Evo ti reshenje:
Code:
Removing Autostart Entry from the Registry
Removing the autostart entry from the registry prevents the malware from executing at startup.
If the registry entry below is not found, the malware may not have executed as of detection. If so, proceed to the succeeding solution set.
1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
SoundMam = "%System%\SVOHOST.exe"
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP and Server 2003.)
Restoring Modified Entries from the Registry
1. Still in Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>
CurrentVersion>Explorer>Advanced>Folder>Hidden>SHOWALL
2. In the right panel, locate the entry:
CheckedValue = "0"
3. Right-click on the value name and choose Modify. Change the value data to:
1
4. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>
Services>srservice
5. In the right panel, locate the entry:
Start = "dword:00000004"
6. Right-click on the value name and choose Modify. Change the value data to:
2
7. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>
Services>wscsvc
8. In the right panel, locate the entry:
Start = "dword:00000004"
9. Right-click on the value name and choose Modify. Change the value data to:
2
10. Close Registry Editor.
Restoring AUTORUN.INF
1. Open AUTORUN.INF using Notepad on the drive where the malware was detected earlier. Note that this malware drops the said file in all available removable drives.
2. Delete the following lines created by the malware:
open = sxs.exe
shellexecute= sxs.exe
shell\Auto\command=sxs.exe
3. Close AUTORUN.INF and click Yes when prompted to save.
011100010111011101100101011100100111010001111001