<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
hittade den här infon:
W32/Lentin.F@mm is a mass-mailing worm that arrives as an email with a randomly chosen subject and message body. The attachment will have a .bat, .pif, or .scr file extension. Possible message bodies include:
Ur My Best Friend!!
No Configuration is availabile Now
Config
madd
U r so cute today #!#!
True Love never ends
I like U very Much!!!
The worm will save a file with a random 4 character filename to the hard drive with the following text strings:
iNDian sNakes pResents yAha.e
iNDian hACkers, Vxers cOme & wORk wITh uS & f!@# tHE GFORCE-pAK sites
by
sNAkeeYes, cOBra
W32/Lentin.F@mm will use its own SMTP engine to send a copy of itself to all the email addresses it has collected. It will also try to disable many antivirus packages and personal firewalls.
Detection:
Command Antivirus version 4.58.3 with definition files dated 06/21/02 will detect this worm.
Manual Removal Instructions:
Because W32/Lentin.F@mm will interfere with the launching of an .exe file, you have to copy regedit.exe to regedit.com before launching it. Be sure to make a backup of the registry before attempting to make any edits.
Shutdown and restart the computer in safe mode.
Run Regedit.com and modify the following key:
HKEY_CLASSES_ROOT\exefile\shell\open\command
This value should be changed to "%1" %*
Empty the recycle bin.
Shutdown and restart the computer.
Empty the recycle bin again.
Run CSAV and delete all infected files.
http://kickass.at/pungbuffel<img src="http://www.linkoping.bonet.se/pungbuffel/scrotum.gif" border=0>
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>
Tackar!
Jag ska ta och kolla upp det närmare.
