Removing the Verecno Virus



Removing the Verecno Virus
Removing the Verecno Virus
Please be aware that although all reasonable care is taken to provide comprehensive steps to remove this
strand of the Verecno Virus from computers and removable USB devices, the process may not be
successful due to a variety of factors including unknown applications running on computers, different
operating systems and settings and different hardware. This walkthrough is designed for Windows 7
Enterprise Edition and does have some technical steps that require you to change system settings that can
affect your computer. If you are unsure, please contact an ICT professional.
This virus originates from removable USB flash drives. Your anti-virus may pick up files such as:
- AutoIt3.exe
- googleupdate.a3x
- Hot.lnk
- My Games.lnk
- Googleupdate.lnk
- Windowsupdate.lnk
- Downloads.lnk
Making sure the Virus is not currently running
Before you continue, you need to ensure that the virus is not currently running. Press the ALT + CTRL + DEL
keys all at once then open 'Task Manager'. You will need to close down 'AutoIt3' if it is running. Select
‘AutoIt3’ and click ‘End Task’. Keep Task Manager open to monitor if the process starts running again.
Disabling AutoPlay
This virus uses the Windows AutoPlay function to spread via removable drives (like USB flash drives). To
avoid the virus spreading any further, you will need to disable AutoPlay on your computer. For Windows 7,
Open Start Menu > Control Panel > Hardware and Sound > AutoPlay and clear the ‘Use AutoPlay for all
media and devices’ check box and click ‘Save’ and close Control Panel. For disabling AutoPlay in other
versions of Windows, see Support Documentation:
Scanning for Viruses, Spyware & Malware
Now it should be safe to insert any removable drives that you have used in the last month. Update your
anti-virus and anti-spyware/malware software, and then do a full virus scan of your computer (including
any removable drives).
Removing the Virus Files
If your anti-virus software did not remove all the files, you will need to do it manually. The virus hides its
files and pretends it is part of your computer’s system files. To remove the virus, you will need to change
the folder options of your computer. Open the Start Menu and search for ‘Folder Options’. Open Folder
Options and go into the View tab. Select Show hidden files, folders, and drives. Untick Hide protected
operating system files (Recommended) and when asked if you are sure, click Yes. Click Apply
Open Windows Explorer or Computer and open the C Drive. You may see one or two greyed-out folders
called ‘Google’ or ‘Skypee’ (you may have one or both). These folders contain the virus files AutoIt3.exe
and googleupdate.a3x, so please delete the folders. Once you have deleted Google and Skypee from your
C Drive, please navigate to your USB flash drives and delete Google and Skypee from those as well.
Once all of the virus files and folders have been removed, you will need to empty your recycle bin and
change Folder Options back to their previous settings. Restart your computer. If you are getting any error
messages about ‘AutoIt3’, ‘Google’ or ‘Skypee’ on startup, you will need to follow the steps below.
Reset the Registry
The virus has changed some registry settings within the computer, so you will need to delete all the
AutoIt3.exe entries in the Registry. Open Registry Editor by holding the Windows key and the R key then
type "regedit" and click OK.
Click Edit then select Find... then type "AutoIt3.exe" to find all
corresponding registry keys with AutoIt3.exe. Then delete all
AutoIt3.exe entries when found. Exit Registry Editor.

Similar documents