One of our readers came across these virus called W32.Gammima.AG and W32.Gammima in his computer but if you are also troubled with these, then here is how to remove these.

Both the viruses W32.Gammima and W32.Gammima.AG spread with the use of Removable media like USB Drive and have the ability to collect and send information regarding the password related to various online games.

Steps to remove these viruses:

Common Steps

1.    Disable the System Restore first (Right Click on My Computer -> Properties -> System Restore tab, check the option reading “Turn Off System Restore”)

2.    Scan the system with a good and updated Anti Virus.

3.    Boot the computer in the Safe Mode.

Steps to remove W32.Gammima:

4.    Navigate to and delete the following subkeys

HKEY_CLASSES_ROOT\CLSID\{64281F9B-71AE-4C6B-9688-C3E820D99255}

And

HKEY_LOCAL_MACHONE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{64281F9B-71AE-4C6B-9688-C3E820D99255}

5.    Restart the computer.

Steps to remove W32.Gammima.AG:

4. Navigate to and delete the following registry entry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”kava” = “%System%\kavo.exe”

5. If required, give the value to the following key as (double click the key to assign it a value)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\”CheckedValue” = “1”

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”Hidden” = “1”

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “0”

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Pocilies\Explorer\”NoDriveTypeAutoRun” = “95”

6. Reboot the computer

The virus would have gone!