Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
The virus creates the following files:
%removabledrive%\RECYCLER\S-7-1-36-6133081425-6700277004-675130086-4217\%variable1%.exe
- %removabledrive%\RECYCLER\S-7-1-36-6133081425-6700277004-675130086-4217\%variable2%.cpl
- %removabledrive%\autorun.inf
- %removabledrive%\Copy of Shortcut to (1).lnk
- %removabledrive%\Copy of Shortcut to (2).lnk
- %removabledrive%\Copy of Shortcut to (3).lnk
- %removabledrive%\Copy of Shortcut to (4).lnk
The virus contains a list of addresses.
It can execute the following operations:
- capture screenshots
- send gathered information
- download files from a remote computer and/or the Internet
- run executable files
- shut down/restart the computer
- %system%\dmlconf.dat
- google.com
- bing.com
- yahoo.com
The Removal Instruction
To repair the problem:
- update the anti-virus into it’s latest signature
- Then run a quick scan in your computer
- Run virus to infected external storage device
- Open the external drive
- Delete all files except the drive icon that have no drive letter
- Open the drive icon with no drive letter
- Select all your files and cut or copy
- Open external storage device (that is, flash drive, usb drive, external hard disk or whatever it is)
- Paste your file
- Then, delete the “the drive icon that have no drive letter”
No comments:
Post a Comment