|
|
Detect and remove hidden rootkits using
UnHackMe
RegRun Security Suite = 24 system utilities for protecting your computer. Try now! |
 ACTIVEDS.EXE - Dangerous
This memory-resident worm a member of the OPASERV family of worms, spreads via shared network drives. Its destructive payloads are executed when the system date is between December 24 to 31 or when the year is greater than 2002. This worm deletes files, overwrites the boot sector and destroys the CMOS. It also modifies the registry and the configuration file, WIN.INI, so that it automatically executes every Windows startup. It uses a known exploit that enables malicious users to access shared drives, as discussed in a security bulletin from Microsoft. Removing autostart entries from the registry prevents the malware from executing during startup: HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run IASHLPR="%Windows%\IASHLPR.EXE" FONTVIEW="%Windows%\FONTVIEW.EXE" MPREXE="%Windows%\MPREXE.EXE" Scr="%System\scr.scr" BIOS1="%Windows%\BIOS1.EXE" HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run, Winsrv=%Windows%\winsrv.exe CLICONFG="%Windows%\CLICONFG.EXE" HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>RunServices LoadManager="%Windows%\msload.exe" ACTIVEDS="%Windows%\ACTIVEDS.EXE" Use RegRun to automatically remove these registry items. Removal: ACTIVEDS.EXE is removed by RegRun.
Read more... Removal instructions...
Recommended software: RegRun Security Suite - removal and protection. http://www.regrun.com RegRun Reanimator - free removal tool. greatis.com/reanimator
What is hidden in MSDN? Why software developers prefer Win32.FreeTechSecrets.com? All Unix Manuals in Alphabetical Order C# controls for .NET in 3 simple steps. Constantly updated. Last update: June 30 2008
Interesting information about Vista programs... Need consultation? Would you like to add your opinion?
|
|
