[StBernard] Windows Spyware Threat

Westley Annis westley at da-parish.com
Thu Jul 5 21:06:41 EDT 2007


There is a new spyware being reported that disguises itself as the Microsoft
Windows Activation interface.

A window will appear saying that someone else has registered your copy of
Windows and that Microsoft needs your contact information along with your
credit card number to validate you have a real copy of Windows.

Asking for the credit card info is the number one sign that this is a fake.
Microsoft will never ask for your credit card information through the
Windows operating system.

If you are running Windows 95/98/ME/2000, the Windows Activation Interface
was not included with those versions of Windows, which is another sign that
you have been infected.

Finally, the screen will appear after a reboot. If you've had your machine
for more than 30 days, that is another sign that you have been infected.

You can boot up into Windows Safe mode and follow these instruction to rid
yourself of this Trojan:

1) Click Start > Run.
2) Type regedit
3) Click OK.
4) Navigate to and delete the following subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\soft2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
\DisableTaskMgr
HKEY_CURRENT_USER\Software\sft\c

5) Exit the Registry Editor and reboot normally.

Westley




More information about the StBernard mailing list