Medichi.exe Virus
Filed Under (Misc.) by Kirby Witmer on 26-12-2007
Have you been struggling with the nasty medichi.exe virus? I’ve been trying to remove it on a customer’s computer for days, and haven’t been getting anywhere. This virus goes the whole way by disabling access to your Control Panel, Task Manager, Spybot Search & Destroy, and Norton Internet Security. Apparently its a new virus that none of the virus companies have a fix for yet. The only one that detects it is Microsoft, but they can’t actually remove it successfully yet. At least they didn’t for me.
Basically this is what I did to fix the problem.
UPDATE: Symantec now calls it Trojan.Virantix.B and has a document outlining how to remove it. Please follow those steps instead.
1. Download Process Master and install it.
2. Run Process Master and kill the following processes if running, medichi.exe medichi2.exe and suspend.exe.
3. Show System and Hidden files in Windows Explorer, by going to Tools and then Folder Options and selecting the view tab. Select the “Show Hidden files and folders” and also uncheck “Hide Protected Operating System Files”. Click Yes, and then OK.
4. Delete the following files if existing.
 C:\Windows\Medichi.exe
 C:\Windows\Medichi2.exe
 C:\Windows\System32\suspend.exe
5: Search the registry for “Medichi” and delete every reference to it.
6. Restart Windows.
These steps were taken from here.
Note: The one step over there involves patching ProcessMaster to avoid paying for it. It doesn’t mention that anywhere, but thats what happens if you follow it. If you want to stay legal, please pay for ProcessMaster instead of simply patching it.
