[ Home  |  FAQ-Related Q&As  |  General Q&As  |  Answered Questions ]

    Search the Q&A Archives

Our computer is infected with a computervirus named...

<< Back to: Computer Virus FAQ for New Users

Question by hareeswaran@sidomail.com
Submitted on 12/9/2003
Related FAQ: Computer Virus FAQ for New Users
Rating: Rate this question: Vote
Our computer is infected with a computervirus named "picture_of_the_worlds_most_wanted_person". compiled AutoIt script file version 2.64.0.0
I am not much conversant with computer virus. Can anybody help me in deleting this virus?


Answer by Prathap
Submitted on 4/26/2004
Rating:  Rate this answer: Vote
W32/Wanted-A
Aliases   
Trojan.Win32.Autoit.d, DiabloCheat   
   
Type   
Win32 worm   
   
Detection   
Detected by Sophos Anti-Virus since November 2003.   
   
Description   
W32/Wanted-A will copy itself as background.exe to the Windows folder and drop the second part of itself there as rundll.32.exe. The worm will also drop a picture as winsys2.jpg to the Windows folder and launch this with Paint Brush.

The worm will then set the following registry entry to run the second part of itself on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LoadProfile

When the second part is run it remains in memory and copies the main part to floppy disks as the name Picture_of_the_worlds_most_wanted_person.exe.
   
Recovery   
Please follow the instructions for removing worms.


Windows NT/2000/XP/2003

In Windows NT/2000/XP/2003 you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LoadProfile

and delete it if it exists.

Close the registry editor.

 

Answer by aggie
Submitted on 4/15/2005
Rating: Not yet rated Rate this answer: Vote
is this free to pit on the system now to help to stop poeple from sending message threw the computer as they try to day to stop my computer with some spam mail i tryed to resend back with my answer that i had nothing to with any email they my got from me

 

Answer by aaa123
Submitted on 12/13/2006
Rating: Not yet rated Rate this answer: Vote
background.exe

 

Answer by dad
Submitted on 5/13/2007
Rating: Not yet rated Rate this answer: Vote
adsjflasdjfl;ksdaj

 

Your answer will be published for anyone to see and rate.  Your answer will not be displayed immediately.  If you'd like to get expert points and benefit from positive ratings, please create a new account or login into an existing account below.


Your name or nickname:
If you'd like to create a new account or access your existing account, put in your password here:
Your answer:

FAQS.ORG reserves the right to edit your answer as to improve its clarity.  By submitting your answer you authorize FAQS.ORG to publish your answer on the WWW without any restrictions. You agree to hold harmless and indemnify FAQS.ORG against any claims, costs, or damages resulting from publishing your answer.

 

FAQS.ORG makes no guarantees as to the accuracy of the posts. Each post is the personal opinion of the poster. These posts are not intended to substitute for medical, tax, legal, investment, accounting, or other professional advice. FAQS.ORG does not endorse any opinion or any product or service mentioned mentioned in these posts.

 

<< Back to: Computer Virus FAQ for New Users

[ Home  |  FAQ-Related Q&As  |  General Q&As  |  Answered Questions ]
© 2008 FAQS.ORG. All rights reserved.