Important:: 5. To Delete The Value From The Registry
Important:: 5. To Delete The Value From The Registry
To delete the value from the registry Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry. a. Click Start > Run. b. Type regedit c. Click OK. Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal. d. Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
k. In the right pane, reset the following value to its default value if required:
"NoFolderOptions" = "0" or "NoFolderOptions" = "1"
m. In the right pane, reset the following values to their default value if required:
"Hidden" = "0" or "Hidden" = "1" "ShowSuperHidden" = "0" or "ShowSuperHidden" = "1" "HideFileExt" = "0" or "HideFileExt" = "1"
n. Exit the Registry Editor. 6. To delete the scheduled tasks added by the worm Click Start, and then click Control Panel. (In Windows XP, switch to Classic View.) In the Control Panel window, double click Scheduled Tasks. Right click the task icon and select Properties from pop-up menu. The properties of the task is displayed. Delete the task if the contents of the Run text box in the task pane, matches the following: %Windir\Tasks\At1.job