Removing jaymyka worm
Today is Gat Andres Bonifacio’s day. No work, no pressure, so I took the advantage of going to my aunt’s workplace to remove the so-called Jaymyka worm. All the computers were infected.
Worm: Jaymyka
Threat Level: Low
Target Victims: Users viewing adult sites (Geez! Who did that in the office?)
Description:
It creates an autorun.inf file per drive with the following contents,
[autorun] open=jay.exe ;shell\open=Open(&O) shell\open\Command=jay.exe shell\open\Default=1 ;shell\explore=Manager(&X) shell\explore\Command=jay.exe
The autorun.inf file is paired with jay.exe. The jay.exe file handles the annoying duplication of files and some resource-hogging tasks leading to DoS attack. If this worm is able to infect the target device successfully, it attaches a file named mveo.exe at startup. This mveo.exe is responsible for the worm’s capability of regeneration.
[Diagnosis]
1. Kill mveo.exe and jay.exe
TASKKILL /F /IM mveo.exe /IM jay.exe
2. Delete all files named jay.exe and mveo.exe
3. Remove mveo.exe in msconfig’s startup tab
4. Clean the registry of entries containing jay.exe, jaymyka, mveo.exe
5. Reboot
Christmas is near! It’s been a while since I blogged. Nothing special.
hi pls help me to remove jaymyka.wen9.com to my toolsbar i dont know how to remove it pls pls pls,,,,
Comment by walupski — December 11, 2007 @ 11:57 pm
The fix is already stated under Diagnosis section.
Comment by eradicus — December 12, 2007 @ 10:37 am
the Freeware Noob.Killer by Leerz can handle JAYMYKA.
http://images.ocxt.multiply.com/image/1/photos/upload/300×300/R61DUwoKCCgAAAQUyQY1/nooblatest.jpg?et=QpT0NaOsEWay4SSRAyjjMQ&nmid=
#Update Feb 09 2008 [Noob.Killer 3.5.215]
Added Jaymyka.wen9.com Fix
you can get Noob.Killer here:
http://leerz25.sitesled.com/
http://convergenceforums.net/e107_plugins/forum/forum_viewtopic.php?11735
http://ocxt.multiply.com/journal/item/125
cheers and good luck.
Comment by Presler — February 13, 2008 @ 12:40 am