Chipset.exe is a malicious backdoor trojan that runs in the background and allows remote access to the compromised system. It produces outbound traffic, Downloads/requests other files from Internet.
This tutorial gives step by step removal info. All the tools/ softwares mentioned in this article are freeware.
Preparation: Youwill need the windows operating system cd. If you have received a CD with the purchase of your computer. If hard disk has a partition"Restore Partition" , you won't require the CD. Your computer should have an antivirus software. You will also need a free software CCleaner, and a Firewall. You can choose one of the freeware firewalls.
Turn off - system restore : The malicious files are saved in the system restore backup. You need to turn system restore off to remove them. You can turn it ON after cleaning the computer. Click here to read more...
If you are unable to open Task Manager Sometimes you are not able to open the task manager, the run command etc. The virus does this. There are free tools to solve this problem. They are listed here. See which is helpful for you. Click here to read more...
Remove Processes from Task Manager Press Ctrl Shift Esc to open Task Manager. See in the list of the processes chipset.exe Select if found and press the End Process button. It will prompt you, say yes, and then close the Task Manager. There may be more processes belonging to this malicious software.
Removing a Program from windows startup: The system configuration utility can be started in xp and in vista by typing msconfig in the run box. The run box can be opened in xp by clicking on Start > run The best part of windows startup is that the setting is reversible, therefore you can check / uncheck any entry from windows startup any number of times. So do not hesitate to uncheck anything that you find doubtful. You can always check it back if you later come to know that it is something useful.
After the system configuration utility window is open, Click on the Startup tab, that will list all the programs that are scheduled to start when you turn your computer On. Expand the middle column using your mouse pointer so that you can see the path of the program on the hard disk, that will give you a clear idea, what program that is. Locate and uncheck the entries if found "chipset.exe "
While still in the system configuration utility, click on the Services tab, Check in the box in front of "Hide All Microsoft Services", now locate services named "DNSTransaction" "Storm DDOS Service"
and uncheck the boxes, press Apply, press Close/Ok and restart the computer.
View Hidden Files: You may need to enable to view hidden files and folders before you can search for the virus files and folders. Click here to read more...
Boot in safe mode: If you are unable to delete the malware files/ folders, try doing it while in windows safe mode. Click here to read more...
Searching andd Deleting the Folders / files on the hard disk C:\Windows\System32\chipset.exe delete the above file if found.
After the infection it downloads more files on the hard disk. These files may vary from infection to infection. Delete the files if found
Variation1) see report C:\Documents and Settings\LocalService\Favorites C:\Documents and Settings\[UserName]\Local Settings\Temp\WER30d2.dir00 C:\Documents and Settings\LocalService\Favorites\Links C:\Windows\System32\StormServer.dll
Variation2) C:\Documents and Settings\LocalService\Favorites\Desktop.ini C:\Documents and Settings\[UserName]\Local Settings\Temp\WER30d2.dir00\appcompat.txt C:\Documents and Settings\[UserName]\Local Settings\Temp\WER30d2.dir00\IEXPLORE.EXE.hdmp C:\Documents and Settings\[UserName]\Local Settings\Temp\WER30d2.dir00\IEXPLORE.EXE.mdmp C:\Documents and Settings\[UserName]\Local Settings\Temp\WER30d2.dir00\manifest.txt C:\Windows\System32\StormServer.dll
Delete the following registry keys. for details of registry values see this link. (I have removed the names of the sub keys, if you want you can see them all in the threat expert report)
Using CCleaner: CCleaner is a freeware temp files and registry cleaner. We need to use this type of software because almost all the infection that occur through internet, come through the temp files, and unfortunately windows does not remove temp files automatically. Run the Cleaner and the registry menus in CCleaner. Click here to read more...
Using the Antivirus Application: Your best helper is the antivirus program on your computer. Keep it always updated. And run a full scan in windows safe mode. Click here to read more...
Using Online Virus Scanner
This option can be explored if you already have paid for an antivirus and you want to keep it, and you do not want to get into complications of installing two antiviruses on the same computer. There are several good antivirus sites which provide online virus scanning. Some sites only tell you what is infected on your computer but do not remove it. Whereas some sites generously detect and remove the viruses found. I am going to list such sites which delect and remove. And of course they all offer this service for free. The prerequisite for this scan is a functioning browser and an internet connection. 1) BitDefender Free Online Virus Scan. Click to visit site. 2) TrendMicro HouseCall : Click to visit site. 3) Eset Online Scanner : Click to visit si
Using the system file checker: Follow this step if you notice trouble in the normal functioning of windows. This utility will check and replace the damaged/ altered or missing system files. It is a necessary step. Click here to read more...
If you are unable to access one or more sites during the repair process
- if possible use another computer to download the software needed for repairing your computer, and then copy and transfer it to the infected computer using any available means like a pen drive. - if you are using only internet explorer, and if it is blocked from visiting some of the security related sites, try to download/ install Firefox browser, and see if you can use it for the same purpose.
Using a Firewall : It is helpful to install a standalone firewall so that you can block any unsolicited communication done by the malware to and from your computer. It tries to connect to more sites, hunattack.3322.org,cwk1237.3322.org, fsjyes.3322.org,
