Discovered: May 8, 2000
Updated: February 13, 2007 11:56:25 AM
Also Known As: W32.Mypics.Worm
Type: Worm
To remove this worm:
- End the Pictures.exe task by pressing Ctrl+Alt+Delete once. In the list, select "Pictures" and then click End Task.
- Remove the following registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices= C:\Pictures.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Windows\RunServices= C:\Pictures.exe
- Check whether the Autoexec.bat file has been modified (this will only occur if the computer's system clock is set to year 2000). If so, delete Autoexec.bat and restore an original copy from backup.
- Check whether the Cbios.com file exists (this file will only exist if the computers system clock is set to year 2000). If so, delete the Cbios.com file.
- In the root of C:, look for the Picture.exe file and delete it.
- The worm alters the home page in the Microsoft Internet Explorer browser. You will need to restore the original home page.
Writeup By: Edric Ta
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine