{"id":294,"date":"2007-10-01T19:46:00","date_gmt":"2007-10-02T00:46:00","guid":{"rendered":""},"modified":"2009-05-18T16:22:40","modified_gmt":"2009-05-18T21:22:40","slug":"how-to-clean-the-activexdebugger32exe-virus","status":"publish","type":"post","link":"https:\/\/emresaglam.com\/blog\/blog\/2007\/10\/01\/how-to-clean-the-activexdebugger32exe-virus\/","title":{"rendered":"How to clean the activexdebugger32.exe virus"},"content":{"rendered":"<p>\nFrom Emre virus labs:\n<\/p>\n<p>\nThis motherfucker virus was living in my parents` computers. (<a href=\"http:\/\/emresaglam.com\/blog\/151\" title=\"Linux...\">Since I use Linux<\/a> I don`t have any as usual&#8230;) And it`s a pain in the ass&#8230;\n<\/p>\n<p>\nWhat the virus does:\n<\/p>\n<ul>\n<li>Shares your drives to the world as PATRON1, PATRON2, etc&#8230;<\/li>\n<li>Copies itself to any writeable devices around you. USB sticks are great examples.<\/li>\n<li>On a USB drive, it generates an autorun.inf file and a copy of itself. Each time you connect your USB drive it infects your computer again&#8230;<\/li>\n<li>It uses the CPU at least to 70%&#8230; Noisy bitch&#8230;<\/li>\n<\/ul>\n<p>\nHow do you know that you are infected:\n<\/p>\n<ul>\n<li>Press CTRL+Shift+Esc buttons. You`ll see the activexdebugger32.exe process running.<\/li>\n<li>You can see a copy of the executable (activexdebugger32.exe) in your USB drives if you enabled the STUPID Windows to <a href=\"http:\/\/www.bleepingcomputer.com\/tutorials\/tutorial62.html\" title=\"tutorial to setup windows to show you your hidden files\">show you hidden files<\/a>. <\/li>\n<\/ul>\n<p>\nHow to kill the bastard and have a nice smiley day\/night (It`s 3am ok?) <strong>If you kill your computer i`m not responsible.<\/strong>\n<\/p>\n<ul>\n<li>Plugin your USB stick (if you have one)<\/li>\n<li><a href=\"http:\/\/www.spywareremove.com\/security\/how-to-kill-spyware-processes\/\" title=\"how to kill...\">Kill<\/a> the process activexdebugger32.exe<\/li>\n<li>Delete the activexdebugger32.exe binary. It usually lives under c:windowssystem32 (or c:winntsystem32 depending your Windows installation)<\/li>\n<li>open <a href=\"http:\/\/www.akadia.com\/services\/windows_registry_tutorial.html\" title=\"windows registry tutorial\">regedit<\/a>. Go to the top of the tree on the left pane. hit F3 (or CTRL+L) to open the search dialog. type, yes you know it, activexdebugger32.exe, NUKE the damn registry entries wherever it`s found. (Search until the end)<\/li>\n<li>Go to the root folder of your USB stick and delete, yes you`re right again,  activexdebugger32.exe and autorun.inf<\/li>\n<li>Update: Motherfucker leaves more trails&#8230; Delete the file NESNELER.EXE (meaning objects.exe in turkish) under c:Documents and SettingsLocal SettingsTemp<\/li>\n<li>Update: Delete all the files under C:windowssystem32 named: Ijl11.dll, KMON.OCX, KTKBDHK3.DLL, MSWINSCK.OCX, PAC, scrrntr.dll, scrrun.dll<\/li>\n<li>Done. <\/li>\n<\/ul>\n<p>\nLastly, fuck microsoft and windows, have a nice life&#8230;.\n<\/p>\n<p>\nUpdate after 4 months: Damn I was angry when I wrote this. And it was 3 am. The entry was somewhat full of typos so i edited and changed some info. \ud83d\ude1b <\/p>\n","protected":false},"excerpt":{"rendered":"<p>From Emre virus labs: This motherfucker virus was living in my parents` computers. (Since I use Linux I don`t have any as usual&#8230;) And it`s a pain in the ass&#8230; What the virus does: Shares your drives to the world as PATRON1, PATRON2, etc&#8230; Copies itself to any writeable devices around you. USB sticks are &hellip; <a href=\"https:\/\/emresaglam.com\/blog\/blog\/2007\/10\/01\/how-to-clean-the-activexdebugger32exe-virus\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">How to clean the activexdebugger32.exe virus<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[9,10],"_links":{"self":[{"href":"https:\/\/emresaglam.com\/blog\/wp-json\/wp\/v2\/posts\/294"}],"collection":[{"href":"https:\/\/emresaglam.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/emresaglam.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/emresaglam.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/emresaglam.com\/blog\/wp-json\/wp\/v2\/comments?post=294"}],"version-history":[{"count":1,"href":"https:\/\/emresaglam.com\/blog\/wp-json\/wp\/v2\/posts\/294\/revisions"}],"predecessor-version":[{"id":764,"href":"https:\/\/emresaglam.com\/blog\/wp-json\/wp\/v2\/posts\/294\/revisions\/764"}],"wp:attachment":[{"href":"https:\/\/emresaglam.com\/blog\/wp-json\/wp\/v2\/media?parent=294"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/emresaglam.com\/blog\/wp-json\/wp\/v2\/categories?post=294"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/emresaglam.com\/blog\/wp-json\/wp\/v2\/tags?post=294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}