It is a network-aware worm that replicate across the existing networks.So it is identified as a malicious trojan horse or bot that may represent security risk for the
compromised system and its network
Symptoms of Virus Threat.
Infection1.The following directories were created:
a)c:\A1
b)c:\A1\V1
c)c:\Driver
d)c:\Driver\Files
Infection 2. The following files were created in the system:
a)c:\A1\V1\DesKTop.ini
b)c:\Driver\Files\Desktop.ini
b)c:\Driver\Files\Desktop.ini
c)c:\A1\V1\try.exe
d)C:\Documents and Settings\%UserProfile%\update.exe
d)C:\Documents and Settings\%UserProfile%\update.exe
Infection 3. Registry Modifications by threat
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-61WE-AAX2-5657QWE232788}]StubPath = "c:\A1\V1\try.exe"
so that try.exe runs every time Windows starts along with explorer.exe
Steps to Remove A1\V1\try.exe.
- Press Alt+Ctrl+Del --->Go to Process --->end Explorer.exe
- Go to Run by Clicking File menu in Task Manager Type CMD in run box
C:\Documents and Settings\user> Type cd\ Press Enter
C:\> Type attrib -h -r -s A1 Press Enter
C:\ A1>Type CD V1Press Enter
C:\A1\V1\> type dir to acess try.exe Directory
C:\A1\V1\> type del try.exe
C:\>Type Del A1(Repeate only this command three times until Virus gone)
Ask for delete Confirmation Press Y
C:\>Type Del A1
Ask for delete Confirmation Press Y
C:\>Type Del A1.exe
If you got message Could not Find C:\A1 .Operation is Success Virus Should Be Gone!
C:\> Type attrib -h -r -s A1 Press Enter
C:\ A1>Type CD V1Press Enter
C:\A1\V1\> type dir to acess try.exe Directory
C:\A1\V1\> type del try.exe
C:\>Type Del A1(Repeate only this command three times until Virus gone)
Ask for delete Confirmation Press Y
C:\>Type Del A1
Ask for delete Confirmation Press Y
C:\>Type Del A1.exe
If you got message Could not Find C:\A1 .Operation is Success Virus Should Be Gone!
Now it is the time for deleting other dangerous created by Virus
a)Delete A1 Folder you can observe in C drive.If you able to find msupdate.exe in C drive you can delete that file also.
b)Delete msupdate.exe and update.exe from user C:\Documents and Settings\User
c)Delete Dialup connections Like a-connect,z-connect from Network Connection
d)Then delete the registry created by Virus.If you find difficulty you can use registry cleaners like Glary Utilities, or CCleaners etc.
If you find difficulty leave a comment or contact us.I will deffinately help you to resolve your issue.
b)Delete msupdate.exe and update.exe from user C:\Documents and Settings\User
c)Delete Dialup connections Like a-connect,z-connect from Network Connection
d)Then delete the registry created by Virus.If you find difficulty you can use registry cleaners like Glary Utilities, or CCleaners etc.
If you find difficulty leave a comment or contact us.I will deffinately help you to resolve your issue.
No comments:
Post a Comment