Saturday, March 1, 2008

Removing quick info virus

To delete the value from the registryImportant: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document:
-----------------------------------------
Click Start > Run.
Type regedit
Click OK

-----------------------------------------
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the values:


"Task Manager" = "%Windir%\svchost.exe""Yahoo Messenger" = "%Windir%\system\svchost32.exe"

Navigate to the subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane, delete the value:"NoRun" = "1"
Navigate to the subkey:HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
In the right pane, delete the value:"Homepage" = "1"
Navigate to the subkey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
In the right pane, restore the original values:"DisableTaskMgr" = "1""DisableRegistryTools" = "1"
Navigate to the subkey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
In the right pane, restore the following entry to its previous value:"Start Page" = "[http://]quicknews.info"
Navigate to the subkeys:HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzzHKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast
In the right pane, delete the value:"content url" = "[http://]quicknews.info"
Exit the Registry Editor.

Writeup By: Kazumasa Itabashi