Twisted advice

CISRT issued an advisory about an IM worm. This is a typical worm that you avoid quite simply by not opening attachments in IM, especially when they claim to be Paris Hilton Videos. There is nothing particularly interesting about the worm, but there is something interesting about the write up at http://www.cisrt.org/enblog/read.php?128.

 

CISRT gives instructions on how to manually remove the worm. I’ll quote a short part of the instructions…

 

————————————————————————————————————
Step 1.
"Start"->"Run", type "REGEDIT", open the reistry editor.

Step 2.
Go to
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad

delete "printers"="{CLSID}" in right panel

please copy the {CLSID} before deleting it

Step 3.
————————————————————————————————————

 

Hmmm, perhaps the part about copying the {CLSID} should go before the instructions to delete.

You know those phone messages where they say some menu items have changed so listen to the whole selection?

This is a case where it is wise to read all of the instructions before starting! Of course, if you are that wise you probably didn’t need the instructions anyway :)

 

Randy Abrams

Director of Technical Education

Author ESET Research, ESET

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.