[WAŻNE!!!] uwaga na e-maile ode mnie i maile od Elenia

QUICK LINKS Solution

--------------------------------------------------------------------------------

Virus type: Worm

Destructive: No

Aliases: I-Worm.Dumaru, W32/Dumaru.Y@mm, Win32/ZHymn

Pattern file needed: 738

Scan engine needed: 5.600

Overall risk rating: Low

--------------------------------------------------------------------------------

Reported infections: Low

Damage Potential: High

Distribution Potential: High



--------------------------------------------------------------------------------

Description:



This mass-mailing worm sends copies of itself, using its own Simple Mail Transfer Protocol (SMTP) engine, to addresses found on the affected machine.

The email message that it sends has the following details:

From: Elene ENSUICIDE@hotmail.com>
Subject: Important information for you. Read it immediately !
Message Body:
Hi!
Here is my photo, that you asked for yesterday.
Attachment: myphoto.zip

This malware also has backdoor capabilities. It gathers keystroke and system information, and sends it to the malicious user via email.

It runs on Windows 95, 98, ME, NT, 2000 and XP.

Solution:

AUTOMATIC REMOVAL INSTRUCTIONS

To automatically remove this malware from your system, please use the Trend Micro System Cleaner.

MANUAL REMOVAL INSTRUCTIONS

Identifying the Malware Program

Before proceeding to remove this malware, first identify the malware program.

Scan your system with Trend Micro antivirus and NOTE all files detected as WORM_DUMARU.Y. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

Terminating the Malware Program

This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.

Open Windows Task Manager.
On Windows 95/98/ME systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file or files detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On systems running Windows 95/98/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
load32 = “%System%l32x.exe”
Note: *Where %System% is the Windows system directory, which is usually C:WindowsSystem or C:WINNTSystem32.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.

Removing Other Entries from the Registry

Still in the Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows NT>
CurrentVersion>Winlogon>
In the right panel, locate the entry:
Shell = explorer.exe %System%vxd32v.exe
Change the said entry into the following entry:
Shell = explorer.exe
Close Registry Editor.
Removing Autostart Entries from System Files

Malware autostart entries in system files must be removed before the system can be restarted safely. You will need the name(s) of the file(s) detected earlier.

Open System Configuration Editor. To do this, click Start>Run, type SYSEDIT, then press Enter.
Select the SYSTEM.INI window.
Under the [boot] section, locate and delete the path and filename of the malware file or files from the following lines:
shell=explorer.exe %System%vxd32v.exe
Close System Configuration Editor and click Yes when prompted to save.
Additional Windows ME/XP Cleaning Instructions

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as WORM_DUMARU.Y. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner.

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business or home PC.