||||
Symantec.com > Security Response > Threats and Risks > W32.Pops
PRINT THIS PAGE

W32.Pops - Removal

Printer Friendly Page

Discovered: January 16, 2002
Updated: February 13, 2007 11:38:02 AM
Also Known As: W32.Pops@mm
Type: Worm


To remove the worm, delete files detected as W32.Pops and remove the values that it added to the registry (variant B only).

To remove the worm:
  1. Run LiveUpdate to make sure that you have the most recent virus definitions.
  2. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files.
  3. Run a full system scan.
  4. Delete all files that are detected as W32.Pops.

To edit the registry:

CAUTION: We strongly recommend that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Read the document How to back up the Windows registry for instructions.
  1. Click Start, and click Run. The Run dialog box appears.
  2. Type regedit and then click OK. The Registry Editor opens.
  3. Navigate to the following keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
  4. In the right pane for each key, delete the following value:

    *JanisRuckenbrodII     c:\WINDOWS\janis.com
  5. (Optional) Reset all of the following keys to their original defaults:

    NOTE: These keys and values determine what program opens a particular type of file when the file is double-clicked. This will vary with the programs that you have installed and their settings. If you do not know the settings for each command, you may have to reinstall the software that uses it.

    HKEY_CLASSES_ROOT\scrfile\shell\open\command\
    HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command\
    HKEY_CLASSES_ROOT\VBSFile\Shell\Open2\Command\
    HKEY_CLASSES_ROOT\htmlfile\shell\open\command\
    HKEY_CLASSES_ROOT\htmlfile\shell\opennew\command\
    HKEY_CLASSES_ROOT\http\shell\open\command\
    HKEY_CLASSES_ROOT\mp3file\shell\open\command\
    HKEY_CLASSES_ROOT\MPEGFILE\shell\open\command\
    HKEY_CLASSES_ROOT\JSFile\Shell\Open\Command\
    HKEY_CLASSES_ROOT\JSFile\Shell\Open2\Command\
  6. Click Registry, and click Exit.


Writeup By: Gor Nazaryan
Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS