Affected Operating Systems
Recovery Instructions:
Please follow the instructions for removing Trojans.
You will also need to edit the following registry entry. Please read the warning about editing the registry.
First rename the registry editor.
- Using Windows explorer, browse to the Windows folder (usually C:\Windows or C:\Winnt) right-click Regedit.exe and make a copy of it.
- Rename the copy of Regedit.exe to Regedit.com.
At the taskbar, click Start|Run. Type 'Regedit.com' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_CLASSES_ROOT entry:
Typically an unaltered registry entry will be set to
HKCR\exefile\shell\open\command\(default) = "%1" %*
the altered registry entry will be
HKCR\exefile\shell\open\command\(default) = <path to Trojan> "%1" %*
delete only the path to the Trojan. Do not delete anything else.
Close the registry editor.
Change any data that may have become compromised.