USBcillin
Despite what the name may suggest, USBcillin has nothing to do with penicillin. Nor does it have anything to do with keeping your computer healthy. Though this rogue claims to be able to prevent malicious software from infecting your computer through tainted external drives, it can’t. It is nothing more than a scam.
Once USBcillin has been installed on a computer, it does the exact opposite of what it claims to do. It actually downloads malicious software that can slow your computer and Internet performance, hijack your browser, or even steal your personal information. What is worse is that it creates a horde of new registry entries that can later cause a number of system errors. That is why this rogue should be avoided at all cost and be removed as soon as it is detected. In order to remove it manually, start by stopping the following processes:
13882768.exe
64080532.exe
82215601.exe
USBcillin.exe
QWE.TXT.exe
Type : Rogue Security Application
Relative file contents :
64080532.exe, QWE.TXT.exe, 57273426.svd, 96402658.svd, 71519181.svd, USBcillin.exe, 13882768.exe, 82215601.exe
Delete these registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoPropertiesMyComputer” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”DisableTaskMgr” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoSetFolders” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoNetHood” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoFolderOptions” = “0″
# HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoDesktop” = “0″
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\”DisableCMD” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoPrinters” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoSetFolders” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\”NoNetSetup” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Window Title” = “Windows Internet Explorer”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\”NoAddPage” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoFind” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\”PastIconsStream” = “hex:14,00,00,00,05,00,00,00,01,00,01,00,b6,00,00,00,14,00,00,00,49,4c,00,06,b6,00,ba,00,04,00,10,00,10,00,ff,ff,ff,ff,21,00…”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Userinit” = “C:\WINDOWS\system32\userinit.exe,”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoRun” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”DisableRegistryTools” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoViewContextMenu” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\”NoAddRemovePrograms” = “0″
# HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\”NoNetSetup” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoFileMenu” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”USBcillin” = “C:\WINDOWS\system32\USBcillin.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoPropertiesMyComputer” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoViewContextMenu” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableRegistryTools” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoActiveDesktop” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\”NoAddRemovePrograms” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoFolderOptions” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoDesktop” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “explorer.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”NoDispCPL” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoPrinters” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoControlPanel” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\”NoRemovePage” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\”NoAddPage” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoFind” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\”NoActiveDesktop” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoRun” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoNetHood” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\”NoRemovePage” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoControlPanel” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableTaskMgr” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”NoDispCPL” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoFileMenu” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\”Order” = “hex:08,00,00,00,02,00,00,00,00,02,00,00,01,00,00,00,03,00,00,00,d2,00,00,00,00,00,00,00,c4,00,00,00,41,75,67,4d,02
Finally, delete these files:
64080532.exe
QWE.TXT.exe
57273426.svd
96402658.svd
71519181.svd
USBcillin.exe
13882768.exe
82215601.exe
Though this will remove USBcillin, it won’t remove any of the malicious programs that the rogue may have installed. That is why manual removal may not be the best option for your computer’s health. Instead, consider getting a trustworthy antispyware application to find and removal all infections and remove them at once.
ZookaWare PC Cleaner was developed by ZookaWare, a company in good standing with the Better Business Bureau. They have made ZookaWare PC Cleaner to be the only legitimate antispyware with a 100% spyware removal guarantee. This is made possible because they use a robot to search over 100 million websites every day for the newest forms of malware. Therefore, if you want protection that is constantly up to date, trustworthy, and 100% guaranteed then you want ZookaWare PC Cleaner.
I’ve purchased this software to remove USBcillin which has infected my computer. After one scan my computer was clean again. Great job SpyZooka!