Ads X97M.Dropo Friday, 25 March 2005 X97M.Dropo is a Microsoft Excel macro virus that drops two Trojan horse applications and infects all worksheets. Type: Macro Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP When X97M.Dropo is executed, it performs the following actions: Copies itself as norma1.xlm in the Excel startup folder. This will ensure that the virus will be executed every time Microsoft Excel is started. Adds the value: "WinUpdsv" = "winupdsv.exe" to the registry subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun so that the extracted Trojan runs next time Windows starts. Creates the following temporary file: C:COMS.sys Extracts two Trojans from the Excel document: %System%winupdsv.exe %System%sfcea.exe (corrupted does not execute) Note: %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP). To delete the value from the registry Click Start > Run. Type regedit Then click OK. Navigate to the subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun In the right pane, delete the value: "WinUpdsv" = "winupdsv.exe" Exit the Registry Editor.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.