Imported from my original Blogspot archive (2007–2010). Posts are preserved as originally written, including language, formatting, and mistakes.
Today, I can see a lot of people have a HEUR/Malware infected, so I will publish some information about this malware and how can clear it.
Information
This malware is a Visual Basic project, made by a user named Fire Angel. The user is using operation system Microsoft Windows XP in Spanish, has registed a site in lycos.es (already deleted).
The malware is copied to "C:\fotos_posse.zip", "C:\server.exe" and "C:\WINDOWS\System32\sp2.exe"
That create 2 key in register:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsSp2How can I clear the virus? (OS in Spanish)
You only need to download this "antimalware": 3Cv2.zip
Or clear it manual:
First, open "Inicio" -> "Ejecutar", type "cmd".
In the "black window" type that:
@ECHO OFF
@ECHO @ECHO OFF > C:\AUTOEXEC.BAT
@ECHO @ECHO CODETRINIS COMPUTER CENTER >> C:\AUTOEXEC.BAT
@ECHO @DEL C:\fotos_posse.zip /F /Q >> C:\AUTOEXEC.BAT
@ECHO @DEL C:\server.exe /F /Q >> C:\AUTOEXEC.BAT
@ECHO @DEL C:\WINDOWS\System32\sp2.exe /F /Q >> C:\AUTOEXEC.BAT
@ECHO @REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskmgr /f >> C:\AUTOEXEC.BAT
@ECHO @REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /va /f >> C:\AUTOEXEC.BAT
@ECHO @DELETE C:\AUTOEXEC.BAT >> C:\AUTOEXEC.BAT
@ECHO @ECHO OFF > C:\3C.BAT
@ECHO @ECHO CODETRINIS COMPUTER CENTER >> C:\3C.BAT
@ECHO @DEL C:\fotos_posse.zip /F /Q >> C:\3C.BAT
@ECHO @DEL C:\server.exe /F /Q >> C:\3C.BAT
@ECHO @DEL C:\WINDOWS\System32\sp2.exe /F /Q >> C:\3C.BAT
@ECHO @REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskmgr /f >> C:\3C.BAT
@ECHO @REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /va /f >> C:\3C.BAT
@ECHO @DELETE C:\3C.BAT >> C:\3C.BAT
@REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 3CProj /d C:\3C.BAT
@ATTRIB C:\3C.BAT +S +HIn finish, restart your computer and all clear.