Fotos 27/07 Email Virus (hotmail)
This morning I received odd emails from two of my team with the heading Fotos 27/07. This was because they had both got a virus which has spread very quickly. That is because instead of having failed photos it links to an odd website.
I, therefore, went into the office to clean up the computers. There is some information around on the net about this, but it was not clear exactly what is going on so I have written this note.
To clean the computer.
1. Look for a directory c:\winnt_
2. In this directory you should find a number of files including id and various exe files eg winnt1.exe winnt2.exe etc.
3. Start task manager. Look at the processes. Cancel all of the processes whose names exist in the winnt_ directory. (there won't be one for id)
4. Delete all the files in winnt_
5. Remove the directory.
At that point as far as I can tell the virus has been removed. There will, however, be some registry entries that need cleaning up.
On the web there is a recommendation to download and run ccleaner version v2.21.940 or later. I have done this on one machine, but not the other. Both seem OK. I would be careful about ccleaner as it may install the Yahoo toolbar by default. Nothing wrong with Yahoo, but you may not want that.