Registry Cleaner Geeks

June 28, 2009 9:20:01 AM

Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

When the worm executes, it creates the following copy of itself:
%Windir%\solution.vbs

It then creates the following registry entry so that it run every time Windows
starts:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run\”autoMe” = “wscript.exe %Windir%\solution.vbs”

The worm modifies the following registry entries to change Windows
Explorer and system settings:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\
  CurrentVersion\Explorer\Advanced\”Hidden” = “0″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\
  CurrentVersion\Explorer\Advanced\”HideFileExt” = “0″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\
  CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “0″
• HKEY_CURRENT_USER\Software\Microsoft\Windows
  \CurrentVersion\Policies\Explorer\”NoFolderOptions” = “0″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\
  CurrentVersion\Policies\Explorer\”NoDriveTypeAutoRun” = “0×80″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\
  CurrentVersion\Policies\System\”DisableRegistryTools” = “0″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\
  CurrentVersion\Policies\System\”DisableTaskMgr” = “0″

It then copies itself to all drives except drive A. It uses the following
file name:
%DriveLetter%\solution.vbs

It also copies the following file so that it runs when the above drives

are accessed:
%DriveLetter%\Autorun.inf

FREE SCAN:

Please click here for manual removal instructions.