GoToWebinar - Web Events Made Easy

Norton by Symantec - General

CA Internet Security Suite Plus 2010

You are here: Home > Computer worms > Removal > W32.Badtrans.B aka Badtrans.B Removal

W32.Badtrans.B aka Badtrans.B Removal

By default the worm files are 'KERNEL32.EXE' & 'KDLL.DLL', but may vary since adjustments fro the worm could well be available.

Removal on Windows NT/2000/XP.
1. Open task manager to stop the process used by the worm:
Press CTRL+ALT+DEL. Select 'Task Manager'. Click on the 'Processes' tab.
Highlight the process 'KERNEL32.EXE' and click on 'End Process'.
You will see a confirmation message - click 'Yes'.
2. Scan with an updated antivirus scanner and remove all files detected as the worm.
Please note: you may be unable to delete the KDLL.DLL file 'cause the operating system has locked it open. If so, restart your computer and scan again with your virusscanner to delete KDLL.DLL. If infection is reported in System Restore under Windows ME or Windows XP, read up 'Infection in \Restore folder (Windows ME)' or 'Infection in \Restore folder (Windows XP)'.

Removal on Windows 95/98/ME.
1. Restart your computer in MS-DOS mode:
In Windows 95/98 click 'Start', and choose 'Shut Down'
Select 'Restart the computer in MS-DOS mode' and click OK. The computer will now restart.
NOTE: In Windows Me restart your computer with an emergency startup floppy disk. If you do not have this, create one by clicking:
Start > Settings > Control Panel > Add/Remove Programs > |Startup Disk > Create Disk.
Put this disk into your computer and restart it.
2. When the computer has finished loading MS-DOS, you will see a command prompt:

Type "del c:\windows\system\kernel32.exe" and press return.
Type "del c:\windows\system\kdll.dll" and press return.
Type "exit" to restart Windows. In Windows Me you will have to reboot.

3. Scan with an updated antivirus scanner to make sure all infected files are removed.

Infection in \Restore folder (Windows ME).

You can not remove infected files in \Restore folder. Follow these instructions to create a workaround (no data will be lost):

  1. Close all open programs. Then, right-click My Computer on the Windows desktop.
  2. Click Properties.

  3. Click the Performance tab.
  4. Click File System.
  5. Click the Troubleshooting tab.
  6. Check Disable System Restore.
  7. Ok your way out.

Click Yes to restart. This disables the System Restore feature and will purge the contents of the _RESTORE folder when the system is restarted.

After finishing the removal instructions, repeat steps 1 through 7, except in step 6, choose: uncheck Disable System Restore. 

Infection in \Restore folder (Windows XP).

You can not remove infected files in \Restore folder. Follow these instructions to create a workaround (no data will be lost):

  1. Close all open programs. Then, right-click My Computer on the Windows desktop.
  2. Click Properties.
  3. Click the System Restore tab.
  4. Click checkbox Turn off System Restore (or checkbox Turn Off System Restore on all drives)
  5. Click OK.
  6. Click Yes when prompted to turn off System Restore.
  7. Ok your way out.

This disables the System Restore feature and will purge the contents of the _RESTORE folder.

After finishing the removal instructions, repeat steps 1 through 7, except in step 4, choose: uncheck checkbox Turn Off System Restore and OK your way out again.

  Advertising

DHL for You
Use 'DHL for You' for easy package sending in the Netherlands!

Comodo Internet Security Pro

ESET NOD32 Antivirus, CNET Editors’ Choice 2009

10% Off - Trend Micro Internet Security Pro - 1 YR - Coupon Code:tmpro08

Norton 360 v3.0 - 2 year subscription

ZoneAlarm Internet Security Suite 2010 - Save 50%