Do you have a copy of this virus? If so, please submit a sample to CLAMAV.
http://clamav.catt.com/cgi-bin/sendvirus.cgi
regards, Kenneth
Joseph Anthony C. Hermocilla wrote:
Kalat po yan dito sa UPLB.
To remove the worm: 1.) Boot in safe mode (Win 98 or XP) 2.) Run regedit. Regedit won't run under normal mode because the worm closes the window associated with regedit. 3.) Remove registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SYSMON? something. 4.) delete "C:\WINDOWS\SYSTEM\SYSMON32.EXE". I don't remember if its SYSTEM or SYSTEM32. Just check the registry.
I think the worm was made using VB.
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
