Pawur, Tasin, Paula, Inzae, Anzae, ...
The same worm under different names. I'm pretty sure non-Spanish readers never heard of it, but this worm is spreading wildly in Spanish spoken countries. This worm in particular deletes all office docs, mp3, image files, source code files such as vbs, c or cpp, ... and resends itself using a built-in smtp server that sends the worm to the infected user's contact list.
You might be wondering why do I talk about it when each day different worms and viruses appear. Some computer users don't care if they are infected or not until the computer crashes and then they only try to recover their files and format the hard disk. The problem comes when these users see their documents deleted or their music folders empty, then they call someone to see if they can recover those files.
Well, I've been messing around with 30 infected computers since past wednesday and as none of the removal tools worked as I wanted and I'm tired of searching the keys in the registry and worm files to manually delete them, I have written a tiny script that locates and deletes the files Pawur creates and deletes them as well as the registry values it adds to the registry.
Download the Pawur removal tool here.
Note: It currently works with the four known versions of the worm (A/D).
The script will only work in WinNT4, Win2K or WinXp machines, you will need the external tool reg.exe from a Windows Reskit te get it run in a Win9x/Me box.
Although the script shouldn't compromise your system in any way I am not responsible of any harm your computer/software could suffer.
Source available on request.
[+]
0 Comments:
Post a Comment
<< Home