Home Blog

Folstart Worm – How to Remove Folstart Worm completely

Posted by in Blog Worm
on November 15th, 2012 | Leave a comment

Folstart is a kind of worm virus like W32.Blaster.Worm that is able to copy itself as many as possible to infect removable drives and network shared files. It will scan for usb drives and then create malicious files folders on it. Meanwhile, it creates a copy of itself on the compromised computer and disguises itself as a legitimate system file. Folstart can run at windows start up by adding related registry entries and can restore itself when corrupted.

When a new USB devices is connected to a compromised computer, Folstart can detect it sensitive and then immediately infect it. Folstart replicates itself to the drive as an executable file using the same name as a folder on the drive, without an extension. Folstart also uses an icon that makes the file look like a folder. The name, lack of an extension, and the use of the folder icon are all created to trick computer users into thinking it is actually a folder, hoping that they will attempt to ‘open’ that folder, and instead accidentally run Folstart.

How to remove Folstart worm manually
1. Kill related processes if they are running and then delete the following files

%AppData%\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Microsoft Update.exe
%AppData%\Start\update.exe

2. Remove registry entries created by Folstart

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced = “HideFileExt” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced = “ShowSuperHidden” = “0″
HKEY_CURRENT_USERU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced = “Hidden” = “2″
HKEY..\..\..\..{Subkeys}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Enum

How to remove Folstart easily
Manual removal is never a simple way to deal with the infection. A virus removal program like Spyware Cease will be a good choice. A virus removal program can complete the removal automatically. It reduces the possibility to damage the computer during removal. It can detect and remove the malicious files exactly. Folstart is easy to restore itself if not removed completely. Using Spyware Cease to remove it completely now.
1. Download Spyware Cease
2. Install it by following the easy prompt
3. Run an online scan
4. Click remove button to get rid of Folstart worm instantly

Leave a Reply