachment. Once installed on the computer, Win32/Rimecud creates a number of malicious files to carry out its work. It also creates a number of fake registry entries. Then it will proceed to mail itself to any contacts listed in the user’s address book, as well as it will copy itself to any removable media that is attached to the computer. Win32/Rimecud also drops a dangerous rootkit in to the Windows system folder, which allows the malware developer to remotely access the computer to steal the user’s private information or to attack a remote server.

As Win32/Rimecud is an extremely dangerous application, you should take immediate steps to remove it as soon as you find an instance of it on your system. In order to remove Win32/Rimecud family, you must stop its processes, delete its files and folders and remove its registry entries.

File Removal Procedures

The first step that you must take in order to remove Win32/Rimecud family is to stop the following process, into which Rimecude injects itself:

  • explorer.exe

Next, delete the following files and folders:

  • c:\recycler\s-1-5-21-<Random Number>\ glps.exe
  • c:\recycler\s-1-5-21-<Random Number>\ winservices.exe
  • c:\recycler\s-1-5-21-<Random Number>\ hd1.exe
  • c:\recycler\s-1-5-21-<Random Number>\ winlogon.exe

After the above steps have been completed, your hard disk no longer contains Win32/Rimecud.

Registry Removal Procedures

After file removal has been completed, it is necessary to remove the following registry entry as well to ensure complete Win32/Rimecud Family removal:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Now it is prudent to say that your computer is safe from Win32/Rimecud. However, scanning the entire PC using genuine antivirus products such as Spyware Doctor with Antivirus may help in detecting additional malicious components.

Outside Resources:

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FRimecud

http://blogs.technet.com/b/mmpc/archive/2010/01/19/win32-rimecud-msrt-s-success-story-in-january-2010.aspx

Filed Under: Virus Removal Tagged With: , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.