• Avira: TR/VB.Agent.49152
• Sophos: Mal/VBWorm-C
• Bitdefender: Trojan.VB.NMY
• Panda: W32/Whybo.I
• Eset: Win32/VB.EL

There has always been danger with opening removable disks directly. These days any USB drive has a virus and you don't ever feel safe opening them with the open option. These drives have become a few of the mostly used propagation techniques of a virus to get into the target's system. The virus which we're discussing here is another Backdoor Trojan which is recognized by most of the antiviruses. Like most of the viruses, this one was also created to run on the older Windows platforms like 2000, XP and 2003. It doesn't do much damage by itself but is very good at downloading malicious programs like most of its types. It may create copies of itself in the several drives of the computer along with an autorun. This way, whenever the user double-clicks on the drive, the Trojan launches a new process with its name. Its name can actually fool several people to think that it is a Windows process. This way, it escapes the attention of many users. Though it is a very small piece of code written in Visual Basic, it can actually create a lot of damage such as stealing cookies or passwords from your computer. So this Trojan must be removed as soon as possible to avoid damage to your system. Follow the instructions below:

Manual instructions to remove fun.xls.exe/msime82.exe:

  1. Start the system in the Safe Mode so that no executables can be launched other than the registered Microsoft programs such as explorer.exe, Services.exe, etc. Click here if you're finding problems with starting up in Safe Mode.
  2. The problem with this Trojan is that it creates autoruns in all the drives of the hard-disk which makes the deletion process quite long. But we're not going to give up. This is as simple as throwing a baby into a well. So lets begin by going to the Start --> Run. Type CMD which will launch the Command Prompt. Navigate to the respective drives using the cd command. If you're not familiar with the command line, type cd\ after it opens and you'll end up in the C: drive. Delete the files "autorun.inf" and "fun.xls.exe" from the drive using the command del filename.exe.Navigate from one drive to the other by typing the drive letter followed by the return key in the command prompt. Delete these files from all the drives of your computer.
  3. Also delete the file "C:\WINDOWS\ufdata2000.log". This one maintains the log of various downloaded files. 
  4. Now that all the associated files are deleted, its time to undo the changes done by the Trojan to the registry. Go to Start ---> Run and type "regedit" to open the registry editing tool. Navigate to the following location


    Delete the values

    • "MsServer"="msfun80.exe"

    • "IMJPMIG8.2"="msime82.exe"

    This way, you're deleting all the files that are assigned by the virus to launch at the Startup.
  5.  Sit back and relax. You've successfully deleted the Trojan and next time, better be careful while opening those USB drives.

Posts that might help you here:
Enabling Safe Mode booting, enabling the Registry, Enable Windows Task manager , Enable Hidden files and folders option and enabling the Command Prompt.
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme