Alias
Betroffene Betriebssysteme
Make a note of the names and locations of the files you delete.
Editing system.ini
At the taskbar, click Start|Run and type Sysedit. Bring System.ini to the front. In the 'shell=' line in the [Boot] section, search for any references to the files you deleted. Delete only that reference, not any other text.
Reboot your computer.
Replacing files
You may need to replace system files that were damaged by the virus. You should obtain clean copies from backups or original media.
Installing the patch
Microsoft has issued a patch which secures against the incorrect MIME header vulnerability and the IFRAME vulnerability. This can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS01-027.asp.
(This patch fixes a number of vulnerabilities in Microsoft's software, including the ones exploited by this worm.)
Removing sharing
You may also wish to remove sharing of the C: drive. To do this edit the following registry entry. At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\\Network\LanMan\BinLaden
and remove the reference to BinLaden.
Close the registry editor.