Removal of Trojan Generic Worm NEERIS.K

Introduction

Virus vulnerabilities has become a major issue in corporates, home, etc… A similar instance happened with me, last working hour at workplace. I was lucky, as I got up with its removal in few of minutes left.

A very common trojan generic cum worm, which drops itself in your hard disk, and runs in silent mode and keeps on spreading by network flooding, eating up memory, hacks data, passwords, contacts etc…

This Virus is actually a memory eating worm, which spreads via Network Shares, Flash Storage Media, Visiting Malicious Websites etc…The technical Details and the Removal Method is mentioned below.

Threat Details

• File Size: 850Kb
• Infects 9x,NT,XP,Vista
• By passing Firewall on TCP 445 port
• It deletes itself after executing
• File Name: folder64.exe, wmisym.exe,sysdrv32.sys

Removal Method

• Boot your computer in Safe Mode, by pressing F8 after the POST Screen (First Screen when you power your machine).
• After booting in Safe Mode, browse to “C:WindowsSystem”, find and permanently delete “WMISYM.exe”. It is a hidden file, make sure you have Set to view hidden files in Folder from Folder options.
• Next, navigate to “C:WindowsSystem32Drivers”, find and permanently delete “SYSDRV32.sys”.
• After deleting the files, open registry editor. (By typing regedit in Run Command Box). Make sure you create a backup before editing registry.
• Navigate to following Keys and Simply Delete them.

# HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWMISYMD

# HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccess

ParametersFirewallPolicyStandardProfileAuthorizedApplicationsList

%Windows%systemwmisym.exe = “%Windows%systemwmisym.exe:*:Microsoft Enabled”

• Now, Exit registry editor and Restart your computer in Normal Mode.

Any query, feedbacks,comments will meet us in appreciation.

Tagged as: tips and tricks, windows