Step 4To enable Registry Editor, Task Manager, and Folder options:. Open Notepad. To restore the registry value this malware/grayware modified:. Open Registry Editor. Click StartRun, type REGEDIT in the text box provided, and then press Enter. In the left panel, double-click the following:HKEYLOCALMACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon. In the right panel, locate the registry value:Shell = 'Explorer.exe regsvr.exe'.

• Worm.im.sohanad Removal Tool Download

Right-click on the value name and choose Modify. Change the value data of this entry to:Shell = Explorer.exe. Close Registry Editor.

Discovered: August 11, 2003 Updated: July 21, 2006 12:00:00 AM Type: Removal InformationThis tool is designed to remove the infections of:W32.Blaster.WormW32.Blaster.B.WormW32.Blaster.C.WormW32.Blaster.D.WormW32.Blaster.E.WormW32.Blaster.F.WormImportant:W32.Blaster.Worm exploits the DCOM RPC vulnerability. This is described in, and a patch is available there. You must download and install the patch. In many cases, you will need to do this before continuing with the removal instructions. If you are not able to remove the infection or prevent re-infection using the following instructions, first download and install the patch.Additional information, and an alternate site from which to download the Microsoft patch is available in the Microsoft article 'What You Should Know About the Blaster Worm and Its Variants.'

Because of the way the worm works, it may be difficult to connect to the Internet to obtain the patch, definitions, or removal tool before the worm shuts down the computer. Personal trainer workout template excel. It has been reported that, for users of Windows XP, activating the Windows XP firewall may allow you to download and install the patch, obtain virus definitions, and run the removal tool. This may also work with other firewalls, although this has not been confirmed.Important:. If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet. Disable or password-protect file sharing, or set the shared files to Read Only, before reconnecting the computers to the network or to the Internet. Because this worm spreads by using shared folders on networked computers, to ensure that the worm does not reinfect the computer after it has been removed, Symantec suggests sharing with Read Only access or by using password protection.For instructions on how to do this, refer to your Windows documentation, or the document:.

Worm.im.sohanad Removal Tool Download

If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only. This tool is not designed to run on Novell NetWare servers. To remove this threat from a NetWare server, first make sure that you have the current virus definitions, and then run a full system scan with the Symantec antivirus product.How to download and run the toolImportant:You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.Note for network administrators:If you are running MS Exchange 2000 Server, we recommend that you exclude the M drive from the scan by running the tool from a command line, with the Exclude switch. For more information, read the Microsoft knowledge base article:(Article 298924).Follow these steps to download and run the tool:. Download the FixBlast.exe file from:.

Save the file to a convenient location, such as your Windows desktop. Optional: To check the authenticity of the digital signature, refer to the 'Digital signature' section later in this writeup.Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the 'Digital signature' section before proceeding with step 4.

Close all the running programs. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet. If you are running Windows Me or XP, turn off System Restore.