Aliases
-
I-Worm.Hawawi
-
W32/Holar.d@MM
-
W32.Hawawi.Worm
-
Win32/Hawawi.A
-
Holar-F
Affected Operating Systems
Recovery Instructions:
Please follow the instructions for removing worms.
Windows NT/2000/XP
In Windows NT/2000/XP you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\loadqm
= "C:\<Windows system>\MEDIA PLAYER.EXE"
and delete it if it exists.
Close the registry editor.
Installing the patch
Microsoft has issued a patch which secures against the incorrect MIME header vulnerability and the IFRAME vulnerability. This can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS01-027.asp.
(This patch fixes a number of vulnerabilities in Microsoft's software, including the ones exploited by this worm.)