A new network virus called Worm.Win32.Smbmsn.163840 was discovered two days ago by Asia-based Global Hauri. This worm spreads through MSN Messenger through a file called SMB.EXE. If the user accepts this file, it will send itself to all contacts on his or her contact list. If the user executes it, a DOS prompt will come up for about a second and disappears. This occurs because it unzips a couple of files to the C: root and windows directories. The file also tempers with the registry (see below for details).
Do NOT accept the file transfer of SMB.EXE (or any other suspicious file) in MSN Messenger!
If you already did, here's how to remove it manually:
1) Go to task manager. (Ctrl+alt+del) and select the Process tab.
2) Click admagic.exe then click End Process
3) Go to the C: drive and delete smb.exe and admagic.exe.
4) Go to Windows directory and delete atl.dll, raw32x.dll, sm.dll and uz.exe.
5) Go to the registry (Start > Run > type "regedit" > click ok) and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Delete the svchost = admagic.exe string value.
Jose Manuel Tella Llop
MS MVP - DTS
jmtella@compuserve.com
Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
Últimos mensajes - Powered by IBM
Palabras claves
Hacer una pregunta
Siga el debate
Tengo una respuesta
Busqueda sugerida
Sábado 04 de mayo - 16:40
Registrar
Leer las respuestas