| Winkiller.A Trojan
The Winkiller.A
trojan was spread mostly through E-Groups and a few other
discussion lists as a file called X1.exe. The
program once it is executed prevents the
computer from booting again by replacing critical Microsoft Windows
files with its own files and editing the Win.ini file and disabling
it.
After the damage is
done, it displays a "Readme" box with the
following text:
AS YOU MAY NOT
KNOT. YOU ARE INFECTED WITH
X1 VIRUS. YOUR
COMPUTER AND FILES WILL BE
SPARED AS LONG AS YOU
DON'T RESTART YOUR
COMPUTER!! TO OBTAIN A CURE,
SEND A MESSAGE TO
THE FOLLOWING
ADDRESS:
eminemsux11211@hotmail.com
THANK
YOU.
YOUR REQUEST WILL BE ANSWERED
SHORTLY.
What Files are
Replaced or Deleted?
Winkiller replaces the following critical
Windows files with a copy of its file:
\windows\winsock.dll
\windows\win.com
\windows\wininit.exe
\windows\system\dllhost.exe
It also disables the WIN.INI file by adding
comments (;) in front of most commands, and reduces the size of the
file to 1K.
How to Clean/Delete
the Winkiller trojan?
If you noticed that the size of
win.com in your computer is reduced to 1Kb and you detect this
Trojan in your system, please do the following:
(Don't Reboot Your
Computer Before Completing These
Instructions)
- Replace the following
files with a clean ones from a clean
computer
\windows\Winsock.dll
\windows\Win.com
\windows\Wininit.exe
\windows\system\dllhost.exe
- Click START, RUN
Type WIN.INI and
hit the ENTER key.
- Delete all the comments( ; ) at the
start of each line of WIN.INI.
- Save the changes made to win.ini.
Now update your anti-virus
program and scan for the
virus. | 
