Jim:
I went to the Data Fellows site
http://www.europe.f-secure.com/v-descs/hacktack.shtml
and they said that this virus is a backdoor into your system.
<<<snip>>>
Removal:
The following registry key has to be removed first:
'[HKLM]\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Configuration
Wizard'
After rebooting the system the backdoor will not be loaded so it
can be deleted easily and safely.
'[Windows_directory]\CfgWiz.32.exe' is the backdoor program that
can be deleted after the registry has
been fixed.
F-Secure Anti-Virus with the latest updates can detect this
backdoor.
[F-Secure Corp.; September 04, 2001]
<<<snip>>>
I checked my system and I have this exe file. However the find
function of the registry editor (regedit.exe) did not find the
registry key
'[HKLM]\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Configuration
Wizard'
or '[HKLM]\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
as given in the removal directions above. I tried the seach with
and without the single quotes and adding or removing the spaces
in 'CurrentVersion' and 'Configuration Wizard'.
So, instead of deleting the file just in case it is needed, I
renamed it using XXX at the beginning. I do this with many files
that I think might be not needed on my system. After a while if
I have no trouble, I delete all of these files that begin with XX
or XXX.
I don't know how this file came to be on my system as I've never
opened any unknown attachments. The wierd thing is that this exe
file is also on my standby system which has only been used for
email a few times and that was over five months ago.
Blake
///
/// mgs@autox.team.net mailing list
/// or try http://www.team.net/cgi-bin/majorcool
///
|