Help - Search - Members
Full Version: IM-Worm.Win32.Sohanad.t changes winxp policy
Kaspersky Lab Forum > English User Forum > Virus-related issues
conslider
my friends notebook was infected with the virus IM-Worm.Win32.Sohanad.t . Kaspersky antivirus has managed to remove the virus. Also from the registry i have removed all the SVICHOSSST.exe entry from the registry , but now his winxp folder option has been modified(see attached image).When i duble click a folder , it opens the search window or when i double click at mapped drive .. it askes me which application i want to open the mapped drive with. how can i solve this problem? it would be helpfull if you could point me to the right resources to troubleshoot this matter.thankyou.





Lucian Bara
delete the subkeys of this key in the registry and reboot: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

this should take care of the autorun problem

have you restored task manager, run, folder options & command prompt, that worm should also disable those
conslider
QUOTE(lucianbara @ 3.04.2007 17:09)
delete the subkeys of this key in the registry and reboot: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

this should take care of the autorun problem

have you restored task manager, run, folder options & command prompt, that worm should also disable those
*


yes , i have tried to delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 and it works , but if i create the mapped drive again , the entry will be there again. thats why i need to find the source and delete them. yes i have enable the registry , run , command prompt and folder option. is there any other way to solve this?
Lucian Bara
can you post a hijackthis log to see if it isn't something else causing this?

download hjt: http://www.merijn.org/files/HiJackThis_v2.exe
save it somewhere and run it, press scan, press save log and copy & paste the log here.
hoangly85
Thankyou very much!
Cam on ban nhieu nha biggrin.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.