Subscribe
When launching, the Trojan deletes the following system registry keys:
[HKCR\.doc][HKCR\.txt]
[HKCR\.bat]
[HKCR\.zip]
[HKCR\.exe]
[HKCR\.html]
[HKCR\.vbs]
[HKCR\.dll]
[HKCR\.sys]
[HKCR\.log]
[HKCR\.*]
It then creates the following files in the C: root directory: for the following files:
C:\message.txtC:\virus.html
C:\shut.bat
The Trojan also modifies the following registry key values:
[HKLM\Software]"Ipnuker" = "1"
[HKLM\Hardware]
"Ipnuker" = "1"
It displays the following message:
"ERROR""PLEASE REINSTALL WINDOWS"
The Trojan will shut downWindows.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Revert the system registry key values to their original values:
[HKLM\Software]
"Ipnuker" = "1"
[HKLM\Hardware]
"Ipnuker" = "1" - Delete the following files: C:\message.txt C:\virus.html C:\shut.bat
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan has a malicious payload. It is 2179 bytes in size. It is written in Visual Basic Script.
Payload
Hot Articles