W32.Neeris
W32.Neeris is a worm that spreads through MSN instant messaging applications. It also opens a back door on the compromised computer.
The following steps should remove W32.Neeris worm from your computer:
1. Disable System Restore (Windows Me/XP). You can enable again later.
2. Update the your anti-virus definitions.
3. Reboot computer in safe mode (press the f8 key on boot up)
4. Run a full system anti-virus scan and delete all infected files.
5. Delete these values in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Windows Lsass Services" = "%Windir%\system\lsass.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\"MSNPRC" = "<PATH TO WORM EXECUTABLE>"
Replace the keys changed by the w32.neeris:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"Default"= ":*:Enabled:Windows Sharing"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\"WaitToKillServiceTimeout" = "7000"
6. Quit the registry editor and restart your computer.
7. Carry out a full anti-virus scan. You may also wish to consider performing a spyware scan too.