Alias
-
I-Worm.Winevar
-
WORM_WINEVAR.A
-
W32/Korvar
-
Worm/Bride.C
-
W32.HLLW.Winevar
Betroffene Betriebssysteme
Wiederherstellungshinweise:
Bitte folgen Sie der Anweisung zum Entfernen von Würmern.
Please read the instructions for removing worms.
You will also need to edit the following registry entries.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
and delete any reference to any file you deleted.
You will also need to edit the following registry entry for each user who ran the virus. Each has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:
HKU\[code number]\Software\Microsoft\Windows\
CurrentVersion\Run\
and delete any reference to any file you deleted.
You may also delete the following entry (this is optional):
HKCR\Software\Microsoft\DataFactory
Close the registry editor.
Installing the patch
Microsoft has issued a patch which secures against the incorrect MIME header vulnerability and the IFRAME vulnerability. This can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS01-027.asp.
(This patch fixes a number of vulnerabilities in Microsoft's software, including the ones exploited by this worm.)