Category: Viruses and Spyware Protection available since:23 Oct 2001 00:00:00 (GMT)
Type: Win32 executable file virus Last Updated:12 Jun 2003 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed


  • W32.Toal.A@mm
  • W95/Toal

Affected Operating Systems


Recovery Instructions:

Please follow the instructions for disinfecting pe viruses.

Make a note of the names and locations of the files you delete.

Editing system.ini

At the taskbar, click Start|Run and type Sysedit. Bring System.ini to the front. In the 'shell=' line in the [Boot] section, search for any references to the files you deleted. Delete only that reference, not any other text.

Reboot your computer.

Replacing files

You may need to replace system files that were damaged by the virus. You should obtain clean copies from backups or original media.

Installing the patch

Microsoft has issued a patch which secures against the incorrect MIME header vulnerability and the IFRAME vulnerability. This can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS01-027.asp.
(This patch fixes a number of vulnerabilities in Microsoft's software, including the ones exploited by this worm.)

Removing sharing

You may also wish to remove sharing of the C: drive. To do this edit the following registry entry. At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:


and remove the reference to BinLaden.

Close the registry editor.

download Try Sophos products for free
Download now