Characteristics
-
Turns off anti virus applications
-
Allows others to access the computer
-
Modifies data on the computer
-
Uses its own emailing engine
-
Installs itself in the registry
Affected Operating Systems
If you are running Sophos Anti-Virus for Windows, version 6.0, you should follow our instructions for removing worms.
If you use any of our other products for Windows NT/2000/XP/2003 and Windows 95/98/Me you will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
and remove any reference to any file you deleted.
Close the registry editor.
Replace the Hosts file from a backup or edit it in Notepad to remove the changes that the worm has made.
For all other platforms, please follow our instructions for removing worms.