Worm.Win32.RussoTuristo

Detect Date 11/04/2006
Class Worm
Platform Win32
Description
  1. Use Task Manager to terminate the “service.exe” process.
  2. Delete the original worm file and all copies of the worm:
    %WinDir%Cursorsservices.exe
  3. Delete the following parameters from the system registry (see What is a system registry and how do I use it for details on how to edit the registry).
    [HKCUSoftwareMicrosoftWindowsCurrentVersionRun]       
    
    
    
    "Service" = "%WinDir%Cursorsservices.exe" 
  4. Revert the following registry key values:
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced]
    
    
    
    "ShowSuperHidden" = "dword:0x00000000"
    
    
    
    "HideFileExt" = "dword:0x00000001"
    
    
    
    "Hidden" = "dword:0x00000000"
    
    
    
    

    to

    [HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced]
    
    
    
    "ShowSuperHidden" = "dword:0x0000000"
    
    
    
    "HideFileExt" = "dword:0x00000000"
    
    
    
    "Hidden" = "dword:0x00000001"
    
    
    
    
    [HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
    
    
    
    "NoFolderOptions" = "dword:0x00000001"

    to

    [HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
    
    
    
    "NoFolderOptions" = "dword:0x00000000"
    
    
    
    
    [HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    
    
    
    "DisableCMD" = "dword:0x00000001"
    
    
    
    "DisableRegistryTools" = "dword:0x00000001"

    to

    [HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    
    
    
    "DisableCMD" = "dword:0x00000000"
    
    
    
    "DisableRegistryTools" = "dword:0x00000000"
    
    
    
     
  5. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).