What
is Winkiller.A Trojan Virus?
The Winkiller.A
trojan was spread mostly through E-Groups and a
few other discussion lists as a file called X1.exe. The program once it is executed prevents
the computer from booting again by replacing
critical Microsoft Windows files with its own
files and editing the Win.ini file and disabling
it.
After the damage is
done, it displays a "Readme" box with
the following text:
AS
YOU MAY NOT KNOT. YOU ARE INFECTED WITH
X1 VIRUS. YOUR COMPUTER AND FILES WILL BE
SPARED AS LONG AS YOU DON'T RESTART YOUR
COMPUTER!! TO OBTAIN A CURE, SEND A
MESSAGE TO
THE FOLLOWING ADDRESS:
eminemsux11211@hotmail.com
THANK
YOU.
YOUR REQUEST WILL BE ANSWERED SHORTLY.
Winkiller replaces
the following critical Windows files with a copy
of its file:
\windows\winsock.dll
\windows\win.com
\windows\wininit.exe
\windows\system\dllhost.exe
It also disables
the WIN.INI file by adding comments (;) in front
of most commands, and reduces the size of the
file to 1K.
How
to Remove the Winkiller trojan?
If you noticed that
the size of win.com in your computer is reduced
to 1Kb and you detect this Trojan in your system,
please do the following:
(Don't
Reboot Your Computer Before Completing These
Instructions)
- Replace the
following files with a clean ones from a clean
computer
\windows\Winsock.dll
\windows\Win.com
\windows\Wininit.exe
\windows\system\dllhost.exe
- Click START, RUN
Type WIN.INI and hit the ENTER key.
- Delete all the
comments( ; ) at the start of each line of WIN.INI.
- Save the changes
made to win.ini.
Now update
your anti-virus program and scan for the
virus. If you do not know which anti-virus
software can provide strong protection for you, Kaspersky Internet Security is recommended.
Detection and Removal Instructions for Trojans
| 
(If you can not see the issued comment, please enable your browser to support javascript and refresh this page.)