How to Remove QQ/My Documamts.exe Virus in your PC?-Complete Guide
February 12, 2011
Edit
Last week, I was contacted by a Mall Manager here in Davao to
troubleshoot their office computers and he was very worried because almost of
the units are infected with virus..
The office secretary told me that her boss download a
Chinese messenger apps called ”QQ”(works like YM) and the file includes a virus
that spread fast then, infects other PCs. I have no idea what was the real name
of the virus but I call it QQ virus / My Documamts.exe
There is no reference in the Internet that clearly talks
about the QQ virus but I was surprise that a lot of people in the Internet
encountered this type of threat. If you are one of us
read further here I promise you can fix it now.
What is QQ Virus?
QQ is not a virus,(I just called it QQ Virus for reference) it’s was happened due to bad guys out
there include a virus on the QQ setup files, so whenever someone will download
QQ they will got infected. QQ virus could infect windows XP and Windows Server
2003 platforms and spread fast through autorun on USB devices.
Virus related files:
Autorun.inf-triggers the virus to run and spread fast .
My Documamts.exe – When Double Click Produce
dangerous links that could intensify your system infections if click.
Gwsmvtena.exe –Runs on startup
VSPS.exe-Another related virus file that helps to
edify the qq virus..
Exploner-A fake icon shortcut of IE that when user
click it will opens Chinese webpage and
would run an active-x that can update the virus
and add more virus files on your system drive that could complicate the
problems causing immediate system death if not solve fast.
-------------------------------------------------------------------------------------
QQ/My Documamts.exe is a Trojan/virus/worms that infects the
following windows native apps: Registry, msconfig, explorer, safe mode, system
restore, etc.
It also infects that System32 files, Internet Explorer
Plugin, Startup programs, and spread through USB Drives.
When you see the My Documamts.exe file in your drive do not
click it because it would add some annoying things in your desktop. First, it
would add a Chinese links shortcuts in your desktop. Second, the virus would
add more unknown directories in your system drive. Third, it would make your
system so slow and even you can’t log on next time you open your PC.
There are two common processes that QQ virus was working:
#1.smss.exe
#2.explorer.exe
Both are windows important processes .To confirmed if that processes was infected by qq virus see the path below:
Normal Path:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\explorer.exe
Infected path
C:\WINDOWS\System32\dfahpihpnd\smss.exe
C:\WINDOWS\System32\gkijtgrbkh\explorer.exe
How to stop and kill QQ virus?
QQ virus runs on system start up with this path:
C:\My Documents and Settings \All Users\Start Menu\Programs\Startup\gwsmvtena.exe and you can’t just disable it on msconfig or else it will multiply on startup.
C:\My Documents and Settings \All Users\Start Menu\Programs\Startup\gwsmvtena.exe and you can’t just disable it on msconfig or else it will multiply on startup.
My Documamts,VSPS, Exploner and other Chinese shortcut links
cannot be removed without stopping the processes that lock it.
Different Methods to Remove QQ virus.
*Safemode method:
Safe mode gives you
the opportunity to access you computer without loading some unnecessary service
and processes that is being loaded on normal boot up. Meaning some processes
that lock files which hinders you to remove that threat are having less control
/powers in safe mode.
So what you gonna do is to backup your files first then
restart your PC and hit the F8 key to access the Safe Mode booting. Once you
are successful to enter the Safe mode, set your Explorer to reveal hidden
system files by My Computer>Menu Bar>Tools>Folder Options>View:
Check Show Hidden Files and uncheck the Hide protected operating
system files then navigate and delete
this path(C is the drive where OS was installed, please be careful):
•C:\WINDOWS\System32\dfahpihpnd\smss.exe
•C:\WINDOWS\System32\gkijtgrbkh\explorer.exe
•C:\My Documents and Settings \All Users\Start
Menu\Programs\Startup\gwsmvtena.exe
•C:\Documents and Settings\All Users\DesktopàFind the Chinese
shortcuts/links then try deleting them all
•Find VSPS and My Documamts.exe on all Drives then delete
Try boot your system if it works…
*Using Hirens Disc Mini XP method (This only works on XP
and not with Win NT or Server 2003):
Booting up using the
Mini XP mode hinders all maliciously processes strictly than Safe Mode. In Mini
XP mode you can access the msconfig,regedit, and other native tools that can be
access in Safemode. But Mini XP gives you an access to simply delete lock files
without hindrances and spot other threats inside.
You will use the Hirens Disc Mini XP mode to accomplish the
task given in Safe Mode just in case if you can access the option. When using
Hirens Mini XP you can also find bundles of free tools to help you fix
everthing. Remember, Hirens Tools also works best on normal windows booting up
so you have an options.
The only disadvantage of using Hirens Disc is you will need
to download and burn it as an ISO image before it can work which is time
consuming except on my case because I have two updated copies.lol…
*Using a Combination of Tools
If the given methods above doesn’t work in your situation
try patiently this method, I’m sure this would work because it fix mine.
#1.First download the following tools if you don’t have it:
#2.Backup everything and if you can access your System
Restore option fire it up.
#3.Install & Run the Process Explorer and will see
something like this:
#4.Install & Run Unlocker then navigateand delete all of
this path(in order):
First-C:
\My Documents and Settings \All Users\Start Menu\Programs\Startup\gwsmvtena.exe
Second-:C:\WINDOWS\System32\dfahpihpnd\smss.exe
Third-C:\WINDOWS\System32\gkijtgrbkh\explorer.exe
Fourth-•C:\Documents
and Settings\All Users\DesktopàFind
the Chinese shortcuts/links then try deleting them all
Fifth-Find
VSPS and My Documamts on all Drives then delete
#5. Install and Run USB Virus Scanner- Scan all drives to
remove Autorun.inf and go to FixSystem
menu>Select all >Click apply to initially repair system native apps. USB
Virus Scanner protect your PC get infected again from autorun virus in your USB storage.
#6. Install and Run MalwareBytes and Avast- In my own case
malwarebytes has detected more unknown
registry entries related to qq virus , the only problem with bytes because it
would ask you to register your copy before it could fully work. Avast works
best on XP Boot Time Scan, in fact running it finds more than 800 infected
files in the system where QQ virus put a havoc but you will need another
version compatible to windows server. Both Avast and Malwarebytes helps the
system clean again..
#7. Lastly, after your computer is clean with qq virus do
not forget to heal your infected system file by accessing the run window and
type the sfc /scannow>insert your windows cd and every corrupt dll will be
repaired. A Windows Repair by booting up is also a good option or use a
registry repair and cleaner to make your PC whole again.