Genealogy Chat

I recieved this , this morning when I turned Comp on Just to let you know;; Virus Alert re; Greeting Cards; Warning I have recieved from NTL this morning;; Name: W32/BANKER.AQS Alias(se): Virus Type: Virus Discovery Date: 2005-06-23 Description: Description: Virus spreads via email and collects passwords for specific banking web sites Filename: lovelycard.exe Filesize: 42,496 bytes Infection: W32/Banker.AQS attempts to download the file “imgma.jpg” from http://ccachorro01.vila.bol then copies that file to C:\WINDOWS\System32\imgrt.scr. W32/Banker.AQS then creates the following registry key that causes the Trojan to be run every time the system is started: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 'dark' Type: REG_SZ Data: C:\WINDOWS\System32\imgrt.scr The Trojan also adds the key: HKEY_CURRENT_USER\dark Then the Trojan attempts to download the file http://www.cartoesmusicais-ibox This file is copied to the system as c:\WINDOWS\system32\keylogf.dll. Detection: ntl Netguard with definition files dated June 23, 2005 or later will detect this Trojan. Removal (Manual Method): 1.) Restart the system in safe-mode. 2.) Delete the files: c:\windows\system32\imgrt.scr c:\windows\system32\keylogf.jpg as well as the original lovelycard.exe file if it still exists. 3.) Edit the registry to remove the added keys. Select the Start menu then select “Run…”. Type “regedit” in the “Open:” space and hit <Return>. Delete entries for: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 'dark' Type: REG_SZ Data: C:\WINDOWS\System32\imgrt.scr and: HKEY_CURRENT_USER\dark 4.) When done, exit the registry editor and restart the system in normal mode. Babs