Updated: February 13, 2007 11:46:02 AM
Type: Virus, Macro
To remove this virus:
- Run LiveUpdate to make sure that you have the most recent virus definitions.
- Start Norton AntiVirus (NAV), and then run a full system scan, making sure that NAV is set to scan all files.
- If any files are detected as infected by W97M.Marker, choose Repair.
- (Optional). This macro virus uses a temporary text file, C:\Netldx.vxd while executing its payload routine, and the file HSFxxxx.sys (where xxxx is a randomly-generated number) while executing its infection routine. You can delete these text files if desired, although leaving them will no do any damage.
- (Optional) Delete the LogFile value from the registry key:
HKEY_CURRENT_USER\Software\Microsoft\
MS Setup (ACME)\User Info
NOTE: Leaving it there will not cause any harm. In fact, if it's already set to TRUE, it will prevent the uploading of the user information (name and address).
Writeup By: Jennifer Hirons
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine