Affected Operating Systems
Recovery Instructions:
Please follow the instructions for removing Trojans.
Please read the instructions for removing Trojans.
Editing the registry
You will also need to edit the following registry entries, if they are present.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
recover.bmp.exe = C:\Windows\Rundll.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\
recover.bmp.exe = C:\Windows\Rundll.exe
HKLM\Software\Microsoft\Active Setup\Installed Components\
recover.bmp.exe = Stub Path C:\Windows\Rundll.exe ASC
and remove these references.
Close the registry editor.
Editing Win.ini and System.ini
At the taskbar, click Start|Run and type Sysedit.
Bring Win.ini to the front. In the [windows] section, search for the lines 'Load=Rundll.exe' and 'Run=Rundll.exe'. Delete these lines.
Bring System.ini to the front. In the [Boot] section, search the line 'Shell=Explorer .exe Rundll.exe'. Delete this line, ensuring that a line 'Shell=Explorer.exe' remains.
Reboot your computer.