W32.Ganipin
W32.Ganipin is a worm specifically infecting removable drives. W32.Ganipin will create a copy of itself on media drives and opens a backdoor on the compromised computer. It will also create its own registry entries and run as a service under Windows NT system.
Technical Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of W32.Ganipin:
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Malicious Files Added by W32.Ganipin:
%Windir%\system\smss.exe
%DriveLetter%\important.files.exe
%DriveLetter%\autorun.inf
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTService