Discovered: June 13, 2002
Updated: February 13, 2007 11:39:18 AM
Also Known As: W32/Perrun-A, PE_PERRUN.A, Win32.Perrun, W32/Perrun, Perrun, W32/Perrun.A
Type: Virus
Systems Affected: Windows 2000, Windows 3.x, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Update the virus definitions and run a full system scan.
- Repair files that are detected as W32.Perrun, and delete files that are detected as W32.Perrun.dr
- Restore the (Default) value of the registry key
HKEY_LOCAL_MACHINE\Software\Classes\jpegfile\shell\open\command
or
HKEY_LOCAL_MACHINE\Software\Classes\txtfile\shell\open\command
For details on how to do this, read the following instructions.
To scan with Norton AntiVirus and repair or delete the infected files:
- Obtain the most recent virus definitions. There are two ways to do this:
- Run LiveUpdate, which is the easiest way to obtain virus definitions. These virus definitions have undergone full quality assurance testing by Symantec Security Response and are posted to the LiveUpdate servers one time each week (usually Wednesdays) unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, look at the Virus Definitions (LiveUpdate) line at the top of this write-up.
- Download the definitions using the Intelligent Updater. Intelligent Updater virus definitions have undergone full quality assurance testing by Symantec Security Response. They are posted on U.S. business days (Monday through Friday). They must be downloaded from the Symantec Security Response Web site and installed manually. To determine whether definitions for this threat are available by the Intelligent Updater, look at the Virus Definitions (Intelligent Updater) line at the top of this write-up.
Intelligent Updater virus definitions are available here. For detailed instructions on how to download and install the Intelligent Updater virus definitions from the Symantec Security Response Web site, click here.
- Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files.
- Run a full system scan.
- If NAV detects any files as infected by W32.Perrun, click Repair.
- If NAV detects any files as infected by W32.Perrun.dr, click Delete.
To restore the value to the registry:
CAUTION: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Read the document
How to make a backup of the Windows registry for instructions.
- Click Start, and click Run. The Run dialog box appears.
- Type regedit and then click OK. The Registry Editor opens.
- Depending on the variant, navigate to one of the following keys:
(If you are not sure of the variant, check both keys.)
HKEY_LOCAL_MACHINE\Software\Classes\jpegfile\shell\open\command
or
HKEY_LOCAL_MACHINE\Software\Classes\txtfile\shell\open\command
- In the right pane, double-click
(Default)
The Edit String dialog box opens.
- Delete the contents of the Value Data box, and replace it with the following:
- For the jpegfile\shell\open\command key:
"C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
NOTE: This is the default setting for a standard installation that uses Internet Explorer as the program with which .jpg files are opened. If you have changed this--for example, you use another program to view or edit files of this type, you should make the appropriate substitution.
- For the txtfile\shell\open\command key:
This varies with the operating system. You may need to look at that same key on a working computer with the same operating system and configuration to determine this. Two common values are:
- Windows 98: C:\Windows\Notepad.exe %
- Windows 2000: %SystemRoot%\system32\NOTEPAD.EXE %1
- Click Registry, and click Exit.
Writeup By: Douglas Knowles
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine