high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Included in our products from | February 2007 (4.14) |
| Protection available since | 2 December 2006 15:20:08 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
To disinfect this Trojan using Sophos Anti-Virus for Windows, version 6:
- Close down all programs.
- Go to Start|Programs|Sophos Anti-Virus and run the 'Sophos Anti-Virus' program.
- In the 'Available scans' list, select the scan for which you want to enable disinfection. (Do not select a scheduled scan, as you will not be able to run this manually.)
- Click Edit|Configure this Scan.
- Select the Cleanup tab and select 'Automatically clean up items that contain a virus'. Click Apply|OK.
- Click 'Save and Start' to save the scan, and run it immediately.
- Click 'OK' when asked if files should be disinfected.
- Run another scan to ensure that the virus has been removed.
- Click Edit|Configure this Scan.
- Select the Cleanup tab and deselect select 'Automatically clean up items that contain a virus'. Click Apply|OK.
If Sophos Anti-Virus cannot delete files because they are held open by the operating system, make a note of the names of the files, then do as follows.
- Download an emergency copy of SAV32CLI. On an uninfected Windows computer, run this file to extract the contents into a SAV32CLI folder on a medium that can be write-protected. Copy the SAV32CLI folder produced onto a medium that can be write-protected. Add any relevant IDEs to this folder and write-protect the disk (on a CD/R or CD/RW close the session).
- Restart the computer in Safe Mode. Go to Start|Shut Down. Select 'Restart' from the dropdown list and click 'OK'. Windows will restart. Press F8 when you see the following text at the bottom of the screen "For troubleshooting and advanced startup options for Windows 2000, press F8". In the Windows 2000 Advanced Options Menu, select the third option 'Safe Mode with Command Prompt'.
- At the infected computer, place the CD in the CD drive (D: in this example). At the command prompt type.
D:
to access the CD drive. Type:CD SAV32CLI
Then type:SAV32CLI -DI -P=C:\LOGFILE.TXT
to disinfect the Trojan.
More Information
Troj/Psyme-DO is a downloading Trojan for the Windows platform.
Troj/Psyme-DO may arrive embedded in a file dropped by other malware. It may also be hosted on a wesite and runs when this site is viewed.
Troj/Psyme-DO accesses certain URLs in attempt to download and execute a file on the infected computer.
|
