has anyone received this virus file? We can not remove it and the only one to report a fix is Trend Micro but the fix they have posted does not work.....any ideas? What we know about it is :
This is a malicious Jscript code that attempts to connect to and then open this Web site:
http:// This malware sleeps for 10 seconds before it attempts to connect to the site. Upon connection, to the Web site, it attempts to open browser Windows with advertisements until the affected computer runs out of memory resources. It also contains script codes to set the Microsoft Internet Explorer menu extension, search page and main page to the following Website:
It creates this registry entry so that the Explorer bar is created by creating the following registry setting and with subentries:
HKEY_CLASSES_ROOT\CLSID{69550BE2-9A78-11d2-BA91-00600827878D}
The malicious code also drops the file SP.REG into your Windows directory and creates the following auto startup registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\Run
“sp=regedit -s %Windir%\sp.reg"
%Windows% is a system variable that expands to your Windows installation directory, e.g., C:\WINDOWS or C:\WINNT.
This is a malicious Jscript code that attempts to connect to and then open this Web site:
http:// This malware sleeps for 10 seconds before it attempts to connect to the site. Upon connection, to the Web site, it attempts to open browser Windows with advertisements until the affected computer runs out of memory resources. It also contains script codes to set the Microsoft Internet Explorer menu extension, search page and main page to the following Website:
It creates this registry entry so that the Explorer bar is created by creating the following registry setting and with subentries:
HKEY_CLASSES_ROOT\CLSID{69550BE2-9A78-11d2-BA91-00600827878D}
The malicious code also drops the file SP.REG into your Windows directory and creates the following auto startup registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\Run
“sp=regedit -s %Windir%\sp.reg"
%Windows% is a system variable that expands to your Windows installation directory, e.g., C:\WINDOWS or C:\WINNT.
The fix that Trend Micro suggest is :
Description:
This malware sets the start page and adds an Explorer bar in the Microsoft Internet Explorer browser. It attempts to open several browsers until the infected computer runs out of memory resources and hangs.
Solution:
Removing Autostart Entries from the Registry
Removing autostart entries from registry prevents the malware from executing during startup. This is also an effective malware process termination procedure.
Removing the CLSID entry from the registry removes the toolbar of this malware from the Microsoft Internet Explorer window.
Open Registry Editor. Click Start>Run, type REGEDIT then hit the enter key.
In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries whose data value is the malware path and filename :
%Windows%\sp.reg
%Windows% is the Windows directory, which is usually C:\Windows or C:\WINNT.
Repeat procedure 2 for the following registry entry and delete the entry including its sub-entries:
HKEY_CLASSES_ROOT\CLSID\{69550BE2-9A78-11d2-BA91-00600827878D}
Resetting Internet Explorer Homepage and Search Page
Close all instances of Internet Explorer.
Open Control Panel. Click Start>Settings>Control Panel
Double click the Internet Explorer icon or the Internet Options label.
In the Internet Properties window, click the Programs tab.
Click the Reset Web Settings… button.
Select Also reset my home page. Click Yes.
Click OK
Any/all help is greatly appreciated!!!!
Thanks,
Cale
This is a malicious Jscript code that attempts to connect to and then open this Web site:
http:// This malware sleeps for 10 seconds before it attempts to connect to the site. Upon connection, to the Web site, it attempts to open browser Windows with advertisements until the affected computer runs out of memory resources. It also contains script codes to set the Microsoft Internet Explorer menu extension, search page and main page to the following Website:
It creates this registry entry so that the Explorer bar is created by creating the following registry setting and with subentries:
HKEY_CLASSES_ROOT\CLSID{69550BE2-9A78-11d2-BA91-00600827878D}
The malicious code also drops the file SP.REG into your Windows directory and creates the following auto startup registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\Run
“sp=regedit -s %Windir%\sp.reg"
%Windows% is a system variable that expands to your Windows installation directory, e.g., C:\WINDOWS or C:\WINNT.
This is a malicious Jscript code that attempts to connect to and then open this Web site:
http:// This malware sleeps for 10 seconds before it attempts to connect to the site. Upon connection, to the Web site, it attempts to open browser Windows with advertisements until the affected computer runs out of memory resources. It also contains script codes to set the Microsoft Internet Explorer menu extension, search page and main page to the following Website:
It creates this registry entry so that the Explorer bar is created by creating the following registry setting and with subentries:
HKEY_CLASSES_ROOT\CLSID{69550BE2-9A78-11d2-BA91-00600827878D}
The malicious code also drops the file SP.REG into your Windows directory and creates the following auto startup registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\Run
“sp=regedit -s %Windir%\sp.reg"
%Windows% is a system variable that expands to your Windows installation directory, e.g., C:\WINDOWS or C:\WINNT.
The fix that Trend Micro suggest is :
Description:
This malware sets the start page and adds an Explorer bar in the Microsoft Internet Explorer browser. It attempts to open several browsers until the infected computer runs out of memory resources and hangs.
Solution:
Removing Autostart Entries from the Registry
Removing autostart entries from registry prevents the malware from executing during startup. This is also an effective malware process termination procedure.
Removing the CLSID entry from the registry removes the toolbar of this malware from the Microsoft Internet Explorer window.
Open Registry Editor. Click Start>Run, type REGEDIT then hit the enter key.
In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries whose data value is the malware path and filename :
%Windows%\sp.reg
%Windows% is the Windows directory, which is usually C:\Windows or C:\WINNT.
Repeat procedure 2 for the following registry entry and delete the entry including its sub-entries:
HKEY_CLASSES_ROOT\CLSID\{69550BE2-9A78-11d2-BA91-00600827878D}
Resetting Internet Explorer Homepage and Search Page
Close all instances of Internet Explorer.
Open Control Panel. Click Start>Settings>Control Panel
Double click the Internet Explorer icon or the Internet Options label.
In the Internet Properties window, click the Programs tab.
Click the Reset Web Settings… button.
Select Also reset my home page. Click Yes.
Click OK
Any/all help is greatly appreciated!!!!
Thanks,
Cale