After yesterdays attempt to create and spread a new worm that uses MSN Messenger as the delivery point, the site spreading it was removed and domain is now just displaying a bunch of ads. So, for those who still haven’t removed it, here is a way which TheSteve has kindly written:
The executable file extracts 3 files in to windows\system32\(random dir):
csrss.exe
smss.exe
csrss.ini
All of which have system and hidden attributes set. Task Manager will not kill either exe, so get a copy of Process Explorer at sysinternals.com. Make sure not to kill the actual system processes!
It’s great to see it was able to be removed in a timely manner and is now no longer a threat.
0 Responses to “Worm stopped in its tracks”
Leave a Reply