Technology Guides, Reviews and News

How to manually remove virus W32.Blackmal.E@mm from the Windows system

One of the most damaging viruses to our computer is what is called a scavenger red light. The third day of every month is activated and starts to delete all the files on your hard drive. His name is W32.BlackMal.E@mm, better known as the Kama Sutra, it spreads by sending itself to contacts of our car email address book and copying itself in the cards that, we share through the Internet.

We do not waste any more time, cancel it right away or this virus will have the opportunity to also delete important data. This simple guide will explain how to manually remove the virus from our Windows system.

  • First, restart Windows in Safe Mode. We turn on the computer and press the F8 key immediately after loading the BIOS (if we cannot press it at the right time we can continue to press it when we turn on the computer, so we will certainly the right point). If we press the button too early or too late, it will start regular Windows in this case, we just restart your computer and try again. In the new screen, using the directional arrow keys above, select the Safe Mode and press Enter. This will launch a limited version of Windows that does not load the Kama Sutra Worm, so you can delete more easily.
  • We access to Windows with the Account Director and from the Start menu select the Run command. We write regedit, and press OK to access the system registry. Let’s move in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (unless we find we can copy us this location), and identify the ScanRegistry value. Select it with the right mouse button and from the drop down menu that appears click on Delete.
  • Performing step 2, the worm will not be loaded the next time the operating system. Also in the registry, let’s move here. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced and track the ShowSuperHidden. Click on it to access the edit screen of its value: In the Value data field, we write 1.
  • Repeat the same procedure for the key WebView, assign a value of 1. Finally, let’s move in the HKEY_CURRENT_USER\Software\Microsoft\Windows\Current\Explorer\CabinetState and identify the FullPath value, which was also amended by the Kama Sutra virus. To bring it back to the original value, Click over twice and in the Value data field of the Edit DWORD Value window we write 0.
  • Now we just have to erase all traces of the virus from our Hard Disk. We close the editor of the registry and returned to the Windows desktop, click on Start/Search. We analyze the contents of the Hard Disk to locate the file rundll16.exe, scanregw.exe, winzip.exe, update.exe, winzip_tmp.exe, samplezip, NewWinZip, file.exe, mivies.exe and ZippedFiles.exe created by the virus without our knowledge. We provide then to remove them, remember to also delete them from the Trash and restart your computer. Now our computer is safe. For the future, I recommend a good anti virus, once it will check that between the virus that blocks, there is the Kama Sutra Worm.