February 20, 2008

W32.Imaut.CN - Worm

W32.Imaut.CN is a worm that spreads through Yahoo! IM and shared network drives. It may also download potentially malicious code on to the compromised computer.

How to remove Worm W32.Imaut.CN ?

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart your system in safe mode

4. Run a full system scan using a good Anti Virus .
5. Delete following values added to the registry.

* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Yahoo Messengger" = "%System%\regsvr.exe"
* HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"system" = "Winhelp.exe"

6. Delete the following subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\"\New Folder.exe"

No comments: