W32.Imsolk.B@mm
W32.Imsolk.B@mm is a worm that will propagate via removable USB drives and network mapped drives. W32.Imsolk.B@mm also spread by sending itself to an email addresses gathered from the compromised computer. Additionally, instant messaging programs can also automatically send a malicious link to infect a contact found on the lists.
Alias:
W32/Autorun-BHO
W32/VBMania@MM
WORM_MEYLME.B
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
W32.Imsolk.B@mm Removal Tool:
It is highly recommended for this tool to run twice to ensure complete removal of risks from the affected computer.
1. Download the fixtool FixImsolkB.exe and save it to a location on your hard drive.
2. Reboot computer into Safe Mode.
3. Browse where the tool is save and double-click file to begin.
4. Click Start to begin the removal process, and then allow the tool to run and do the scan. When finish scanning it will display a report.
5. Restart Windows in normal mode.
6. Run the removal tool again to make sure that W32.Imsolk.B@mm has removed completely.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Malicious Files Added by W32.Imsolk.B@mm:
%Windir%\csrss.exe
%Windir%\ff.exe
%Windir%\gc.exe
%Windir%\ie.exe
%Windir%\im.exe
%Windir%\op.exe
%Windir%\pspv.exe
%Windir%\rd.exe
%Windir%\tryme1.exe
%Windir%\system\updates.exe
%System%\SendEmail.dll
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.ExE\ Debugger = csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6.bat\ Debugger = csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6fnlpetp.exe\ Debugger = csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6x8be16.cmd\ Debugger = csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2cmd.ExE\ Debugger = csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2free.ExE\ Debugger = csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2service.ExE\Debugger = csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2upd.ExE\Debugger = csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\abk.bat\ Debugger = csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adobe Gamma Loader.exe\ Debugger = csrss.exe