Instructions on How to Foil the BotVoice.A Trojan Virus

PandaLabs, a company that provides users with early warnings of new threats, has detected a new virus that makes your computer talk. The virus, called BotVoice.A is a Trojan that accesses the windows text reader to say the following sentences: "You have been infected I repeat you have been infected and your system files have been deleted. Sorry. Have a nice day and bye bye."

The virus will then try and delete the entire hard drive of your computer, or modify the Windows registry so that none of the programs will be able to run, including the important task manager. It even has the ability to protect itself by disabling Windows Registry editor so that its malicious actions would not be detected.

Pandasoftware.com's virus encyclopedia said that the BotVoice.A usually spreads itself through floppy disks, Flash disks, CD-ROMs, email attachments, internet downloads, and P2P file sharing networks.

Since the BotVoice.A Trojan is relatively new, other antivirus software may not detect it since most of them rely on virus signatures of already known virus variants. Ryan Sherstobitoff, Product Technology Officer of Panda Software USA, said that current users of Panda Software with TruPrevent Technology were not infected by the Trojan because TruPrevent uses behavior analysis that can detect malicious code that was previously unknown and not included in updated virus signature files.

If you are infected with the BotVoice.A, Pandasoftware has some instructions over at their site on how to remove the virus. The steps involve having to restore the Windows Registry entries that were modified by BotVoice.A. by making new registry entries using the Notepad and then running it on the infected computer.

First, open the Notepad and copy and paste the following to the Notepad:

REGEDIT 4

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
"%1"%*
[HKEY_CLASSES_ROOT\comfile\shell\open\command]
"%1"%*
[HKEY_CLASSES_ROOT\batfile\shell\open\command]
"%1"%*
[HKEY_CLASSES_ROOT\piffile\shell\open\command]
"%1"%*
[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
%path%\iexplore.exe
[HKEY_CLASSES_ROOT\JSfile\shell\open\command]
%path%\WScript.exe "%1"%*
[HKEY_CLASSES_ROOT\mp3file\shell\open\command]
%path%\wmplayer.exe /Open %L
[HKEY_CLASSES_ROOT\VBSfile\shell\open\command]
%path%\WScript.exe "%1"%*

Take note that %path% is the path of the file. For example, the path for iexplore.exe (Internet Explorer) is usually C:\Program Files\Internet Explorer\iexplore.exe.

Save the Notepad file in any directory but change the extension to ".reg" instead of ".txt". To do this, you need rename your saved file, making sure that "Hide extensions for known file types" is unchecked in the View tab under the folder options in the Tools Menu of the Windows Explorer.

Copy the file to the infected computer and then run it by double clicking the file and then restart the computer. To be sure, just search for the file name using Search in the windows explorer window.

To see the full virus information of BotVoice.A as well as prevention and cure for the virus and even listen to the message of the BoitVoice.A, visit pandasoftware.com.

SOURCE:

Panda Software USA, New Trojan Makes Computers Talk While Wiping out the Hard Drive. PRNewswire.com. URL: (http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=ind_focus.story&STORY=/www/story/07-05-2007/0004620556&EDATE=THU+Jul+05+2007,+12:58+PM)

Virus Encyclopedia - BotVoice.A, Pandasoftware.com. URL: (http://www.pandasoftware.com/com/virus_info/encyclopedia/overview.aspx?idvirus=166596)