By Kristopher

How to Remove W32.Fiala.A

Updated May 14, 2009

W32.Fiala.A is a worm that spreads itself through your removable drives. W32.Fiala.A blocks certain applications from launching, and, as an early birthday gift, W32.Fiala.A may drop Trojans on your PC (think Trojan Horse, Hacktool.Rootkit or Trojan.KillAV).

Thanks, W32.Fiala.A.

Unless ID theft and zombie computers botnets sound like a hot weekend, let me show you how to get rid of W32.Fiala.A.

GET RID of W32.Fiala.A

Do You Have W32.Fiala.A?

When you’re infected with badware — whether it’s W32.Fiala.A, spyware, adware, a Trojan, or a virus — there are a few key symptoms. Have you noticed…

  • Slow computer performance: It just takes one parasite like W32.Fiala.A to slow your computer dramatically. If your PC takes longer than usual to reboot, or if your Internet connection is unusually slow, you may be infected with W32.Fiala.A.
  • New desktop shortcuts or switched homepage: Badware like W32.Fiala.A may change your Internet settings to redirect your homepage to another site. Badware can even add desktop shortcuts to your PC.
  • Annoying popups: Badware can bombard your computer with popup ads, even when you’re not online. Through these popups, you may be tricked into downloading more spyware.

How to Remove W32.Fiala.A Manually

W32.Fiala.A warning Before we get started, you should backup your system and your registry, so it’ll be easy to restore your computer if anything goes wrong.

To remove W32.Fiala.A manually, you need to delete W32.Fiala.A files. Not sure how to delete W32.Fiala.A files? Click here, and I’ll show you. Otherwise, go ahead and…

Block W32.Fiala.A sites:

wuc8.com
wuc9.com

Get rid of W32.Fiala.A files:

%DriveLetter%\JR.PIF
%DriveLetter%\AUTORUN.INF
%System%\dllcache\linkinfo.dll (a clean file that may already be present)
%System%\mfc1.dll (a legitimate copy of Microsoft’s MSVCR71.dll)
%SystemDrive%\AUTORUN.INF
%SystemDrive%\bps.dll (a copy of Trojan Horse)
%ProgramFiles%\henaji.pif (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)
%Windir%\Fonts\bat.sys (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)
%Windir%\Fonts\kpsp.sys (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)
%Windir%\Fonts\lstis.sys (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)
AS21a669aS

Delete W32.Fiala.A registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravservice.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\”CheckedValue” = “2″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nod32kui.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonxp.KXP\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVTRAY.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfwstub.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ast.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.COM\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMain.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTray.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Runiep.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.EXE\”debugger” = “%System%\dllcache\spoolsv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngLdr.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.KXP\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

Note: In any W32.Fiala.A files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual W32.Fiala.A removal, go ahead and leave a comment.

How Do You Remove W32.Fiala.A Files?

Need help figuring out how to delete W32.Fiala.A files? While there’s some risk involved, and you should only manually remove W32.Fiala.A files if you’re comfortable editing your system, you’ll find it’s fairly easy to delete W32.Fiala.A files in Windows.

How to delete W32.Fiala.A files in Windows XP and Vista:

  1. Click your Windows Start menu, and then click “Search.”
  2. A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
  3. Type a W32.Fiala.A file in the search box, and select “Local Hard Drives.”
  4. Click “Search.” Once the file is found, delete it.

How to stop W32.Fiala.A processes:

  1. Click the Start menu, select Run.
  2. Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
  3. Click Processes tab, and find W32.Fiala.A processes.
  4. Once you’ve found the W32.Fiala.A processes, right-click them and select “End Process” to kill W32.Fiala.A.

How to remove W32.Fiala.A registry keys:

W32.Fiala.A warning Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.

  1. Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
  2. Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
  3. To find a registry key, such as any W32.Fiala.A registry keys, select “Edit,” then select “Find,” and in the search bar type any of W32.Fiala.A’s registry keys.
  4. As soon as W32.Fiala.A registry key appears, you can delete the W32.Fiala.A registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”

How to delete W32.Fiala.A DLL files:

  1. First locate W32.Fiala.A DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
  2. To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the W32.Fiala.A DLL file is located. If you’re not sure if the W32.Fiala.A DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
  3. When you’ve located the W32.Fiala.A DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.

That’s it. If you want to restore any W32.Fiala.A DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.

Did W32.Fiala.A change your homepage?

  1. Click Windows Start menu > Control Panel > Internet Options.
  2. Under Home Page, select the General > Use Default.
  3. Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
  4. Select Apply > OK.
  5. You’ll want to open a fresh web page and make sure that your new default home page pops up.

W32.Fiala.A Removal Tip

Is your computer acting funny after deleting any W32.Fiala.A files? I recommend using a program like File Recover from PC Tools. File Recover saves deleted files that otherwise can’t be recovered by Windows operating sytem.

Want to save time finding W32.Fiala.A files? Download Spyware Doctor, let it find the W32.Fiala.A files for you, and then manually delete W32.Fiala.A files.

How Did You Get W32.Fiala.A?

Wondering how W32.Fiala.A ended up on your PC? If you’re infected with W32.Fiala.A or other badware, perhaps you were using…

  • Freeware or shareware: Did you download and install shareware or freeware? These low-cost or free software applications may come bundled with spyware, adware, or programs like W32.Fiala.A. Sometimes adware is attached to the free software to “pay” developers for the cost of creating the software, and more often spyware is secretly attached to free software to harm your computer and steal your personal and financial information.
  • Peer-to-peer software: Do you use a peer-to-peer (P2P) program or other application with a shared network? When you use these applications, you put your system at risk for unknowingly downloading an infected file, including applications like W32.Fiala.A.
  • Questionable websites: Did you visit a website that’s of questionable nature? When you visit malicious sites that are fishy and phishy, badware may be automatically downloaded and installed onto your computer, sometimes including applications like W32.Fiala.A. I recommend you use Firefox web browser, if you don’t already.

Understanding W32.Fiala.A

If you’re infected with W32.Fiala.A, you should know what you’re fighting. I’ll explain some definitions related to W32.Fiala.A.

W32.Fiala.A May Be a Worm

Worms are virus-like badware with destructive codes. Worms are able to mutate, or replace their own code by automatically, which makes worms very dangerous, difficult to find, and hard to delete. Similar to viruses, worms can spread to the other computers by secretly and automatically emailing themselves to other Internet users in your address book. The main difference between worms and viruses is that a worm wil replace your computer files rather than simply inserting their code into your files.

Filed Under: Worms
Related Posts: No related posts,

Comments