Attacked by Worm:Win32/Rotrumas.A - How to Remove Worm:Win32/Rotrumas.A Effectively?

If your computer is infected by Worm:Win32/Rotrumas.A, you have to remove it as soon as possible. Otherwise, the worm will cause serious damage to your PC. If the antivirus program cannot remove the infection completely, you can try the steps in this post to effectively remove Worm:Win32/Rotrumas.A.

More information about Worm:Win32/Rotrumas.A

A computer worm is a standalone malware program that spreads itself via network. It doesn’t have to attach itself to an existing program to invade computers because the worm is able to replicate itself. Worm:Win32/Rotrumas.A is a worm that sneaks into computers via removable drives and may replace found picture files with its own picture and may remove contents of document files. During installation, the worm creates several files to a variable location on the targeted computer. Usually, the files are located in the system folder. For XP, Vista, 7, and W8, it is "C:\Windows\System32". For Windows 2000 and NT, it is "C:\WinNT\System32". The worm also generates several registry entries in order to allow its copies to run automatically when Windows starts and change Folder Options settings. The worm is a dangerous computer infection because it can search for and replace image files with the extensions .JPEG and .JPG with its own image and delete all delete the contents of .DOC and .XLS files found. In addition, it can stop certain antivirus programs from running. Moreover, the worm can steal all your emails addresses and then sent them to another email address with malicious purposes.

Rotrumas.A manual removal guide:

Step 1. Enter your computer in Safe Mode with Networking. Restart your PC and tap F8 constantly before Windows loads. Highlight Safe Mode with Networking by using the up and down arrow keys. Then press Enter.
Step 2. Disable the related processes in Task Manager. Open Task Manager by press Ctrl + Alt + Delete. Click the Processes tab, select the processes associated with the worm and terminate them. [random].exe
Step 3. Delete registry entries of the worm.
Click Start, go to Run, type regedit in the box and then click OK.
In the open Registry Editor window, search for the following registry entries and eliminate them.
In subkey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Sets value: "Shell"
With data: "explorer.exe \?ht?msys19.exe" 
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 
Sets value: "lsass" 
With data: "\deter177\lsass.exe" 
In subkey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 
Sets value: "?ht?msys19.exe" 
With data: "\ctfmon.exe" 
Step 4. Erase all the files created by the worm. 
Click Start, go to Control Panel and double click on Folder Options. Click on View tab, check Show hidden folders and files and uncheck Hide protected operating system files. Then click OK.

Find the files below and get rid of them. 

<system folder>\deter177\?ht?msys19.exe
<system folder>\deter177\ctfmon.exe
<system folder>\deter177\lsass.exe
<system folder>\deter177\smss.exe
<system folder>\deter177\sv?h?st.exe

Another method to remove Worm:Win32/Rotrumas.A automatically:

It may be a little difficult for those who are not familiar with computer to deal with Worm:Win32/Rotrumas.A with the steps mentioned above manually. If you don’t have enough computer expertise or have much time removing the worm either, use a professional removal tool instead. The tool can detect all the files and registry entries of the worm and delete them within minutes. With the tool, the infection will be gone with a few clicks of your mouse. Therefore, you

 1) Download and install a professional removal tool. 

2) Run the tool to scan your entire computer system. 

3) Delete all the malicious files found. 

4) Restart your PC.