Comments
We are not entirely sure
about this trojan because we had it sent to us without a client (if there
is one). Our trojan scanners have identified it as the VBS Xmas Tree trojan,
however we have yet to see any VBS parts of it.
How To Remove
Quick fix: no quick
fix programs
Manual removal: Removal
note: The Xmas Tree trojan makes the win.ini read only and has a lot of
spaces after the run= so it's harder to find.
-
Right click on the win.ini
and choose properties. If read only is checked then uncheck it. Open the
win.ini(Usually
c:\windows\win.ini) and remove the key: run=
c:\windows\uninstallms.exe under [Windows], this can be done with
any text editing program.
-
Remove the Windows
key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and the z key in the registry located at HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU.
Which can be done with regedit or any other registry editing program.
-
Reboot the computer or
close either msdos98.exe
or
uninstallms.exe.
-
Delete the trojan file
uninstallms.exe
in
the windows directory and
msdos98.exe in the c:\.
|
