Hey everyone,
A new worm has again shown how incredibly terrible M$'s software is...
If you run Windows, I suggest you press ctrl-alt-del and look at what programs are running. If you see "taskmon.exe", you're infected... I'm posting this because I've never had a virus before, but this is exceptionally virulent because you don't have to execute anything. I don't really know how it infects your computer, but I recieved an email with a zip attachment, and through mysterious (unintentional, of course
) backdoors in Microsoft's operating systems, the innocuous data file somehow executed itself.
Can this interfere with Dominions II? Yes. It used 60% of my CPU cycles when I watched it. And it also shut down my net access, so if you're reading this, it probably won't help you
Disinfection procedure:
Hmmm. First, terminate "taskmon.exe". Then, maybe, try following these more official instructions...
code:
Terminating the Malware Program
This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.
Open Windows Task Manager.
On Windows 95/98/ME systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file or files detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the Version of Windows on your system.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On systems running Windows 95/98/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing the Backdoor DLL File
To be able to remove the DLL file, you need to terminate the EXPLORER.EXE process first.
Click Start>Run. Type COMMAND and press Enter.
Terminate EXPLORER.EXE.
On Windows NT/2000/XP
Open Windows Task Manager. Press CTRL+SHIFT+ESC and click the Processes tab.
In the list of running programs, select EXPLORER.EXE.
Right-click EXPLORER.EXE and click End Process Tree.
On Windows 9x/ME
Download and install a third-party process viewer like Process Explorer.
Run process viewer.
In the list of running programs, select and terminate the process EXPLORER.EXE.
Close the process viewer.
Switch to the command prompt. Hold the ALT key then continue pressing TAB until you arrive at the command prompt window.
Enter the following on the command prompt:
del %System%\shimgapi.dll
Restart the EXPLORER.EXE process by entering EXPLORER.EXE on the command prompt.
Close command prompt.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
TaskMon = %System%\taskmon.exe
Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 95, 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP.
Removing Other Malware Entries from the Registry
Still in Registry Editor, in the left panel, double click the following:
HKEY_CLASSES_ROOT>CLSID>{E6FB5E20-DE35-11CF-9C87-00AA005127ED}>
InProcServer32
In the right panel, locate and delete the entry:
(Default) = “%System%\shimgapi.dll”
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Good luck...
Taskmon worm
Linear Mode
