5. To reverse the changes to the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
1. Click Start > Run.
2. Type regedit
Then click OK.
3. Navigate to the key:
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run
4. In the right pane, delete any value that refers to any files that were detected as Backdoor.Coreflood.
Note: All the variants do not add an entry to this key.
5. Navigate to and select the key:
HKEY_LOCAL_MACHINE/Software/Classes/CLSID
6. Click Edit > Find.
7. In the "Find what" box, type the file name of the .dll file that was detected as Backdoor.Coreflood in section 4.
8. If you find an entry of the form:
"(Default)"="%System%\<detected file name>.dll
in the registry key:
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{<random clsid>}\InProcServer32
then write down the <random clsid> value>
Then, in the left pane, delete the subkey:
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{<random clsid>}
9. Next, click Edit > Find to repeat the search, as there may be more than one such key. Delete any that are found.
10. Navigate to and delete the key:
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion
\Explorer/Browser Helper Objects/{<random clsid>}
where {<random clsid>} matches one of the values found and deleted in the previous searches.
11. Navigate to and delete the key:
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/
Explorer/ShellIconOverlayIdentifiers/<detected file name>
Note: <detected file name> should match the name of the infected dll file. For example, if abcdwxyz.dll was detected as Backdoor.Coreflood, then delete the registry key:
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/
Explorer/ShellIconOverlayIdentifiers/abcdwxyz
12. Exit the Registry Editor.
13. Restart the computer. If you could not delete any files in section 4, use Windows Explorer to locate and delete them.