I already had posted instructions on deleting out this virus on the system. I think I posted it on the ERAIANS Website, which is now inactive, and therefore I lost it. So, I tried to recall the steps, but I am not sure if these steps are applicable in getting rid with this virus.
Here's what you will do:
- Click START (assuming that you are using Windows 95 or up) then RUN. A dialogue box will appear.
- Type on the space provided, regedit, then ENTER. A Registry Window will appear.
- Press CTRL and F simultaneously. A search box will appear.
- On the space provided, type sysmon32.exe then press ENTER.
- If you found a registry entry SYSMON32.EXE click on it and then press DELETE and confirm the deletion if Windows will ask you to confirm it.
- Repeat steps 4 and 5 until such time a dialogue box appears telling you that the string you are searching is NOT FOUND.
- Close the Registry Window and RESTART your system.
The steps above should be done first before deleting the file since, Windows activates immediately the said file during the Boot up. Then, follow the steps below:
- Click on START then SEARCH then FILES AND FOLDERS.
- On the space provided, type sysmon32.exe and then click on SEARCH.
- If the Windows search engine found the said file, it will be posted on the right side of the Window. Highlight them and press DELETE.
Now, the main virus file has been deleted already. So what you will do next is to delete files which are converted by the said virus into a virus file with extensions such as filename.doc.exe, filename.xls.exe, filename.exe.exe, or in other words, infected files are changed to executable files with an extension of EXE.
Oftentimes, infected files are those files which you have tried to open them by double clicking on them. Mostly they are found in My Documents, Desktop and Root Directories.
Search those files and delete them immediately. Do not try to open or activate them, to avoid infection again.
If you have problems in following instructions I have given, plese feel free to tell me by dropping your messages on our TAGBOARD or on our GUESTBOOK.