F-Force Malware Disinfection

F-Force Malware Disinfection is a useful program that will disinfects computers who are infected with known variants of the following malware:

Agobot (Backdoor.Win32.Agobot) Aimbot (Backdoor.Win32.Aimbot) Bagle (Email-Worm.Win32.Bagle, except .N, .O, .P, .Q, .R variants) Bozori (Net-Worm.Win32.Bozori) Codbot (Backdoor.Win32.Codbot) Dumaru (Email-Worm.Win32.Dumaru) Fanbot (Backdoor.Win32.Fanbot) Forbot (Backdoor.Win32.Forbot) IRCBot (Backdoor.Win32.IRCBot) Mitglieder (Trojan-Proxy.Win32.Mitglieder or Trojan-Spy.Win32.Mitglieder) Mydoom (Email-Worm.Win32.Mydoom) Mytob (Net-Worm.Win32.Mytob) Netsky (Email-Worm.Win32.NetSky) Padobot (Net-Worm.Win32.Padobot) Poebot (Backdoor.Win32.Poebot) Rbot (Backdoor.Win32.Rbot) SDBot (Backdoor.Win32.SdBot) Spybot (P2P-Worm.Win32.SpyBot) Wootbot (Backdoor.Win32.Wootbot) Zafi (Email-Worm.Win32.Zafi)

In addition the F-Force utility detects EICAR test file.

The F-Force utility might be able to disinfect computers that are infected with new variants of these backdoors and worms, however disinfection will only work if these variants are detected generically by AVP engine.

The F-Force utility disinfects Windows HOSTS file by removing entries that were added by malware. In addition the utility automatically restores the default EXE file startup string in case it was modified by malware.

The F-Force utility creates a log file named F-FORCE.LOG in the root Windows directory (usually C:WINDOWS). The log file is appended every time the F-Force utility is run.

1. Unpack the F-Force utility from the provided ZIP archive either with WinZip or PkUnzip utilities. A trial version of WinZip archiver can be downloaded from the following website:

http://www.winzip.com/ddchomea.htm

2. Download the archive called LATEST.ZIP from F-Secure web or ftp sites. This archive contains the latest anti-virus database files. It can be downloaded from these URLs:

http://www.f-secure.com/download-purchase/latest.zip ftp://ftp.f-secure.com/anti-virus/updates/latest/latest.zip

3. Place the downloaded LATEST.ZIP archive in the same folder where the F-Force utility is located.

4. Run the unpacked F-Force.exe file from a hard disk to eliminate malware infection. You can run the utility by either double-clicking on its file from Windows Explorer or you can start it from a command prompt (to open a command prompt click 'Start' button, select 'Run' menu and type CMD.EXE (if you have Windows NT, 2000 or XP) or type COMMAND.COM (if you have Windows 98 or ME). Then press 'Enter' to run the command interpreter. In the opened command prompt window you have to type CD command followed by a folder name where the F-Force utility is located, for example:

CD C:TEMP

Press 'Enter' to run that command. To run the F-Force utility from that folder type F-FORCE and press 'Enter'.

First the F-Force utility will kill all detected malware processes in memory. Then the utility will remove all startup Registry key values created by the malware and finally it will scan all available hard disks and delete all infected files. If needed, the utility disinfects Windows HOSTS file and restores the default value of EXE file startup key in the Registry.

5. Reboot the system. After restart your system should be clean from the above mentioned malware.

If you have F-Secure Anti-Virus installed, the utility will temporarily disable the on-access scanner (OAS) to be able to disinfect your system. After the utility completes disinfection it enables the on-access scanner.

You can get a trial version of F-Secure Anti-Virus and the latest updates for it from our website:

http://www.f-secure.com/download-purchase/list.shtml http://www.f-secure.com/download-purchase/updates.shtml