Location of passwd.txt and Associated Malware

Check whether passwd.txt is presentin the following locations:

• C:\WINDOWS\passwd.txt

If you find passwd.txt in any ofthese locations, your computer is very likely to be infected with the followingmalware:

• CMD

Notes:

• You can check if passwd.txt is associated with the malware listed above by running a Exterminate It! Free Scan.
• You can easily remove all the files listed above with Exterminate It!.

IMPORTANT: Malware files can be camouflaged with the same file namesas legitimate files. The passwd.txt file is associated with malware only iffound in the locations listed above.

WhyIs It Important to Remove Malware Files?

It is imperative that you deletemalware-associated files as soon as possible because they can be used - or arealready being used - to inflict serious damage on your PC, including:

• Disrupting the normal functioning of the operating system or rendering it completely useless.
• Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
• Directing all your Web searches to the same unwanted or malicious sites.
• Dramatically slowing down your computer.
• Gaining total control of your PC to spread viruses and trojans and send out spam.

Howto Remove passwd.txt

1. To enable deleting the passwd.txt file, terminate the associated process in the Task Manager as follows:
• Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
• In the Tasks Manager window, click the Processes tab.
• On the Processes tab, select passwd.txt and click End Process.
2. Using your file explorer, browse to the file using the paths listed in Location of passwd.txt and Associated Malware.
3. Select the file and press SHIFT+Delete on the keyboard.
4. Click Yes in the confirm deletion dialog box.
5. Repeat steps 2-4 for each location listed in Location of passwd.txt and Associated Malware.

Notes:

• The deletion of passwd.txt will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
• The deletion of passwd.txt will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

DeletingLocked Files

You can delete locked files with theRemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, youneed to delete all the references to the file in Windows registry.

To delete a locked file:

1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicatethemselves, malware files can reappear in the same locations even after youhave deleted those files and restarted your computer. Exterminate It!can effectively eradicate such viruses from your computer.

To remove all registry references toa malware file:

1. On the Windows Start menu, click Run.
2. In the Open box, type regedit and click OK. The Registry Editor window opens.
3. On the Edit menu, select Find.
4. In the Find dialog box, type FILENAME. The name of the first found registry value referencing passwd.txt is highlighted in the right pane of the Registry Editor window.
5. Right-click the registry value name and select Delete on the menu.
6. Click Yes in the Confirm Value Delete dialog box.
7. To delete all other references to passwd.txt, repeat steps 4-6.

IMPORTANT: Malware files can masquerade as legitimate files by usingthe same file names. To avoid deleting a harmless file, ensure that the Valuecolumn for the registry value displays exactly one of the paths listed inLocation of passwd.txt and Associated Malware.