Restarting in Safe Mode
» On Windows NT (VGA mode)
Click Start>Settings>Control Panel.
Double-click the System icon.
Click the Startup/Shutdown tab.
Set the Show List field to 10 seconds and click OK to save this change.
Shut down and restart your computer.
Select VGA mode from the startup menu.
» On Windows 2000
Restart your computer.
Press the F8 key, when you see the Starting Windows bar at the bottom of the screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
» On Windows XP
Restart your computer.
Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
Disabling the Malware Service
This procedure removes the running malware service from memory on systems running Windows NT, 2000, and XP.
Open a command prompt window. Click Start>Run, type CMD and then press the Enter key.
At the command prompt, type the following:
NET STOP "snapples"
Press the Enter key. A message should indicate that the service has been stopped successfully.
Close the command prompt window.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Snapple = "snapple.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
Snapple = "snapple.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Runonce
In the right panel, locate and delete the entry:
Snapple = "snapple.exe"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Snapple = "snapple.exe"
In the left panel, locate and delete the following:
HKEY_LOCAL_MACHINE>System>CurrentControlSet>
Services>Snapple
Close Registry Editor.
Additional Windows XP Cleaning Instructions
Users running Windows XP must disable System Restore to allow full scanning of infected systems.
then run your anti virus ()updated with latest pattern files) and
Scan your system and delete all files detected as WORM_FORBOT.AZ.