W32.Music.E.Worm - Removal

To remove W32.Music.E.Worm:

• Remove the registry entries made by the worm.
• Delete the file added by the worm.
• Run a full system scan and delete any infected files.

To edit the registry:

CAUTION: We strongly recommend that you back up the system registry before making any changes to it. Incorrect changes to the registry may result in permanent data loss or corrupted files. Be sure to modify the specified keys only. See the document How to back up the Windows registry before proceeding.

1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to and select the following subkey:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MCM
   
4. Press Delete, and then click Yes to confirm.
5. Navigate to and select the following subkey:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\ CurrentVersion\Run
   
6. In the right pane, select the following value:
   
   SysDrv c:\windows\system\sysmcm.exe
   
7. Press Delete, and then click Yes to confirm.
8. Exit the Registry Editor.

To delete the file:

1. Click Start, point to Find, and click Files or Folders.
2. Make sure that "Look in" is set to (C:) and that Include subfolders is checked.
3. In the Named box, type the following and then click Find Now:
   
   sysmcm.exe
   
4. Windows will find the file and display it in the lower pane of the Find dialog box. It should be located in the \Windows\System folder.
5. Select the file, press Delete, and then click Yes to confirm.
6. Close the Find Files window.
7. Right-click the Recycle Bin icon on your desktop, and click Empty Recycle Bin.

To scan for infected files:

1. Start Norton AntiVirus (NAV), and then run a full system scan. Unless you are using NAV 2001, make sure that NAV is set to scan all files.
2. Delete any files that are detected as infected with W32.Music.E.Worm.

Technical Details