Discovered: June 6, 2000
Updated: February 13, 2007 11:54:58 AM
Also Known As: I-Worm.Timofonica, VBS/Timofonica, VBS/Timo-A
Type: Worm
You must complete the following steps to manually remove this worm from the computer:
- Search the computer for files named Timofonica.txt, and delete them. The default locations for these files is C:\.
- Search the computer for Cmos.com, and delete it. This file should be in your \Windows\System folder.
- Run Regedit.exe to delete the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Cmos
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Timofonica
- Navigate to the following key:
HKEY_LOCAL_MACHINE\Software\Classes\VBSFile\Shell\Open\Command
- Set the key to the following value:
C:\WINDOWS\WScript.exe "%1" %*
For clarity, the characters are quote, percent sign, numeral one, quote, space, percent sign, asterisk.
- Within Outlook, enable the option to save copies of messages into the Sent folder.
Writeup By: Brian Ewell
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine