Today read theLiewCF weblog with title Warning :Do not accept “imageXX.zip”from your MSN friends.The MSN messenger /Window live messenger has been inflected will sent out zip file like photo_albumxx.zip,photoxx.zip,albumxx.zip,imagexx.zip (xx is a random digit) to your MSN friends,if you click and run these file,the virus will install into computer.Before that i also suffering from this kind of virus,including reinstall and install again the MSN messenger,format my laktop,use google to find method to ‘kill’ these virus.
Here are some method that i found can delete these virus,
Manually delete the virus in registry
1. Click ‘START’—>’RUN’ ,then key in ‘regedit’ and press ‘ENTER’,
2. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad,find a subtitle call ‘syshosts’ record that value,example ‘8D4C2FB9 -6DF1-46EA-B6A0-6403640115D6’
3. Delete the subtitle ‘syshosts’
4. Open HKEY_CLASSES_ROOT\CLSID,find the syshosts value,example ‘8D4C2FB9 -6DF1-46EA-B6A0-6403640115D6’
5.Delete that value and restart the computer.
Delete Virus File
1,Click’My computer’,select ‘Tool’ then click ‘Folder Option’
2.Select ‘View’ option,then click ‘shows hidden file and folder’ and uncheck ‘hide protected operating system file’
3.Log into C: \Windows,find the ‘photoxx.zip’,’imagexx.zip’,’albumxx.zip’.then delete all.
4.Log into C:\Windows\system32,find a ‘syshosts.dll’ file,then delete it. 5.Restart the computer again.
After manual delete the virus,download a software from Lofocus.
These software is chinese version,called 木马清除大师-“MSN照片”蠕虫专杀工具,only ‘kill’ MSN virus only.
Hope can help all of you.