"What do you think of this picure? i feel i look ugly :/"
Followed by a attachment in zip format "myphotos2007.zip"
With no suspect, i unzip the file and click on it (file name: DSC515607.jpg-www.pictureland.com). Nothing happen and after a while, MSN messenger windows keep on appear and disappear, i know something is not right. Quickly logoff.
First thing i do is scan with nortan antivirus but found nothing. I try to go to other antivirus website like trendmicro, Kaspersky and etc but fail (A login required). I know this is infected by the computer virus (worm). (I'm able to go to download a trio version of bitDefender 10, trust me, this antivirus no use - take hours for installation and hours for uninstall and yet fail to uninstall)
Solution:
- Turn Off System Restore
- Restart in Safe Mode
- Go to windows directory, delete delete myphotos2007.zip. (%Windows%\myphotos2007.zip)
- Go to windows directory, System32 delete newsystem25.dll (%System%\newsystem25.dll)
- Go to user profile, delete new.txt. 9%UserProfile%\new.txt)
- Go to run regedit
- Delete [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"prodigy1"="{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}"
- Delete [HKEY_CLASSES_ROOT\CLSID\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}\InProcServer32]@="newsystem25.dll"
Done! Back to normal but bitDefender 10 leave me serious trouble as i'm not able to uninstall it althought i dont want to use it.
Virus name:
Backdoor.Win32.IRCBot.ex (Kaspersky Lab) is also known as: W32.Esbot.B (Symantec), BackDoor.IRC.Sdbot.126 (Doctor Web), Win32.Worm.EsBot.B (SOFTWIN), Worm.ESBot.B (ClamAV), Bck/IRCbot.KG (Panda), Win32/IRCBot.OO (Eset)
2 comments:
I got this virus today. But I didnt accept the file, since its from someone unknown to me.
I wouldnt open files received people I dont know.
You are lucky. I got the file from my friend.
Post a Comment