Friday, January 2, 2015

What Is Patched_c.MIS - How to Remove Patched_c.MIS?


What Is Patched_c.MIS

Patched_c.MIS cannot be ignored when you detect it on your computer, for this is a malicious Trojan horse which can severely damage your computer and violate your privacy. Usually, this Trojan horse gain access to your computer when you browse malicious websites or download free but infected software. It can also come bundled with attachments of a spam email sent to your email box by the hackers. After getting into your computer via these means, this Trojan horse will begin to perform some malicious tasks according to the commands sent from the remote server. In order to take control over your system, it will change your system settings and modify registry entries without any consent. Then, it will open a backdoor in your system, allowing the remote hackers to visit your computer and other threats to get into your computer stealthily. What’s more, it can install a key logger on your computer to record your keystrokes. If you purchase something or transfer money using your online banking account during the period, it is probable that this Trojan horse can capture the usernames and passwords of your accounts when you input them into related web pages. So, it is highly recommended that you clean up Patched_c.MIS from your infected system as early as possible. You can learn how to do that by following the guide blow.

Note: Manually removing the Trojan horse is not an easy job, since it requires users to accomplish several complicated steps. If you are unsure how to perform the manual removal, then just download and use a powerful removal tool. This can guarantee a complete and safe removal of the threat.

Guide to Remove Patched_c.MIS

Step 1:You should back up your registry first.
Before we get down to the removal, it is better for you to back up your registry. By doing so, you can restore the registry if any data get lost during the removal process.

1. Click the Start menu and select “Run”. Type “regedit” into the box and click OK.

2. Select “File” on the top and select “Export”.
File-Export
3. Name the backup file and save it to the location wherever you like.

Step 2: Reboot your computer into the Safe Mode with Networking.
1. Reboot your computer and press F8 key continuously.
2. Select the “Safe Mode with Networking” option from the list with the arrow keys.
3. Press Enter to proceed.

Step 3: Terminate processes of Patched_c.MIS in Windows Task Manager.
1. Press the keys CTRL+ALT+DEL or CTRL+SHIFT+ESC together to open the Windows Task Manager.
2. Select the “Processes” tab and begin to search for the processes related to the Trojan horse.
3. Select and terminate all those malicious processes with the “End Process” button.

Step 4: Delete files of the Trojan horse from your computer.

%AllUsersProfile%
C:\Windows\System32\services.exe
C:\windows\system32\services.exe
C:\windows\assembly\GAC\Desktop.ini
C:\Windows\System32\services.exe.OLD
C:\Windows\system32\services.exe file/folder
%\Documents and Settings%\All Users\Application Data\[random]
%\Documents and Settings%\[UserName]\Local Settings\Application Data\[random]

Step 5: Remove registry entries added and infected by the Trojan horse.
1. Open the Registry Editor again.
2. Search for the malicious registry entries as follows and remove them from your computer.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\ random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Random.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Random.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer
“EnableShellExecuteHooks”= 1 (0×1)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’

Step 6: After you finish the steps above, please reboot your computer back to the normal mode.

Attention: Manually removing the Trojan horse is a complicated and risky task, and it should only be attempted by advanced computer users. If you are a newbie, you can consider installing and running an automatic removal tool to remove the stubborn Trojan horse within clicks. SpyHunter can not only completely clean up the existing threats from your computer, but also protect your system from any future malware so that you can surf the Internet safely.

No comments:

Post a Comment