Removal Feebs rootkit (ms??32.dll, ms??.exe)

Feebs rootkit - free removal tool

What is the Feebs rootkit?

It is not invisible rootkit. It is a mail worm used rookit technology.

Usually you can receive it by e-mail sent from infected computer. Feebs attaches zipped "hta" file to each sent e-mail message.

Unfortunately most of antiviral software could not detect it and the users who trust their antiviral software are infected.

Feebs drops the copy of initial "hta" file to the user′s Startup folder.

Other files are stored in the Windows\System32 folder.

The DLL file has random name with mask "ms??32.dll" (where ? is any character). The executable file looks like "ms??.exe".

Feebs uses the Active Setup sub-key to infect the computer at every Windows boot.

Executable file is used to reproduce infection and for loading its DLL into memory.

The DLL is a user mode rootkit and it hides the rootkit′s Active Setup subkey.

In additional, Feebs tries to deactivate several antiviral software. Feebs is not rock but unfortunately most of antiviral software doesn′t detect it. Getting the latest virus database is required.

RegRun prevents "hta" file from executing and it is able to prevent adding Feebs to auto startup.


Suggest you to use RegRun Platinum Edition to be sure that you are clear!
Good luck!
Dmitry Sokolov
Add or See Comments (>10)