Quote:
Originally Posted by X Blader
well i signed into my messenger this morning and about 30 mins into the convo it started doing it again the pif fil is removed and eveything alone with it and also the virus scan removed it but it is still in please help
well its gone again this time i did nothing with it ill update if it show up tomorrow
regards
|
Today (April 2) I searched the major antivirus vendor's websites, and unfortunately, there's still not much about this W32/IrcWorm-A. If your system is still infected, you can try the following.
Warning: this involves editing the Registry. Be very careful when doing this, because editing the wrong keys could cause your system to malfunction. Do this at your own risk.
- Go to My Received Files in My Documents folder. Delete (Shift + Delete) the Photo Album.zip folder and its contents.
- Go to C:\Windows. Delete the Photo Album.zip folder.
- In C:\Windows\System, find the rdfhost.dll or rdshost.dll files. Delete them.
- Go to Start > Run. Type regedit to open the Registry. Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad rdshost {5344BB88-3DE1-409F-8307-C85923A1F4DD} Delete this key (right-click and click on Delete)
- Navigate to HKCR\CLSID\{5344BB88-3DE1-409F-8307-C85923A1F4DD} Delete this key.
- Reboot your computer.
Check to see whether the problem still exists. Please post back to let me know.