© 2009 System-Protector.com All Rights Reserved.
Bit Defender | Kaspersky | ESET NOD32 | AVG Antivirus | F-Secure Antivirus | Trend Micro | McAfee VirusScan | Norton antivirus | CA Antivirus | Norman Antivirus | G DATA Antivirus | Panda Antivirus | AVAST Antivirus | F-Prot antivirus | PC Tools Antivirus | Webroot Antivirus | ViRobot
Latest in trend:
» viruses
Trojan Wincord
How to remove Trojan Wincord manually?
What is Trojan Wincord?
Trojan. Wincod is a Trojan horse that displays message boxes and modifies settings on the compromised computer. It affects systems running Windows XP, Windows Vista, Windows Server 2003, and Windows 2000. Discovered on March 7th 2009. Trojan. Wincod is also known as Troj/FakeVir-LC.
How does it affect your PC?
Trojan. Wincod is a Trojan virus that enters the system through a browser exploit or security hole. It may also pretend to be a video codec needed for media preview. Once active Trojan Wincod displays error notifications with following alert message:
"ERROR. Fatal Error! The media system on your computer is corrupt. Update your video codec immediately to resolve this issue."
If the user decides to update video codec, he will be automatically redirected to WinCoDecPRO.com to buy a worthless application. It is important to ignore such a disinformation and remove Trojan Wincod from the system after first appearance, because it may download and install additional malware or other parasites into the system.
How to remove Trojan Wincord manually?
- Disable System Restore (Windows Me/XP).
Disabling system restore is important before proceeding to delete the virus because if system restore is turned on then the computer will store a back-up of the virus also and all the efforts would be wasted.
- Update the virus definitions.
Virus definition update can be carried out using the live update feature which is present in all major antivirus software. Just click on the ‘Live Update ‘link and then proceed according to the instructions given.
- Run a full system scan.
Post updating of virus definitions, runs full system scans and be sure to scan the sub folders also.
- Delete any values added to the registry.
The final step is to delete all registry files with which this virus may have been associated. Open the registry editor by typing ‘regedit’ after u click on ‘run’ in the start menu. Navigate to and delete the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"WmpTray" = "[PATH TO TROJAN]"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\"Debugger" = "http://wincodecpro.com/purchase.php?id=2"
- HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia\WinCoDecPRO\"countr" = "[NUMBER OF TIMES TROJAN HAS EXECUTED]"
Navigate to and delete the following registry sub keys:
- HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia
- HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia\WinCoDecPRO