Hi to all
I will remove this Thread of one of my customer
i was make a Script to load in Windows Logon
i will make a little aplication to remove this Application Automatically
Reading the Technical Specification of this Thread i make a conclution to resolve the issue
1.Patch Windows with a KB958644
2.Stop and Disable the Service called “SERVER” to eliminate the propagation
3.Run Boot Scan and delete all infected files
4.Add Registry Value on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
DWORD Value :AutoShareWks = 0
5.put Server service in Automatic and Start
continue with the Next PC on your organization the pc will not infect with this thread again
in the Step 4 is very importart to avoid propagation again to the Cleaned PC , u Disable a ADMIN$ share
if u need back this resource only remove AutoShareWks value and restart your computer (BUT PLEASE CHECK ALL COMPUTERS IS CLEAN)
sorry for my bad english
