Discovered: June 6, 1999
Updated: May 1, 2007 10:34:31 AM
Also Known As: I-Worm.ZippedFiles [Kaspersky], Win32/ExploreZip.Worm [Computer Associates], W32/ExploreZip@MM [McAfee]
Type: Worm
Infection Length: 210,432 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Symantec Security Response has provided a small utility named
FixExzip.exe to remove the virus from memory and undo the changes made by the worm. Please click
here to obtain this tool. This is the recommended method for removing this worm.
If you want to remove this worm manually, follow these steps:
- If you are running Windows 95/98:
- Open the Win.ini file in a text editor such as the System Configuration Editor (Sysedit.exe).
- Remove the command C:\Windows\System\Explore.exe or C:\Windows\System\_Setup.exe from the run= line.
- Restart the computer.
- Delete Explore.exe from the C:\Windows\System folder.
- If you are running Windows NT:
- Start the Registry Editor (Regedit.exe).
- Navigate to the following key:
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\
Windows\Run
and remove the entry that refers to "Explore.exe" or _setup.exe."
- Restart the computer, or kill the process using Task Manager or Process View (if the file is currently in use.)
- Delete Explore.exe from the C:\Winnt\System32 folder.
NOTE: For information on file recovery, see the Norton Utilities document
Error: "Cannot open file... if part of a ZIP format backup set..." and the Size of Many Files is Zero.
Writeup By: Eric Chien
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine